Skip to content
Snippets Groups Projects
Select Git revision
  • OpenOLAT_19.1.uibk default protected
  • eexams_OpenOLAT_19.1.uibk protected
  • OpenOLAT_19.0.uibk protected
  • eexams_OpenOLAT_19.0.uibk protected
  • OpenOLAT_18.2.uibk protected
  • eexams_OpenOLAT_18.2.uibk protected
  • eexams_OpenOLAT_18.1.uibk protected
  • OpenOLAT_18.1.uibk protected
  • OpenOLAT_17.2.uibk protected
  • eexams_OpenOLAT_17.2.uibk protected
  • OpenOLAT_18.0.uibk protected
  • OpenOLAT_17.2.uibk_hotfix protected
  • pre-release-OpenOLAT_18.0.uibk protected
  • OpenOLAT_17.1.uibk protected
  • OpenOLAT_17.0.uibk protected
  • OpenOLAT_16.2.uibk protected
  • OpenOLAT_16.2 protected
  • master protected
  • OpenOLAT_16.1 protected
  • OpenOLAT_16.1.uibk protected
  • OpenOLAT_15.5.8.uibk-001
  • OpenOLAT_15.5.6.uibk-003
  • OpenOLAT_15.5.6.uibk-002
  • OpenOLAT_15.5.6.uibk-001
  • OpenOLAT_15.5.5.uibk-004
  • OpenOLAT_15.5.5.uibk-003
  • OpenOLAT_15.5.5.uibk-002
  • OpenOLAT_15.5.5.uibk-001
  • OpenOLAT_15.5.4.uibk-001
  • OpenOLAT_15.3.18.uibk-001
  • OpenOLAT_15.3.17.uibk-002
  • OpenOLAT_15.3.17.uibk-001
  • OpenOLAT_15.3.16.uibk-001
  • OpenOLAT_15.5.0.uibk-001
  • OpenOLAT_15.3.15.uibk-001
  • OpenOLAT_15.3.14.uibk-001
  • OpenOLAT_15.3.13.uibk-003
  • OpenOLAT_15.3.13.uibk-002
  • OpenOLAT_15.3.13.uibk-001
  • OpenOLAT_15.3.12.uibk-003
40 results
Blame Permalink
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
AdminModule.java 8.20 KiB 
/**
* OLAT - Online Learning and Training<br>
* http://www.olat.org
* <p>
* Licensed under the Apache License, Version 2.0 (the "License"); <br>
* you may not use this file except in compliance with the License.<br>
* You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing,<br>
* software distributed under the License is distributed on an "AS IS" BASIS, <br>
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
* See the License for the specific language governing permissions and <br>
* limitations under the License.
* <p>
* Copyright (c) since 2004 at Multimedia- & E-Learning Services (MELS),<br>
* University of Zurich, Switzerland.
* <hr>
* <a href="http://www.openolat.org">
* OpenOLAT - Online Learning and Training</a><br>
* This file has been modified by the OpenOLAT community. Changes are licensed
* under the Apache 2.0 license as the original file.
*/

package org.olat.admin;

import javax.servlet.http.HttpServletRequest;

import org.apache.commons.lang.RandomStringUtils;
import org.olat.NewControllerFactory;
import org.olat.admin.site.AdminSite;
import org.olat.admin.user.UserAdminContextEntryControllerCreator;
import org.olat.basesecurity.AuthHelper;
import org.olat.core.CoreSpringFactory;
import org.olat.core.commons.fullWebApp.util.GlobalStickyMessage;
import org.olat.core.commons.persistence.DBFactory;
import org.olat.core.configuration.AbstractSpringModule;
import org.olat.core.id.User;
import org.olat.core.id.context.SiteContextEntryControllerCreator;
import org.olat.core.logging.OLog;
import org.olat.core.logging.Tracing;
import org.olat.core.util.coordinate.CoordinatorManager;
import org.olat.core.util.session.UserSessionManager;
import org.olat.properties.Property;
import org.olat.properties.PropertyManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

/**
 * Description:<BR>
 * The administration module takes care of loading and unloading administration
 * specific configuration. 
 * <P>
 * Initial Date:  Apr 13, 2005
 *
 * @author gnaegi 
 */
@Service("adminModule")
public class AdminModule extends AbstractSpringModule {
	
	private static final OLog log = Tracing.createLoggerFor(AdminModule.class);

	private static final String CONFIG_LOGIN_BLOCKED = "loginBlocked";
	/** Category for system properties **/
	public static String SYSTEM_PROPERTY_CATEGORY = "_o3_";
	public static final String PROPERTY_MAINTENANCE_MESSAGE    = "maintenanceMessageToken";
	public static final String PROPERTY_SESSION_ADMINISTRATION = "sessionAdministrationToken";
	
	@Value("${maxNumberOfSessions:0}")
	private int maxNumberOfSessions;
	
	@Autowired
	private PropertyManager propertyManager;

	/**
	 * [used by spring]
	 */
	@Autowired
	public AdminModule(CoordinatorManager coordinatorManager) {
		super(coordinatorManager);
	}

	/**
	 * Check if system property for maintenance message exists, create one if it
	 * doesn't
	 * This generated token is used by the remote http maintenance message
	 * setting mechanism, see method below
	 * @param tokenPropertyName
	 */
	private void initializeSystemTokenProperty(String tokenPropertyName) {
		Property p = propertyManager.findProperty(null, null, null, SYSTEM_PROPERTY_CATEGORY, tokenPropertyName);
		if (p == null) {
			String token = RandomStringUtils.randomAlphanumeric(8);
			p = propertyManager.createPropertyInstance(null, null, null, SYSTEM_PROPERTY_CATEGORY, tokenPropertyName, null, null, token, null);
			propertyManager.saveProperty(p);
		}
	}


	/**
	 * Sets the new maintenance message based on a http parameter. The request must use a valid
	 * token. The token can be looked up in the properties table.
	 * The maintenance message itself is managed by the OLATContext from the brasato core
	 * @param message
	 */
	public void setMaintenanceMessage(String message) {
		GlobalStickyMessage.setGlobalStickyMessage(message, true);
	}
	
	public boolean checkMaintenanceMessageToken(HttpServletRequest request) {
		return checkToken(request, PROPERTY_MAINTENANCE_MESSAGE);
	}

	public boolean checkSessionAdminToken(HttpServletRequest request) {
		return checkToken(request, PROPERTY_SESSION_ADMINISTRATION);
	}

	private boolean checkToken(HttpServletRequest request, String tokenPropertyName) {
		String submittedToken = request.getParameter("token");
		if (submittedToken == null) {
			log.audit("Trying to set maintenance message without using a token. Remote address::" + request.getRemoteAddr());
			return false;
		}
		// get token and compare
		PropertyManager pm = PropertyManager.getInstance();
		Property p = pm.findProperty(null, null, null, AdminModule.SYSTEM_PROPERTY_CATEGORY, tokenPropertyName);
		String token = (p == null ? "" : p.getStringValue());
		if (token.matches(submittedToken)) { // limit access to token
			return true;
		} else {
			log.audit("Trying to set maintenance message using a wrong token. Remote address::" + request.getRemoteAddr());
			return false;
		}
	}
	
	/**
	 * Does not allow any further login except administrator-logins.
	 * @param newLoginBlocked
	 */
	public void setLoginBlocked(boolean newLoginBlocked, boolean persist) {
		log.audit("Session administration: Set login-blocked=" + newLoginBlocked);
		AuthHelper.setLoginBlocked(newLoginBlocked);
		setBooleanProperty(CONFIG_LOGIN_BLOCKED, newLoginBlocked, persist);
	}

	/**
	 * Check if login is blocked
	 * @return  true = login is blocked 
	 */
	public boolean isLoginBlocked() {
		return AuthHelper.isLoginBlocked();
	}

	/**
	 * Set the rejectDMZRequests flag - if true this will reject all requests to dmz to other nodes
	 * @param rejectDMZRequests
	 */
	public void setRejectDMZRequests(boolean rejectDMZRequests) {
		log.audit("Session administration: Set rejectDMZRequests=" + rejectDMZRequests);
		AuthHelper.setRejectDMZRequests(rejectDMZRequests);
	}

	/**
	 * Check if requests to DMZ are rejected resulting in clients to go to another node
	 * @return  true = reject all requests to dmz (to other nodes)
	 */
	public boolean isRejectDMZRequests() {
		return AuthHelper.isRejectDMZRequests();
	}

	/**
	 * Set limit for session. The login-process check this number and allows only this number of sessions.
	 * 0 = unlimited number of sessions
	 * @param maxSession
	 */
	public void setMaxSessions(int maxSession) {
		log.audit("Session administration: Set maxSession=" + maxSession);
		AuthHelper.setMaxSessions(maxSession);
	}

	/**
	 * Set global session timeout in msec.
	 * @param sessionTimeout
	 */
	public void setSessionTimeoutDepr(int sessionTimeout) {
		log.audit("Session administration: Set session-timeout=" + sessionTimeout);
		//in seconds
		CoreSpringFactory.getImpl(UserSessionManager.class).setGlobalSessionTimeout(sessionTimeout);
	}

	/**
	 * @return  Current session-limit.
	 */
	public int getMaxSessions() {
		return AuthHelper.getMaxSessions();
	}

	/**
	 * Enable hibernate-statistics (for JMX interface).
	 */
	public void enableHibernateStatistics(boolean enableStatistics) {
		if (enableStatistics) {
			// clear statistics when enable it
			DBFactory.getInstance().getStatistics().clear();
		}
		DBFactory.getInstance().getStatistics().setStatisticsEnabled(enableStatistics);
	}

	@Override
	public void init() {
		initializeSystemTokenProperty(PROPERTY_MAINTENANCE_MESSAGE);
		initializeSystemTokenProperty(PROPERTY_SESSION_ADMINISTRATION);
		
		boolean loginBlocked = getBooleanPropertyValue(CONFIG_LOGIN_BLOCKED);
		if(loginBlocked) {
			AuthHelper.setLoginBlocked(loginBlocked);
		}
		
		// Add controller factory extension point to launch groups
		NewControllerFactory.getInstance().addContextEntryControllerCreator(User.class.getSimpleName(),
				new UserAdminContextEntryControllerCreator());
		NewControllerFactory.getInstance().addContextEntryControllerCreator("NewIdentityCreated",
				new UserAdminContextEntryControllerCreator());
		NewControllerFactory.getInstance().addContextEntryControllerCreator(AdminSite.class.getSimpleName(),
				new SiteContextEntryControllerCreator(AdminSite.class));
		
	}

	@Override
	protected void initDefaultProperties() {
		AuthHelper.setMaxSessions(maxNumberOfSessions);
	}

	@Override
	protected void initFromChangedProperties() {
		//nothing to do
	}
}