From c9066036486f1aa8d3fd768c30cd07af260c7dad Mon Sep 17 00:00:00 2001
From: srosse <none@none>
Date: Mon, 30 Jul 2012 11:21:14 +0200
Subject: [PATCH] OO-290: synchronize login in WebDAV as in standard OLAT
Servlet
---
.../commons/servlets/WebDAVManagerImpl.java | 129 ++++++++++--------
1 file changed, 73 insertions(+), 56 deletions(-)
diff --git a/src/main/java/org/olat/commons/servlets/WebDAVManagerImpl.java b/src/main/java/org/olat/commons/servlets/WebDAVManagerImpl.java
index 76031327bd4..330bdaecf48 100644
--- a/src/main/java/org/olat/commons/servlets/WebDAVManagerImpl.java
+++ b/src/main/java/org/olat/commons/servlets/WebDAVManagerImpl.java
@@ -107,7 +107,9 @@ public class WebDAVManagerImpl extends WebDAVManager {
if (authHeader != null) {
// fetch user session from a previous authentication
UserSession usess = (UserSession)timedSessionCache.get(authHeader);
- if (usess != null && usess.isAuthenticated()) return usess;
+ if (usess != null && usess.isAuthenticated()) {
+ return usess;
+ }
StringTokenizer st = new StringTokenizer(authHeader);
if (st.hasMoreTokens()) {
@@ -116,63 +118,14 @@ public class WebDAVManagerImpl extends WebDAVManager {
// We only handle HTTP Basic authentication
if (basic.equalsIgnoreCase("Basic")) {
String credentials = st.nextToken();
-
- // This example uses sun.misc.* classes.
- // You will need to provide your own
- // if you are not comfortable with that.
- String userPass = Base64Decoder.decode(credentials);
-
- // The decoded string is in the form
- // "userID:password".
- int p = userPass.indexOf(":");
- if (p != -1) {
- String userID = userPass.substring(0, p);
- String password = userPass.substring(p + 1);
-
- // Validate user ID and password
- // and set valid true if valid.
- // In this example, we simply check
- // that neither field is blank
- Identity identity = WebDAVAuthManager.authenticate(userID, password);
- if (identity != null) {
- usess = UserSession.getUserSession(request);
- usess.signOffAndClear();
- usess.setIdentity(identity);
- UserDeletionManager.getInstance().setIdentityAsActiv(identity);
- // set the roles (admin, author, guest)
- Roles roles = BaseSecurityManager.getInstance().getRoles(identity);
- usess.setRoles(roles);
- // set authprovider
- //usess.getIdentityEnvironment().setAuthProvider(OLATAuthenticationController.PROVIDER_OLAT);
-
- // set session info
- SessionInfo sinfo = new SessionInfo(identity.getName(), request.getSession());
- User usr = identity.getUser();
- sinfo.setFirstname(usr.getProperty(UserConstants.FIRSTNAME, null));
- sinfo.setLastname(usr.getProperty(UserConstants.LASTNAME, null));
- sinfo.setFromIP(request.getRemoteAddr());
- sinfo.setFromFQN(request.getRemoteAddr());
- try {
- InetAddress[] iaddr = InetAddress.getAllByName(request.getRemoteAddr());
- if (iaddr.length > 0) sinfo.setFromFQN(iaddr[0].getHostName());
- } catch (UnknownHostException e) {
- // ok, already set IP as FQDN
- }
- sinfo.setAuthProvider(BaseSecurityModule.getDefaultAuthProviderIdentifier());
- sinfo.setUserAgent(request.getHeader("User-Agent"));
- sinfo.setSecure(request.isSecure());
- sinfo.setWebDAV(true);
- sinfo.setWebModeFromUreq(null);
- // set session info for this session
- usess.setSessionInfo(sinfo);
- //
- usess.signOn();
- timedSessionCache.put(authHeader, usess);
- return usess;
- }
- }
+ usess = handleBasicAuthentication(credentials, request);
+
}
}
+
+ if(usess != null) {
+ timedSessionCache.put(authHeader, usess);
+ }
}
// If the user was not validated or the browser does not know about the realm yet, fail with a
@@ -191,6 +144,70 @@ public class WebDAVManagerImpl extends WebDAVManager {
return null;
}
+ private UserSession handleBasicAuthentication(String credentials, HttpServletRequest request) {
+ // This example uses sun.misc.* classes.
+ // You will need to provide your own
+ // if you are not comfortable with that.
+ String userPass = Base64Decoder.decode(credentials);
+
+ // The decoded string is in the form
+ // "userID:password".
+ int p = userPass.indexOf(":");
+ if (p != -1) {
+ String userID = userPass.substring(0, p);
+ String password = userPass.substring(p + 1);
+
+ // Validate user ID and password
+ // and set valid true if valid.
+ // In this example, we simply check
+ // that neither field is blank
+ Identity identity = WebDAVAuthManager.authenticate(userID, password);
+ if (identity != null) {
+ UserSession usess = UserSession.getUserSession(request);
+ synchronized(usess) {
+ //double check to prevent severals concurrent login
+ if(usess.isAuthenticated()) {
+ return usess;
+ }
+
+ usess.signOffAndClear();
+ usess.setIdentity(identity);
+ UserDeletionManager.getInstance().setIdentityAsActiv(identity);
+ // set the roles (admin, author, guest)
+ Roles roles = BaseSecurityManager.getInstance().getRoles(identity);
+ usess.setRoles(roles);
+ // set authprovider
+ //usess.getIdentityEnvironment().setAuthProvider(OLATAuthenticationController.PROVIDER_OLAT);
+
+ // set session info
+ SessionInfo sinfo = new SessionInfo(identity.getName(), request.getSession());
+ User usr = identity.getUser();
+ sinfo.setFirstname(usr.getProperty(UserConstants.FIRSTNAME, null));
+ sinfo.setLastname(usr.getProperty(UserConstants.LASTNAME, null));
+ sinfo.setFromIP(request.getRemoteAddr());
+ sinfo.setFromFQN(request.getRemoteAddr());
+ try {
+ InetAddress[] iaddr = InetAddress.getAllByName(request.getRemoteAddr());
+ if (iaddr.length > 0) sinfo.setFromFQN(iaddr[0].getHostName());
+ } catch (UnknownHostException e) {
+ // ok, already set IP as FQDN
+ }
+ sinfo.setAuthProvider(BaseSecurityModule.getDefaultAuthProviderIdentifier());
+ sinfo.setUserAgent(request.getHeader("User-Agent"));
+ sinfo.setSecure(request.isSecure());
+ sinfo.setWebDAV(true);
+ sinfo.setWebModeFromUreq(null);
+ // set session info for this session
+ usess.setSessionInfo(sinfo);
+ //
+ usess.signOn();
+ return usess;
+ }
+ }
+ }
+ return null;
+ }
+
/**
* @see org.olat.core.servlets.WebDAVManager#isEnabled()
--
GitLab