Example 1 with RestSecurityBean
use of org.olat.restapi.security.RestSecurityBean in project OpenOLAT by OpenOLAT.
the class RESTDispatcher method execute.
@Override
public void execute(HttpServletRequest request, HttpServletResponse response) {
//
// create a ContextEntries String which can be used to create a BusinessControl -> move to
//
String uriPrefix = DispatcherModule.getLegacyUriPrefix(request);
final String origUri = request.getRequestURI();
String encodedRestPart = origUri.substring(uriPrefix.length());
String restPart = encodedRestPart;
try {
restPart = URLDecoder.decode(encodedRestPart, "UTF8");
} catch (UnsupportedEncodingException e) {
log.error("Unsupported encoding", e);
}
String[] split = restPart.split("/");
if (split.length % 2 != 0) {
// assert(split.length % 2 == 0);
// The URL is not a valid business path
DispatcherModule.sendBadRequest(origUri, response);
log.warn("URL is not valid: " + restPart);
return;
}
String businessPath = BusinessControlFactory.getInstance().formatFromSplittedURI(split);
if (log.isDebug()) {
log.debug("REQUEST URI: " + origUri);
log.debug("REQUEST PREFIX " + restPart);
log.debug("calc buspath " + businessPath);
}
// check if the businesspath is valid
try {
BusinessControl bc = BusinessControlFactory.getInstance().createFromString(businessPath);
if (!bc.hasContextEntry()) {
// The URL is not a valid business path
DispatcherModule.sendBadRequest(origUri, response);
return;
}
} catch (Exception e) {
DispatcherModule.sendBadRequest(origUri, response);
log.warn("Error with business path: " + origUri, e);
return;
}
//
// create the olat ureq and get an associated main window to spawn the "tab"
//
UserSession usess = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSession(request);
if (usess != null) {
ThreadLocalUserActivityLoggerInstaller.initUserActivityLogger(request);
}
UserRequest ureq = null;
try {
// upon creation URL is checked for
ureq = new UserRequestImpl(uriPrefix, request, response);
} catch (NumberFormatException nfe) {
// a 404 message must be shown -> e.g. robots correct their links.
if (log.isDebug()) {
log.debug("Bad Request " + request.getPathInfo());
}
DispatcherModule.sendBadRequest(request.getPathInfo(), response);
return;
}
// XX:GUIInterna.setLoadPerformanceMode(ureq);
// Do auto-authenticate if url contains a X-OLAT-TOKEN Single-Sign-On REST-Token
String xOlatToken = ureq.getParameter(RestSecurityHelper.SEC_TOKEN);
if (xOlatToken != null) {
// Lookup identity that is associated with this token
RestSecurityBean securityBean = (RestSecurityBean) CoreSpringFactory.getBean(RestSecurityBean.class);
Identity restIdentity = securityBean.getIdentity(xOlatToken);
//
if (log.isDebug()) {
if (restIdentity == null)
log.debug("Found SSO token " + RestSecurityHelper.SEC_TOKEN + " in url, but token is not bound to an identity");
else
log.debug("Found SSO token " + RestSecurityHelper.SEC_TOKEN + " in url which is bound to identity::" + restIdentity.getName());
}
//
if (restIdentity != null) {
// after the REST dispatcher finishes. No need to change it here.
if (!usess.isAuthenticated() || !restIdentity.equalsByPersistableKey(usess.getIdentity())) {
// Re-authenticate user session for this user and start a fresh
// standard OLAT session
int loginStatus = AuthHelper.doLogin(restIdentity, RestSecurityHelper.SEC_TOKEN, ureq);
if (loginStatus == AuthHelper.LOGIN_OK) {
// fxdiff: FXOLAT-268 update last login date and register active user
UserDeletionManager.getInstance().setIdentityAsActiv(restIdentity);
} else {
// error, redirect to login screen
DispatcherModule.redirectToDefaultDispatcher(response);
}
} else if (Windows.getWindows(usess).getChiefController() == null) {
// Session is already available, but no main window (Head-less REST
// session). Only create the base chief controller and the window
Window currentWindow = AuthHelper.createAuthHome(ureq).getWindow();
// the user is authenticated successfully with a security token, we can set the authenticated path
currentWindow.setUriPrefix(WebappHelper.getServletContextPath() + DispatcherModule.PATH_AUTHENTICATED);
Windows ws = Windows.getWindows(ureq);
ws.registerWindow(currentWindow);
// no need to call setIdentityAsActive as this was already done by RestApiLoginFilter...
}
}
}
boolean auth = usess.isAuthenticated();
if (auth) {
if (Windows.getWindows(usess).getChiefController() == null) {
// Session is already available, but no main window (Head-less REST
// session). Only create the base chief controller and the window
setBusinessPathInUserSession(usess, businessPath, ureq.getParameter(WINDOW_SETTINGS));
AuthHelper.createAuthHome(ureq);
String url = getRedirectToURL(usess) + ";jsessionid=" + usess.getSessionInfo().getSession().getId();
DispatcherModule.redirectTo(response, url);
} else {
// redirect to the authenticated dispatcher which support REST url
String url = WebappHelper.getServletContextPath() + DispatcherModule.PATH_AUTHENTICATED + encodedRestPart;
DispatcherModule.redirectTo(response, url);
}
} else {
// prepare for redirect
LoginModule loginModule = CoreSpringFactory.getImpl(LoginModule.class);
setBusinessPathInUserSession(usess, businessPath, ureq.getParameter(WINDOW_SETTINGS));
String invitationAccess = ureq.getParameter(AuthenticatedDispatcher.INVITATION);
if (invitationAccess != null && loginModule.isInvitationEnabled()) {
// try to log in as anonymous
// use the language from the lang paramter if available, otherwhise use the system default locale
Locale guestLoc = getLang(ureq);
int loginStatus = AuthHelper.doInvitationLogin(invitationAccess, ureq, guestLoc);
if (loginStatus == AuthHelper.LOGIN_OK) {
Identity invite = usess.getIdentity();
// fxdiff: FXOLAT-268 update last login date and register active user
UserDeletionManager.getInstance().setIdentityAsActiv(invite);
// logged in as invited user, continue
String url = getRedirectToURL(usess);
DispatcherModule.redirectTo(response, url);
} else if (loginStatus == AuthHelper.LOGIN_NOTAVAILABLE) {
DispatcherModule.redirectToServiceNotAvailable(response);
} else {
// error, redirect to login screen
DispatcherModule.redirectToDefaultDispatcher(response);
}
} else {
String guestAccess = ureq.getParameter(AuthenticatedDispatcher.GUEST);
if (guestAccess == null || !loginModule.isGuestLoginLinksEnabled()) {
DispatcherModule.redirectToDefaultDispatcher(response);
return;
} else if (guestAccess.equals(AuthenticatedDispatcher.TRUE)) {
// try to log in as anonymous
// use the language from the lang paramter if available, otherwhise use the system default locale
Locale guestLoc = getLang(ureq);
int loginStatus = AuthHelper.doAnonymousLogin(ureq, guestLoc);
if (loginStatus == AuthHelper.LOGIN_OK) {
// logged in as anonymous user, continue
String url = getRedirectToURL(usess);
DispatcherModule.redirectTo(response, url);
} else if (loginStatus == AuthHelper.LOGIN_NOTAVAILABLE) {
DispatcherModule.redirectToServiceNotAvailable(response);
} else {
// error, redirect to login screen
DispatcherModule.redirectToDefaultDispatcher(response);
}
}
}
}
}
Also used :
Window(org.olat.core.gui.components.Window)
Locale(java.util.Locale)
BusinessControl(org.olat.core.id.context.BusinessControl)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
LoginModule(org.olat.login.LoginModule)
Windows(org.olat.core.gui.Windows)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
UserSessionManager(org.olat.core.util.session.UserSessionManager)
UserSession(org.olat.core.util.UserSession)
Identity(org.olat.core.id.Identity)
UserRequest(org.olat.core.gui.UserRequest)
UserRequestImpl(org.olat.core.gui.UserRequestImpl)
RestSecurityBean(org.olat.restapi.security.RestSecurityBean)
Example 2 with RestSecurityBean
use of org.olat.restapi.security.RestSecurityBean in project openolat by klemens.
the class RESTDispatcher method execute.
@Override
public void execute(HttpServletRequest request, HttpServletResponse response) {
//
// create a ContextEntries String which can be used to create a BusinessControl -> move to
//
String uriPrefix = DispatcherModule.getLegacyUriPrefix(request);
final String origUri = request.getRequestURI();
String encodedRestPart = origUri.substring(uriPrefix.length());
String restPart = encodedRestPart;
try {
restPart = URLDecoder.decode(encodedRestPart, "UTF8");
} catch (UnsupportedEncodingException e) {
log.error("Unsupported encoding", e);
}
String[] split = restPart.split("/");
if (split.length % 2 != 0) {
// assert(split.length % 2 == 0);
// The URL is not a valid business path
DispatcherModule.sendBadRequest(origUri, response);
log.warn("URL is not valid: " + restPart);
return;
}
String businessPath = BusinessControlFactory.getInstance().formatFromSplittedURI(split);
if (log.isDebug()) {
log.debug("REQUEST URI: " + origUri);
log.debug("REQUEST PREFIX " + restPart);
log.debug("calc buspath " + businessPath);
}
// check if the businesspath is valid
try {
BusinessControl bc = BusinessControlFactory.getInstance().createFromString(businessPath);
if (!bc.hasContextEntry()) {
// The URL is not a valid business path
DispatcherModule.sendBadRequest(origUri, response);
return;
}
} catch (Exception e) {
DispatcherModule.sendBadRequest(origUri, response);
log.warn("Error with business path: " + origUri, e);
return;
}
//
// create the olat ureq and get an associated main window to spawn the "tab"
//
UserSession usess = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSession(request);
if (usess != null) {
ThreadLocalUserActivityLoggerInstaller.initUserActivityLogger(request);
}
UserRequest ureq = null;
try {
// upon creation URL is checked for
ureq = new UserRequestImpl(uriPrefix, request, response);
} catch (NumberFormatException nfe) {
// a 404 message must be shown -> e.g. robots correct their links.
if (log.isDebug()) {
log.debug("Bad Request " + request.getPathInfo());
}
DispatcherModule.sendBadRequest(request.getPathInfo(), response);
return;
}
// XX:GUIInterna.setLoadPerformanceMode(ureq);
// Do auto-authenticate if url contains a X-OLAT-TOKEN Single-Sign-On REST-Token
String xOlatToken = ureq.getParameter(RestSecurityHelper.SEC_TOKEN);
if (xOlatToken != null) {
// Lookup identity that is associated with this token
RestSecurityBean securityBean = (RestSecurityBean) CoreSpringFactory.getBean(RestSecurityBean.class);
Identity restIdentity = securityBean.getIdentity(xOlatToken);
//
if (log.isDebug()) {
if (restIdentity == null)
log.debug("Found SSO token " + RestSecurityHelper.SEC_TOKEN + " in url, but token is not bound to an identity");
else
log.debug("Found SSO token " + RestSecurityHelper.SEC_TOKEN + " in url which is bound to identity::" + restIdentity.getName());
}
//
if (restIdentity != null) {
// after the REST dispatcher finishes. No need to change it here.
if (!usess.isAuthenticated() || !restIdentity.equalsByPersistableKey(usess.getIdentity())) {
// Re-authenticate user session for this user and start a fresh
// standard OLAT session
int loginStatus = AuthHelper.doLogin(restIdentity, RestSecurityHelper.SEC_TOKEN, ureq);
if (loginStatus == AuthHelper.LOGIN_OK) {
// fxdiff: FXOLAT-268 update last login date and register active user
UserDeletionManager.getInstance().setIdentityAsActiv(restIdentity);
} else {
// error, redirect to login screen
DispatcherModule.redirectToDefaultDispatcher(response);
}
} else if (Windows.getWindows(usess).getChiefController() == null) {
// Session is already available, but no main window (Head-less REST
// session). Only create the base chief controller and the window
Window currentWindow = AuthHelper.createAuthHome(ureq).getWindow();
// the user is authenticated successfully with a security token, we can set the authenticated path
currentWindow.setUriPrefix(WebappHelper.getServletContextPath() + DispatcherModule.PATH_AUTHENTICATED);
Windows ws = Windows.getWindows(ureq);
ws.registerWindow(currentWindow);
// no need to call setIdentityAsActive as this was already done by RestApiLoginFilter...
}
}
}
boolean auth = usess.isAuthenticated();
if (auth) {
if (Windows.getWindows(usess).getChiefController() == null) {
// Session is already available, but no main window (Head-less REST
// session). Only create the base chief controller and the window
setBusinessPathInUserSession(usess, businessPath, ureq.getParameter(WINDOW_SETTINGS));
AuthHelper.createAuthHome(ureq);
String url = getRedirectToURL(usess) + ";jsessionid=" + usess.getSessionInfo().getSession().getId();
DispatcherModule.redirectTo(response, url);
} else {
// redirect to the authenticated dispatcher which support REST url
String url = WebappHelper.getServletContextPath() + DispatcherModule.PATH_AUTHENTICATED + encodedRestPart;
DispatcherModule.redirectTo(response, url);
}
} else {
// prepare for redirect
LoginModule loginModule = CoreSpringFactory.getImpl(LoginModule.class);
setBusinessPathInUserSession(usess, businessPath, ureq.getParameter(WINDOW_SETTINGS));
String invitationAccess = ureq.getParameter(AuthenticatedDispatcher.INVITATION);
if (invitationAccess != null && loginModule.isInvitationEnabled()) {
// try to log in as anonymous
// use the language from the lang paramter if available, otherwhise use the system default locale
Locale guestLoc = getLang(ureq);
int loginStatus = AuthHelper.doInvitationLogin(invitationAccess, ureq, guestLoc);
if (loginStatus == AuthHelper.LOGIN_OK) {
Identity invite = usess.getIdentity();
// fxdiff: FXOLAT-268 update last login date and register active user
UserDeletionManager.getInstance().setIdentityAsActiv(invite);
// logged in as invited user, continue
String url = getRedirectToURL(usess);
DispatcherModule.redirectTo(response, url);
} else if (loginStatus == AuthHelper.LOGIN_NOTAVAILABLE) {
DispatcherModule.redirectToServiceNotAvailable(response);
} else {
// error, redirect to login screen
DispatcherModule.redirectToDefaultDispatcher(response);
}
} else {
String guestAccess = ureq.getParameter(AuthenticatedDispatcher.GUEST);
if (guestAccess == null || !loginModule.isGuestLoginLinksEnabled()) {
DispatcherModule.redirectToDefaultDispatcher(response);
return;
} else if (guestAccess.equals(AuthenticatedDispatcher.TRUE)) {
// try to log in as anonymous
// use the language from the lang paramter if available, otherwhise use the system default locale
Locale guestLoc = getLang(ureq);
int loginStatus = AuthHelper.doAnonymousLogin(ureq, guestLoc);
if (loginStatus == AuthHelper.LOGIN_OK) {
// logged in as anonymous user, continue
String url = getRedirectToURL(usess);
DispatcherModule.redirectTo(response, url);
} else if (loginStatus == AuthHelper.LOGIN_NOTAVAILABLE) {
DispatcherModule.redirectToServiceNotAvailable(response);
} else {
// error, redirect to login screen
DispatcherModule.redirectToDefaultDispatcher(response);
}
}
}
}
}
Also used :
Window(org.olat.core.gui.components.Window)
Locale(java.util.Locale)
BusinessControl(org.olat.core.id.context.BusinessControl)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
LoginModule(org.olat.login.LoginModule)
Windows(org.olat.core.gui.Windows)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
UserSessionManager(org.olat.core.util.session.UserSessionManager)
UserSession(org.olat.core.util.UserSession)
Identity(org.olat.core.id.Identity)
UserRequest(org.olat.core.gui.UserRequest)
UserRequestImpl(org.olat.core.gui.UserRequestImpl)
RestSecurityBean(org.olat.restapi.security.RestSecurityBean)
Aggregations
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
Locale (java.util.Locale)2
UserRequest (org.olat.core.gui.UserRequest)2
UserRequestImpl (org.olat.core.gui.UserRequestImpl)2
Windows (org.olat.core.gui.Windows)2
Window (org.olat.core.gui.components.Window)2
Identity (org.olat.core.id.Identity)2
BusinessControl (org.olat.core.id.context.BusinessControl)2
UserSession (org.olat.core.util.UserSession)2
UserSessionManager (org.olat.core.util.session.UserSessionManager)2
LoginModule (org.olat.login.LoginModule)2
RestSecurityBean (org.olat.restapi.security.RestSecurityBean)2
