/**
* OLAT - Online Learning and Training<br>
* http://www.olat.org
* <p>
* Licensed under the Apache License, Version 2.0 (the "License"); <br>
* you may not use this file except in compliance with the License.<br>
* You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing,<br>
* software distributed under the License is distributed on an "AS IS" BASIS, <br>
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
* See the License for the specific language governing permissions and <br>
* limitations under the License.
* <p>
* Copyright (c) since 2004 at Multimedia- & E-Learning Services (MELS),<br>
* University of Zurich, Switzerland.
* <p>
*/
package org.olat.commons.servlets;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.olat.admin.user.delete.service.UserDeletionManager;
import org.olat.basesecurity.ManagerFactory;
import org.olat.core.id.Identity;
import org.olat.core.id.Roles;
import org.olat.core.id.User;
import org.olat.core.id.UserConstants;
import org.olat.core.servlets.SecureWebdavServlet;
import org.olat.core.servlets.WebDAVManager;
import org.olat.core.util.SessionInfo;
import org.olat.core.util.UserSession;
import org.olat.login.OLATAuthenticationController;
import org.olat.login.auth.WebDAVAuthManager;
import com.hansenne.utils.cache.TimedCache;
import com.oreilly.servlet.Base64Decoder;
/**
* Initial Date: 16.04.2003
*
* @author Mike Stock
*
* Comment:
*
*/
public class WebDAVManagerImpl extends WebDAVManager {
private static boolean enabled = true;
private static final int CACHE_UPDATE_INTERVAL_SEC = 60*5;
private static final int CACHE_DEFAULT_LIFETIME_SEC = 60*5;
private static final String BASIC_AUTH_REALM = "OLAT WebDAV Access";
//o_clusterOK by:cg only SingleVM Cache: UserSession for WebDAV must not be invalidated on other instances
private static final TimedCache timedSessionCache = new TimedCache(CACHE_UPDATE_INTERVAL_SEC, CACHE_DEFAULT_LIFETIME_SEC);
/**
* @see org.olat.commons.servlets.WebDAVManager#setSessionCacheDefaults(int, int)
*/
protected void setSessionCacheDefaults(int updateInterval, int defaultLifetime) {
timedSessionCache.setUpdateInterval(updateInterval);
timedSessionCache.setDefaultLifetime(defaultLifetime);
}
/**
* @see org.olat.commons.servlets.WebDAVManager#destroyCache()
*/
protected void destroyCache() {
timedSessionCache.destroy();
}
/**
* @see org.olat.commons.servlets.WebDAVManager#handleAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
protected boolean handleAuthentication(HttpServletRequest req, HttpServletResponse resp) {
UserSession usess = handleBasicAuthentication(req, resp);
if (usess == null) return false;
// register usersession in REQUEST, not session !!
// see SecureWebDAVServlet.setAuthor() and checkQuota()
req.setAttribute(SecureWebdavServlet.REQUEST_USERSESSION_KEY, usess);
return true;
}
/**
* @see org.olat.commons.servlets.WebDAVManager#getUserSession(javax.servlet.http.HttpServletRequest)
*/
protected UserSession getUserSession(HttpServletRequest req) {
return (UserSession)req.getAttribute(SecureWebdavServlet.REQUEST_USERSESSION_KEY);
}
private UserSession handleBasicAuthentication(HttpServletRequest request, HttpServletResponse response) {
// Get the Authorization header, if one was supplied
String authHeader = request.getHeader("Authorization");
if (authHeader != null) {
// fetch user session from a previous authentication
UserSession usess = (UserSession)timedSessionCache.get(authHeader);
if (usess != null && usess.isAuthenticated()) return usess;
StringTokenizer st = new StringTokenizer(authHeader);
if (st.hasMoreTokens()) {
String basic = st.nextToken();
// We only handle HTTP Basic authentication
if (basic.equalsIgnoreCase("Basic")) {
String credentials = st.nextToken();
// This example uses sun.misc.* classes.
// You will need to provide your own
// if you are not comfortable with that.
String userPass = Base64Decoder.decode(credentials);
// The decoded string is in the form
// "userID:password".
int p = userPass.indexOf(":");
if (p != -1) {
String userID = userPass.substring(0, p);
String password = userPass.substring(p + 1);
// Validate user ID and password
// and set valid true if valid.
// In this example, we simply check
// that neither field is blank
Identity identity = WebDAVAuthManager.authenticate(userID, password);
if (identity != null) {
usess = UserSession.getUserSession(request);
usess.signOffAndClear();
usess.setIdentity(identity);
UserDeletionManager.getInstance().setIdentityAsActiv(identity);
// set the roles (admin, author, guest)
Roles roles = ManagerFactory.getManager().getRoles(identity);
usess.setRoles(roles);
// set authprovider
//usess.getIdentityEnvironment().setAuthProvider(OLATAuthenticationController.PROVIDER_OLAT);
// set session info
SessionInfo sinfo = new SessionInfo(identity.getName(), request.getSession());
User usr = identity.getUser();
sinfo.setFirstname(usr.getProperty(UserConstants.FIRSTNAME, null));
sinfo.setLastname(usr.getProperty(UserConstants.LASTNAME, null));
sinfo.setFromIP(request.getRemoteAddr());
sinfo.setFromFQN(request.getRemoteAddr());
try {
InetAddress[] iaddr = InetAddress.getAllByName(request.getRemoteAddr());
if (iaddr.length > 0) sinfo.setFromFQN(iaddr[0].getHostName());
} catch (UnknownHostException e) {
// ok, already set IP as FQDN
}
sinfo.setAuthProvider(OLATAuthenticationController.PROVIDER_OLAT);
sinfo.setUserAgent(request.getHeader("User-Agent"));
sinfo.setSecure(request.isSecure());
sinfo.setWebDAV(true);
sinfo.setWebModeFromUreq(null);
// set session info for this session
usess.setSessionInfo(sinfo);
//
usess.signOn();
timedSessionCache.put(authHeader, usess);
return usess;
}
}
}
}
}
// If the user was not validated or the browser does not know about the realm yet, fail with a
// 401 status code (UNAUTHORIZED) and
// pass back a WWW-Authenticate header for
// this servlet.
//
// Note that this is the normal situation the
// first time you access the page. The client
// web browser will prompt for userID and password
// and cache them so that it doesn't have to
// prompt you again.
response.setHeader("WWW-Authenticate", "Basic realm=\"" + BASIC_AUTH_REALM + "\"");
response.setStatus(401);
return null;
}
/**
* @see org.olat.core.servlets.WebDAVManager#isEnabled()
*/
public boolean isEnabled() {
return enabled;
}
/**
* Spring setter method to enable/disable the webDAV module
* @param enabled
*/
public void setEnabled(boolean enabled) {
WebDAVManagerImpl.enabled = enabled;
}
}