Search in sources :

Example 1 with RestSecurityBean

use of org.olat.restapi.security.RestSecurityBean in project OpenOLAT by OpenOLAT.

the class RESTDispatcher method execute.

@Override
public void execute(HttpServletRequest request, HttpServletResponse response) {
    // 
    // create a ContextEntries String which can be used to create a BusinessControl -> move to
    // 
    String uriPrefix = DispatcherModule.getLegacyUriPrefix(request);
    final String origUri = request.getRequestURI();
    String encodedRestPart = origUri.substring(uriPrefix.length());
    String restPart = encodedRestPart;
    try {
        restPart = URLDecoder.decode(encodedRestPart, "UTF8");
    } catch (UnsupportedEncodingException e) {
        log.error("Unsupported encoding", e);
    }
    String[] split = restPart.split("/");
    if (split.length % 2 != 0) {
        // assert(split.length % 2 == 0);
        // The URL is not a valid business path
        DispatcherModule.sendBadRequest(origUri, response);
        log.warn("URL is not valid: " + restPart);
        return;
    }
    String businessPath = BusinessControlFactory.getInstance().formatFromSplittedURI(split);
    if (log.isDebug()) {
        log.debug("REQUEST URI: " + origUri);
        log.debug("REQUEST PREFIX " + restPart);
        log.debug("calc buspath " + businessPath);
    }
    // check if the businesspath is valid
    try {
        BusinessControl bc = BusinessControlFactory.getInstance().createFromString(businessPath);
        if (!bc.hasContextEntry()) {
            // The URL is not a valid business path
            DispatcherModule.sendBadRequest(origUri, response);
            return;
        }
    } catch (Exception e) {
        DispatcherModule.sendBadRequest(origUri, response);
        log.warn("Error with business path: " + origUri, e);
        return;
    }
    // 
    // create the olat ureq and get an associated main window to spawn the "tab"
    // 
    UserSession usess = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSession(request);
    if (usess != null) {
        ThreadLocalUserActivityLoggerInstaller.initUserActivityLogger(request);
    }
    UserRequest ureq = null;
    try {
        // upon creation URL is checked for
        ureq = new UserRequestImpl(uriPrefix, request, response);
    } catch (NumberFormatException nfe) {
        // a 404 message must be shown -> e.g. robots correct their links.
        if (log.isDebug()) {
            log.debug("Bad Request " + request.getPathInfo());
        }
        DispatcherModule.sendBadRequest(request.getPathInfo(), response);
        return;
    }
    // XX:GUIInterna.setLoadPerformanceMode(ureq);
    // Do auto-authenticate if url contains a X-OLAT-TOKEN Single-Sign-On REST-Token
    String xOlatToken = ureq.getParameter(RestSecurityHelper.SEC_TOKEN);
    if (xOlatToken != null) {
        // Lookup identity that is associated with this token
        RestSecurityBean securityBean = (RestSecurityBean) CoreSpringFactory.getBean(RestSecurityBean.class);
        Identity restIdentity = securityBean.getIdentity(xOlatToken);
        // 
        if (log.isDebug()) {
            if (restIdentity == null)
                log.debug("Found SSO token " + RestSecurityHelper.SEC_TOKEN + " in url, but token is not bound to an identity");
            else
                log.debug("Found SSO token " + RestSecurityHelper.SEC_TOKEN + " in url which is bound to identity::" + restIdentity.getName());
        }
        // 
        if (restIdentity != null) {
            // after the REST dispatcher finishes. No need to change it here.
            if (!usess.isAuthenticated() || !restIdentity.equalsByPersistableKey(usess.getIdentity())) {
                // Re-authenticate user session for this user and start a fresh
                // standard OLAT session
                int loginStatus = AuthHelper.doLogin(restIdentity, RestSecurityHelper.SEC_TOKEN, ureq);
                if (loginStatus == AuthHelper.LOGIN_OK) {
                    // fxdiff: FXOLAT-268 update last login date and register active user
                    UserDeletionManager.getInstance().setIdentityAsActiv(restIdentity);
                } else {
                    // error, redirect to login screen
                    DispatcherModule.redirectToDefaultDispatcher(response);
                }
            } else if (Windows.getWindows(usess).getChiefController() == null) {
                // Session is already available, but no main window (Head-less REST
                // session). Only create the base chief controller and the window
                Window currentWindow = AuthHelper.createAuthHome(ureq).getWindow();
                // the user is authenticated successfully with a security token, we can set the authenticated path
                currentWindow.setUriPrefix(WebappHelper.getServletContextPath() + DispatcherModule.PATH_AUTHENTICATED);
                Windows ws = Windows.getWindows(ureq);
                ws.registerWindow(currentWindow);
            // no need to call setIdentityAsActive as this was already done by RestApiLoginFilter...
            }
        }
    }
    boolean auth = usess.isAuthenticated();
    if (auth) {
        if (Windows.getWindows(usess).getChiefController() == null) {
            // Session is already available, but no main window (Head-less REST
            // session). Only create the base chief controller and the window
            setBusinessPathInUserSession(usess, businessPath, ureq.getParameter(WINDOW_SETTINGS));
            AuthHelper.createAuthHome(ureq);
            String url = getRedirectToURL(usess) + ";jsessionid=" + usess.getSessionInfo().getSession().getId();
            DispatcherModule.redirectTo(response, url);
        } else {
            // redirect to the authenticated dispatcher which support REST url
            String url = WebappHelper.getServletContextPath() + DispatcherModule.PATH_AUTHENTICATED + encodedRestPart;
            DispatcherModule.redirectTo(response, url);
        }
    } else {
        // prepare for redirect
        LoginModule loginModule = CoreSpringFactory.getImpl(LoginModule.class);
        setBusinessPathInUserSession(usess, businessPath, ureq.getParameter(WINDOW_SETTINGS));
        String invitationAccess = ureq.getParameter(AuthenticatedDispatcher.INVITATION);
        if (invitationAccess != null && loginModule.isInvitationEnabled()) {
            // try to log in as anonymous
            // use the language from the lang paramter if available, otherwhise use the system default locale
            Locale guestLoc = getLang(ureq);
            int loginStatus = AuthHelper.doInvitationLogin(invitationAccess, ureq, guestLoc);
            if (loginStatus == AuthHelper.LOGIN_OK) {
                Identity invite = usess.getIdentity();
                // fxdiff: FXOLAT-268 update last login date and register active user
                UserDeletionManager.getInstance().setIdentityAsActiv(invite);
                // logged in as invited user, continue
                String url = getRedirectToURL(usess);
                DispatcherModule.redirectTo(response, url);
            } else if (loginStatus == AuthHelper.LOGIN_NOTAVAILABLE) {
                DispatcherModule.redirectToServiceNotAvailable(response);
            } else {
                // error, redirect to login screen
                DispatcherModule.redirectToDefaultDispatcher(response);
            }
        } else {
            String guestAccess = ureq.getParameter(AuthenticatedDispatcher.GUEST);
            if (guestAccess == null || !loginModule.isGuestLoginLinksEnabled()) {
                DispatcherModule.redirectToDefaultDispatcher(response);
                return;
            } else if (guestAccess.equals(AuthenticatedDispatcher.TRUE)) {
                // try to log in as anonymous
                // use the language from the lang paramter if available, otherwhise use the system default locale
                Locale guestLoc = getLang(ureq);
                int loginStatus = AuthHelper.doAnonymousLogin(ureq, guestLoc);
                if (loginStatus == AuthHelper.LOGIN_OK) {
                    // logged in as anonymous user, continue
                    String url = getRedirectToURL(usess);
                    DispatcherModule.redirectTo(response, url);
                } else if (loginStatus == AuthHelper.LOGIN_NOTAVAILABLE) {
                    DispatcherModule.redirectToServiceNotAvailable(response);
                } else {
                    // error, redirect to login screen
                    DispatcherModule.redirectToDefaultDispatcher(response);
                }
            }
        }
    }
}
Also used : Window(org.olat.core.gui.components.Window) Locale(java.util.Locale) BusinessControl(org.olat.core.id.context.BusinessControl) UnsupportedEncodingException(java.io.UnsupportedEncodingException) LoginModule(org.olat.login.LoginModule) Windows(org.olat.core.gui.Windows) UnsupportedEncodingException(java.io.UnsupportedEncodingException) UserSessionManager(org.olat.core.util.session.UserSessionManager) UserSession(org.olat.core.util.UserSession) Identity(org.olat.core.id.Identity) UserRequest(org.olat.core.gui.UserRequest) UserRequestImpl(org.olat.core.gui.UserRequestImpl) RestSecurityBean(org.olat.restapi.security.RestSecurityBean)

Example 2 with RestSecurityBean

use of org.olat.restapi.security.RestSecurityBean in project openolat by klemens.

the class RESTDispatcher method execute.

@Override
public void execute(HttpServletRequest request, HttpServletResponse response) {
    // 
    // create a ContextEntries String which can be used to create a BusinessControl -> move to
    // 
    String uriPrefix = DispatcherModule.getLegacyUriPrefix(request);
    final String origUri = request.getRequestURI();
    String encodedRestPart = origUri.substring(uriPrefix.length());
    String restPart = encodedRestPart;
    try {
        restPart = URLDecoder.decode(encodedRestPart, "UTF8");
    } catch (UnsupportedEncodingException e) {
        log.error("Unsupported encoding", e);
    }
    String[] split = restPart.split("/");
    if (split.length % 2 != 0) {
        // assert(split.length % 2 == 0);
        // The URL is not a valid business path
        DispatcherModule.sendBadRequest(origUri, response);
        log.warn("URL is not valid: " + restPart);
        return;
    }
    String businessPath = BusinessControlFactory.getInstance().formatFromSplittedURI(split);
    if (log.isDebug()) {
        log.debug("REQUEST URI: " + origUri);
        log.debug("REQUEST PREFIX " + restPart);
        log.debug("calc buspath " + businessPath);
    }
    // check if the businesspath is valid
    try {
        BusinessControl bc = BusinessControlFactory.getInstance().createFromString(businessPath);
        if (!bc.hasContextEntry()) {
            // The URL is not a valid business path
            DispatcherModule.sendBadRequest(origUri, response);
            return;
        }
    } catch (Exception e) {
        DispatcherModule.sendBadRequest(origUri, response);
        log.warn("Error with business path: " + origUri, e);
        return;
    }
    // 
    // create the olat ureq and get an associated main window to spawn the "tab"
    // 
    UserSession usess = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSession(request);
    if (usess != null) {
        ThreadLocalUserActivityLoggerInstaller.initUserActivityLogger(request);
    }
    UserRequest ureq = null;
    try {
        // upon creation URL is checked for
        ureq = new UserRequestImpl(uriPrefix, request, response);
    } catch (NumberFormatException nfe) {
        // a 404 message must be shown -> e.g. robots correct their links.
        if (log.isDebug()) {
            log.debug("Bad Request " + request.getPathInfo());
        }
        DispatcherModule.sendBadRequest(request.getPathInfo(), response);
        return;
    }
    // XX:GUIInterna.setLoadPerformanceMode(ureq);
    // Do auto-authenticate if url contains a X-OLAT-TOKEN Single-Sign-On REST-Token
    String xOlatToken = ureq.getParameter(RestSecurityHelper.SEC_TOKEN);
    if (xOlatToken != null) {
        // Lookup identity that is associated with this token
        RestSecurityBean securityBean = (RestSecurityBean) CoreSpringFactory.getBean(RestSecurityBean.class);
        Identity restIdentity = securityBean.getIdentity(xOlatToken);
        // 
        if (log.isDebug()) {
            if (restIdentity == null)
                log.debug("Found SSO token " + RestSecurityHelper.SEC_TOKEN + " in url, but token is not bound to an identity");
            else
                log.debug("Found SSO token " + RestSecurityHelper.SEC_TOKEN + " in url which is bound to identity::" + restIdentity.getName());
        }
        // 
        if (restIdentity != null) {
            // after the REST dispatcher finishes. No need to change it here.
            if (!usess.isAuthenticated() || !restIdentity.equalsByPersistableKey(usess.getIdentity())) {
                // Re-authenticate user session for this user and start a fresh
                // standard OLAT session
                int loginStatus = AuthHelper.doLogin(restIdentity, RestSecurityHelper.SEC_TOKEN, ureq);
                if (loginStatus == AuthHelper.LOGIN_OK) {
                    // fxdiff: FXOLAT-268 update last login date and register active user
                    UserDeletionManager.getInstance().setIdentityAsActiv(restIdentity);
                } else {
                    // error, redirect to login screen
                    DispatcherModule.redirectToDefaultDispatcher(response);
                }
            } else if (Windows.getWindows(usess).getChiefController() == null) {
                // Session is already available, but no main window (Head-less REST
                // session). Only create the base chief controller and the window
                Window currentWindow = AuthHelper.createAuthHome(ureq).getWindow();
                // the user is authenticated successfully with a security token, we can set the authenticated path
                currentWindow.setUriPrefix(WebappHelper.getServletContextPath() + DispatcherModule.PATH_AUTHENTICATED);
                Windows ws = Windows.getWindows(ureq);
                ws.registerWindow(currentWindow);
            // no need to call setIdentityAsActive as this was already done by RestApiLoginFilter...
            }
        }
    }
    boolean auth = usess.isAuthenticated();
    if (auth) {
        if (Windows.getWindows(usess).getChiefController() == null) {
            // Session is already available, but no main window (Head-less REST
            // session). Only create the base chief controller and the window
            setBusinessPathInUserSession(usess, businessPath, ureq.getParameter(WINDOW_SETTINGS));
            AuthHelper.createAuthHome(ureq);
            String url = getRedirectToURL(usess) + ";jsessionid=" + usess.getSessionInfo().getSession().getId();
            DispatcherModule.redirectTo(response, url);
        } else {
            // redirect to the authenticated dispatcher which support REST url
            String url = WebappHelper.getServletContextPath() + DispatcherModule.PATH_AUTHENTICATED + encodedRestPart;
            DispatcherModule.redirectTo(response, url);
        }
    } else {
        // prepare for redirect
        LoginModule loginModule = CoreSpringFactory.getImpl(LoginModule.class);
        setBusinessPathInUserSession(usess, businessPath, ureq.getParameter(WINDOW_SETTINGS));
        String invitationAccess = ureq.getParameter(AuthenticatedDispatcher.INVITATION);
        if (invitationAccess != null && loginModule.isInvitationEnabled()) {
            // try to log in as anonymous
            // use the language from the lang paramter if available, otherwhise use the system default locale
            Locale guestLoc = getLang(ureq);
            int loginStatus = AuthHelper.doInvitationLogin(invitationAccess, ureq, guestLoc);
            if (loginStatus == AuthHelper.LOGIN_OK) {
                Identity invite = usess.getIdentity();
                // fxdiff: FXOLAT-268 update last login date and register active user
                UserDeletionManager.getInstance().setIdentityAsActiv(invite);
                // logged in as invited user, continue
                String url = getRedirectToURL(usess);
                DispatcherModule.redirectTo(response, url);
            } else if (loginStatus == AuthHelper.LOGIN_NOTAVAILABLE) {
                DispatcherModule.redirectToServiceNotAvailable(response);
            } else {
                // error, redirect to login screen
                DispatcherModule.redirectToDefaultDispatcher(response);
            }
        } else {
            String guestAccess = ureq.getParameter(AuthenticatedDispatcher.GUEST);
            if (guestAccess == null || !loginModule.isGuestLoginLinksEnabled()) {
                DispatcherModule.redirectToDefaultDispatcher(response);
                return;
            } else if (guestAccess.equals(AuthenticatedDispatcher.TRUE)) {
                // try to log in as anonymous
                // use the language from the lang paramter if available, otherwhise use the system default locale
                Locale guestLoc = getLang(ureq);
                int loginStatus = AuthHelper.doAnonymousLogin(ureq, guestLoc);
                if (loginStatus == AuthHelper.LOGIN_OK) {
                    // logged in as anonymous user, continue
                    String url = getRedirectToURL(usess);
                    DispatcherModule.redirectTo(response, url);
                } else if (loginStatus == AuthHelper.LOGIN_NOTAVAILABLE) {
                    DispatcherModule.redirectToServiceNotAvailable(response);
                } else {
                    // error, redirect to login screen
                    DispatcherModule.redirectToDefaultDispatcher(response);
                }
            }
        }
    }
}
Also used : Window(org.olat.core.gui.components.Window) Locale(java.util.Locale) BusinessControl(org.olat.core.id.context.BusinessControl) UnsupportedEncodingException(java.io.UnsupportedEncodingException) LoginModule(org.olat.login.LoginModule) Windows(org.olat.core.gui.Windows) UnsupportedEncodingException(java.io.UnsupportedEncodingException) UserSessionManager(org.olat.core.util.session.UserSessionManager) UserSession(org.olat.core.util.UserSession) Identity(org.olat.core.id.Identity) UserRequest(org.olat.core.gui.UserRequest) UserRequestImpl(org.olat.core.gui.UserRequestImpl) RestSecurityBean(org.olat.restapi.security.RestSecurityBean)

Aggregations

UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 Locale (java.util.Locale)2 UserRequest (org.olat.core.gui.UserRequest)2 UserRequestImpl (org.olat.core.gui.UserRequestImpl)2 Windows (org.olat.core.gui.Windows)2 Window (org.olat.core.gui.components.Window)2 Identity (org.olat.core.id.Identity)2 BusinessControl (org.olat.core.id.context.BusinessControl)2 UserSession (org.olat.core.util.UserSession)2 UserSessionManager (org.olat.core.util.session.UserSessionManager)2 LoginModule (org.olat.login.LoginModule)2 RestSecurityBean (org.olat.restapi.security.RestSecurityBean)2