OO-289: implements the security against corrupted imsmanifest.xml for SCORM content too

src/main/java/org/olat/modules/scorm/OLATApiAdapter.java

@@ -110,7 +110,8 @@ public	class OLATApiAdapter extends LogDelegator implements ch.ethz.pfplms.scorm
 	 * @param studentName - the students name
 	 * @param isVerbose prints out what is going on inside the scorm RTE
 	 */
-	public	final void init (File cpRoot, String repoId, String courseId, String storagePath, String studentId, String studentName, String lesson_mode, String credit_mode, int controllerHashCode) {
+	public	final void init (File cpRoot, String repoId, String courseId, String storagePath, String studentId, String studentName, String lesson_mode, String credit_mode, int controllerHashCode)
+	throws IOException {
 		this.olatStudentId   = studentId;
 		this.olatStudentName = studentName;
 		say ("cmi.core.student_id=" +olatStudentId);
@@ -127,7 +128,7 @@ public	class OLATApiAdapter extends LogDelegator implements ch.ethz.pfplms.scorm
 				is = new BufferedInputStream(new FileInputStream(scorePropsFile));
 				scoresProp.load(is);
 			} catch (IOException e) {
-				throw new OLATRuntimeException(this.getClass(), "could not load existing scorm-score-properties file: "+scorePropsFile.getAbsolutePath(),e);
+				throw e;
 			}
 			finally {
 				if (is != null) FileUtils.closeSafely(is);

src/main/java/org/olat/modules/scorm/ScormAPIMapper.java

@@ -29,6 +29,7 @@ import static org.olat.modules.scorm.ScormAPIandDisplayController.LMS_INITIALIZE
 import static org.olat.modules.scorm.ScormAPIandDisplayController.LMS_SETVALUE;
 
 import java.io.File;
+import java.io.IOException;
 import java.io.Serializable;
 import java.util.Iterator;
 import java.util.Properties;
@@ -105,10 +106,14 @@ public class ScormAPIMapper implements Mapper, ScormAPICallback, Serializable {
 		}
 		
 		if(scormAdapter == null) {
-			scormAdapter = new OLATApiAdapter();
-			String fullname = UserManager.getInstance().getUserDisplayName(identity.getUser());
-			scormAdapter.init(cpRoot, resourceId, courseIdNodeId, FolderConfig.getCanonicalRoot(), identity.getName(), fullname, lesson_mode, credit_mode, hashCode());
-			scormAdapter.addAPIListener(this);
+			try {
+				scormAdapter = new OLATApiAdapter();
+				String fullname = UserManager.getInstance().getUserDisplayName(identity.getUser());
+				scormAdapter.init(cpRoot, resourceId, courseIdNodeId, FolderConfig.getCanonicalRoot(), identity.getName(), fullname, lesson_mode, credit_mode, hashCode());
+				scormAdapter.addAPIListener(this);
+			} catch (IOException e) {
+				log.error("", e);
+			}
 		}
 	}
 	

src/main/java/org/olat/modules/scorm/ScormAPIandDisplayController.java

@@ -26,6 +26,7 @@
 package org.olat.modules.scorm;
 
 import java.io.File;
+import java.io.IOException;
 import java.util.Iterator;
 import java.util.Locale;
 import java.util.Map;
@@ -40,6 +41,7 @@ import org.olat.core.gui.components.Component;
 import org.olat.core.gui.components.htmlheader.jscss.JSAndCSSComponent;
 import org.olat.core.gui.components.link.Link;
 import org.olat.core.gui.components.link.LinkFactory;
+import org.olat.core.gui.components.panel.Panel;
 import org.olat.core.gui.components.tree.GenericTreeNode;
 import org.olat.core.gui.components.tree.MenuTree;
 import org.olat.core.gui.components.tree.TreeEvent;
@@ -124,9 +126,17 @@ public class ScormAPIandDisplayController extends MainLayoutBasicController impl
 		myContent.put("apiadapter", jsAdapter);
 		
 		// init SCORM adapter
-		scormAdapter = new OLATApiAdapter();	
-		scormAdapter.addAPIListener(apiCallback);
-		scormAdapter.init(cpRoot, resourceId, courseIdNodeId, FolderConfig.getCanonicalRoot(), this.username, ureq.getIdentity().getUser().getProperty(UserConstants.LASTNAME, loc)+", "+ureq.getIdentity().getUser().getProperty(UserConstants.FIRSTNAME, loc), lesson_mode, credit_mode, this.hashCode());
+		try {
+			scormAdapter = new OLATApiAdapter();	
+			scormAdapter.addAPIListener(apiCallback);
+			scormAdapter.init(cpRoot, resourceId, courseIdNodeId, FolderConfig.getCanonicalRoot(), this.username, ureq.getIdentity().getUser().getProperty(UserConstants.LASTNAME, loc)+", "+ureq.getIdentity().getUser().getProperty(UserConstants.FIRSTNAME, loc), lesson_mode, credit_mode, this.hashCode());
+		} catch (IOException e) {
+			showError("error.manifest.corrupted");
+			LayoutMain3ColsController ctr = new LayoutMain3ColsController(ureq, getWindowControl(), null, null, new Panel("empty"), "scorm" + resourceId);
+			columnLayoutCtr = ctr;
+			putInitialPanel(columnLayoutCtr.getInitialComponent());
+			return;
+		}
 
 		// at this point we know the filelocation for our xstream-sco-score file (FIXME:fj: do better
 		

src/main/java/org/olat/modules/scorm/_i18n/LocalStrings_de.properties

@@ -4,3 +4,4 @@ scorm.course.completed=Der Kurs wurde als abgeschlossen markiert
 scorm.item.completed=Dieser Teil wurde als abgeschlossen markiert.
 scorm.item.has.preconditions=Dieser Teil enth\u00E4lt Vorbedingungen, die noch nicht erf\u00FCllt sind.
 scorm.quit.player=Beenden
+error.manifest.corrupted=$org.olat.modules.cp\:error.manifest.corrupted

src/main/java/org/olat/modules/scorm/manager/ScormManager.java

@@ -25,12 +25,14 @@
 
 package org.olat.modules.scorm.manager;
 
+import java.io.IOException;
 import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Vector;
 
 import org.jdom.Element;
+import org.jdom.input.JDOMParseException;
 import org.olat.core.logging.OLATRuntimeException;
 import org.olat.core.manager.BasicManager;
 import org.olat.modules.scorm.ISettingsHandler;
@@ -137,7 +139,8 @@ public class ScormManager extends BasicManager {
 	 * @param credit_mode
 	 */
 
-	public ScormManager(String packagePath, boolean showTreeWidget, boolean showNavigation, boolean autoProgression, ISettingsHandler settings) {
+	public ScormManager(String packagePath, boolean showTreeWidget, boolean showNavigation, boolean autoProgression, ISettingsHandler settings)
+	throws IOException {
 		this.scormSettingsHandler = settings;
 		_error_found = false;
 		PACKAGE_NAME = packagePath;
@@ -150,11 +153,15 @@ public class ScormManager extends BasicManager {
 	/**
 	 * 
 	 */
-	private void init() {
+	private void init() throws IOException {
 		// Make sure its there
 		if (scormSettingsHandler.getManifestFile().exists()) {
 			try {
 				_navViewer = new NavigationViewer(scormSettingsHandler);
+			} catch(IOException e) {
+				throw e;
+			} catch(JDOMParseException e) {
+				throw new IOException("Parse exception", e);
 			} catch (Exception ex) {
 				throw new OLATRuntimeException(ScormManager.class, "Could not load manifest",ex);
 			}

src/main/java/org/olat/resource/accesscontrol/provider/token/ui/TokenAccessConfigurationController.java

@@ -60,14 +60,17 @@ public class TokenAccessConfigurationController extends AbstractConfigurationMet
 
 	@Override
 	protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
+		formLayout.setElementCssClass("o_sel_accesscontrol_token_form");
 		
 		descEl = uifactory.addTextAreaElement("offer-desc", "offer.description", 2000, 6, 80, false, null, formLayout);
+		descEl.setElementCssClass("o_sel_accesscontrol_description");
 		
 		String token = "";
 		if(link.getOffer() instanceof OfferImpl) {
 			token = ((OfferImpl)link.getOffer()).getToken();
 		}
 		tokenEl = uifactory.addTextElement("token", "accesscontrol.token", 255, token, formLayout);
+		tokenEl.setElementCssClass("o_sel_accesscontrol_token");
 		
 		super.initForm(formLayout, listener, ureq);
 	}

src/main/java/org/olat/resource/accesscontrol/provider/token/ui/TokenAccessController.java

@@ -82,6 +82,7 @@ public class TokenAccessController extends FormBasicController implements FormCo
 		}
 			
 		tokenEl = uifactory.addTextElement("token", "accesscontrol.token", 255, "", formLayout);
+		tokenEl.setElementCssClass("o_sel_accesscontrol_token_entry");
 			
 		final FormLayoutContainer buttonGroupLayout = FormLayoutContainer.createButtonLayout("buttonLayout", getTranslator());
 		buttonGroupLayout.setRootForm(mainForm);