diff --git a/src/main/java/org/olat/core/dispatcher/_spring/dispatcherContext.xml b/src/main/java/org/olat/core/dispatcher/_spring/dispatcherContext.xml
index 7d853b9f01f897e01d2e2d978e705cd878ee6789..6b38a3bb5ecc456bb7558d70bfd74ad446e52a75 100644
--- a/src/main/java/org/olat/core/dispatcher/_spring/dispatcherContext.xml
+++ b/src/main/java/org/olat/core/dispatcher/_spring/dispatcherContext.xml
@@ -34,9 +34,6 @@
<entry key="/shib/">
<ref bean="shibbean" />
</entry>
- <entry key="/mshib/">
- <ref bean="shibmobilebean" />
- </entry>
<entry key="/admin.html">
<ref bean="adminbean" />
</entry>
@@ -189,15 +186,6 @@
<bean id="shibbean" class="org.olat.shibboleth.ShibbolethDispatcher">
<property name="shibbolethModule" ref="shibbolethModule"/>
- <property name="restSecurityBean" ref="restSecurityBean"/>
- <property name="securityManager" ref="baseSecurityManager"/>
- <property name="userDeletionManager" ref="userDeletionManager"/>
- </bean>
-
- <bean id="shibmobilebean" class="org.olat.shibboleth.ShibbolethDispatcher">
- <property name="mobile" value="true"/>
- <property name="shibbolethModule" ref="shibbolethModule"/>
- <property name="restSecurityBean" ref="restSecurityBean"/>
<property name="securityManager" ref="baseSecurityManager"/>
<property name="userDeletionManager" ref="userDeletionManager"/>
</bean>
diff --git a/src/main/java/org/olat/core/helpers/Settings.java b/src/main/java/org/olat/core/helpers/Settings.java
index 667d7aa6bc7b71cf30de6fc679dfc02910589438..856043374a4bdee9afd3fae9715a2f29f017ba9c 100644
--- a/src/main/java/org/olat/core/helpers/Settings.java
+++ b/src/main/java/org/olat/core/helpers/Settings.java
@@ -69,7 +69,6 @@ public class Settings {
private static String clusterMode;
private static Date buildDate;
private static String repoRevision;
- private static String crossOriginFilter;
private static File guiCustomThemePath;
private static int securePort;
@@ -379,14 +378,6 @@ public class Settings {
return uri;
}
- public static String getCrossOriginFilter() {
- return crossOriginFilter;
- }
-
- public void setCrossOriginFilter(String crossOriginFilter) {
- Settings.crossOriginFilter = crossOriginFilter;
- }
-
/**
* @return True if this is a JUnit test.
*
diff --git a/src/main/java/org/olat/core/servlets/CrossOriginFilter.java b/src/main/java/org/olat/core/servlets/CrossOriginFilter.java
deleted file mode 100644
index acdec93b4a59ff2dca6fa3eb91ebb123c78c5e88..0000000000000000000000000000000000000000
--- a/src/main/java/org/olat/core/servlets/CrossOriginFilter.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/**
- * <p>
- * Copyright (c) frentix GmbH<br>
- * http://www.frentix.com<br>
- */
-package org.olat.core.servlets;
-
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.olat.core.helpers.Settings;
-import org.olat.core.util.StringHelper;
-
-/**
- *
- * Allow cross origin for our javascript client
- *
- * @author srosse, stephane.rosse@frentix.com, http://www.frentix.com
- */
-public class CrossOriginFilter implements Filter {
-
- @Override
- public void init(FilterConfig filterConfig) throws ServletException {
- //
- }
-
- @Override
- public void destroy() {
- //
- }
-
- @Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
- addHeaders(request, response);
- chain.doFilter(request, response);
- addHeaders(request, response);
- }
-
- private void addHeaders(ServletRequest request, ServletResponse response) {
- if(response instanceof HttpServletResponse) {
- HttpServletRequest httpRequest = (HttpServletRequest)request;
- HttpServletResponse httpResponse = (HttpServletResponse)response;
- String origin = httpRequest.getHeader("origin");
- if(isDomainAllowed(origin)) {
- if(origin != null && !origin.isEmpty()) {
- httpResponse.setHeader("Access-Control-Allow-Origin", origin);
- }
- String headers = httpRequest.getHeader("access-control-request-headers");
- if(headers != null && !headers.isEmpty()) {
- httpResponse.setHeader("Access-Control-Allow-Headers", headers);
- }
- httpResponse.setHeader("Access-Control-Allow-Methods", "POST, PUT, DELETE, GET, OPTIONS");
- httpResponse.setHeader("Access-Control-Max-Age", "1728000");
-
- String method = httpRequest.getHeader("access-control-request-method");
- if("OPTIONS".equals(method)) {
- httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
- }
- }
- }
- }
-
- private boolean isDomainAllowed(String origin) {
- String allowedDomains = Settings.getCrossOriginFilter();
- if(StringHelper.containsNonWhitespace(allowedDomains) && StringHelper.containsNonWhitespace(origin)) {
- if("*".equals(allowedDomains)) {
- return true;
- }
- String[] domains = allowedDomains.split(",");
- for(String domain:domains) {
- if(domain.equals(origin)) {
- return true;
- }
- }
- }
- return false;
- }
-}
\ No newline at end of file
diff --git a/src/main/java/org/olat/core/util/_spring/utilCorecontext.xml b/src/main/java/org/olat/core/util/_spring/utilCorecontext.xml
index 42bb91e467cf2ecdbf158b4e23929c6f4a1f10b0..8574eb3e3131b43fa9d13c5e6e2011f87862151b 100644
--- a/src/main/java/org/olat/core/util/_spring/utilCorecontext.xml
+++ b/src/main/java/org/olat/core/util/_spring/utilCorecontext.xml
@@ -73,8 +73,7 @@
<value>.*Gecko/200[0123456].*</value> <!-- Gecko engine older than 2006 -->
<value>.*Lynx.*</value> <!-- Lynx console browser (no js) -->
</list>
- </property>
- <property name="crossOriginFilter" value="${allow.cross.origin.domain}"/>
+ </property>
<!--
Optional path to a directory which contains custom themes. This is an alternative to placing the theme
into the webapp, default is to have your custom themes in olatdata/customizing/themes
diff --git a/src/main/java/org/olat/shibboleth/ShibbolethDispatcher.java b/src/main/java/org/olat/shibboleth/ShibbolethDispatcher.java
index fcf07e40c8fe4043b850ad1266368fa47cf27999..5c439d1ce910723dab6e12de61834341b664e701 100644
--- a/src/main/java/org/olat/shibboleth/ShibbolethDispatcher.java
+++ b/src/main/java/org/olat/shibboleth/ShibbolethDispatcher.java
@@ -27,7 +27,6 @@ package org.olat.shibboleth;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
@@ -61,7 +60,6 @@ import org.olat.core.util.StringHelper;
import org.olat.core.util.Util;
import org.olat.core.util.WebappHelper;
import org.olat.core.util.i18n.I18nModule;
-import org.olat.restapi.security.RestSecurityBean;
import org.olat.shibboleth.manager.ShibbolethAttributes;
import org.springframework.beans.factory.annotation.Autowired;
@@ -80,23 +78,13 @@ public class ShibbolethDispatcher implements Dispatcher{
public static final String PATH_SHIBBOLETH = "/shib/";
private Translator translator;
- private boolean mobile = false;
private BaseSecurity securityManager;
private ShibbolethModule shibbolethModule;
- private RestSecurityBean restSecurityBean;
private UserDeletionManager userDeletionManager;
@Autowired
private ShibbolethManager shibbolethManager;
- /**
- * [used by Spring]
- * @param mobile
- */
- public void setMobile(boolean mobile) {
- this.mobile = mobile;
- }
-
/**
* [used by Spring]
* @param shibbolethModule
@@ -105,14 +93,6 @@ public class ShibbolethDispatcher implements Dispatcher{
this.shibbolethModule = shibbolethModule;
}
- /**
- * [used by Spring]
- * @param restSecurityBean
- */
- public void setRestSecurityBean(RestSecurityBean restSecurityBean) {
- this.restSecurityBean = restSecurityBean;
- }
-
/**
* [used by Spring]
* @param securityManager
@@ -142,16 +122,11 @@ public class ShibbolethDispatcher implements Dispatcher{
if(translator==null) {
translator = Util.createPackageTranslator(ShibbolethDispatcher.class, I18nModule.getDefaultLocale());
}
- String uri = req.getRequestURI();
+
if (!shibbolethModule.isEnableShibbolethLogins()){
- throw new OLATSecurityException("Got shibboleth request but shibboleth is not enabled: " + uri);
- }
- try { uri = URLDecoder.decode(uri, "UTF-8");
- } catch (UnsupportedEncodingException e) {
- throw new AssertException("UTF-8 encoding not supported!!!!");
+ throw new OLATSecurityException("Got shibboleth request but shibboleth is not enabled");
}
String uriPrefix = DispatcherModule.getLegacyUriPrefix(req);
- uri = uri.substring(uriPrefix.length()); // guaranteed to exist by DispatcherAction
Map<String, String> attributesMap = getShibbolethAttributesFromRequest(req);
ShibbolethAttributes shibbolethAttriutes = CoreSpringFactory.getImpl(ShibbolethAttributes.class);
@@ -213,22 +188,12 @@ public class ShibbolethDispatcher implements Dispatcher{
ureq.getUserSession().getIdentityEnvironment().addAttributes(
shibbolethModule.getAttributeTranslator().translateAttributesMap(shibbolethAttriutes.toMap()));
- if(mobile) {
- String token = restSecurityBean.generateToken(ureq.getIdentity(), ureq.getHttpReq().getSession(true));
-
- try {
- resp.sendRedirect(WebappHelper.getServletContextPath() + "/mobile?x-olat-token=" + token + "&username=" + ureq.getIdentity().getName());
- } catch (IOException e) {
- log.error("Redirect to mobile app.", e);
- }
+ MediaResource mr = ureq.getDispatchResult().getResultingMediaResource();
+ if (mr instanceof RedirectMediaResource) {
+ RedirectMediaResource rmr = (RedirectMediaResource)mr;
+ rmr.prepare(resp);
} else {
- MediaResource mr = ureq.getDispatchResult().getResultingMediaResource();
- if (mr instanceof RedirectMediaResource) {
- RedirectMediaResource rmr = (RedirectMediaResource)mr;
- rmr.prepare(resp);
- } else {
- DispatcherModule.redirectToDefaultDispatcher(resp); // error, redirect to login screen
- }
+ DispatcherModule.redirectToDefaultDispatcher(resp); // error, redirect to login screen
}
}
@@ -309,15 +274,15 @@ public class ShibbolethDispatcher implements Dispatcher{
* @param req
* @param resp
*/
- private void handleException(Throwable e, HttpServletRequest req, HttpServletResponse resp, Translator translator) {
+ private void handleException(Throwable e, HttpServletRequest req, HttpServletResponse resp, Translator transl) {
UserRequest ureq = new UserRequestImpl(ShibbolethDispatcher.PATH_SHIBBOLETH, req, resp);
if(e instanceof ShibbolethException) {
String userMsg = "";
int errorCode = ((ShibbolethException)e).getErrorCode();
switch (errorCode) {
- case ShibbolethException.GENERAL_SAML_ERROR: userMsg = translator.translate("error.shibboleth.generic"); break;
- case ShibbolethException.UNIQUE_ID_NOT_FOUND: userMsg = translator.translate("error.unqueid.notfound"); break;
- default: userMsg = translator.translate("error.shibboleth.generic"); break;
+ case ShibbolethException.GENERAL_SAML_ERROR: userMsg = transl.translate("error.shibboleth.generic"); break;
+ case ShibbolethException.UNIQUE_ID_NOT_FOUND: userMsg = transl.translate("error.unqueid.notfound"); break;
+ default: userMsg = transl.translate("error.shibboleth.generic"); break;
}
showMessage(ureq,"org.opensaml.SAMLException: " + e.getMessage(), e, userMsg, ((ShibbolethException)e).getContactPersonEmail());
return;
diff --git a/src/main/resources/serviceconfig/olat.properties b/src/main/resources/serviceconfig/olat.properties
index 3348f67dd672ce10b3df510633824703d01e3430..3f80917a7e0fc6c39e54ec2587cf423158f24058 100644
--- a/src/main/resources/serviceconfig/olat.properties
+++ b/src/main/resources/serviceconfig/olat.properties
@@ -537,11 +537,6 @@ server.port=8080
# OLAT JMX server port (must be unique per node in a cluster)
jmx.rmi.port=3000
-#allow an other web site to use the REST API with Javascript
-#list of domains separated with , or * for allow all
-allow.cross.origin.domain=
-allow.cross.origin.domain.values=*,www.frentix.com
-
########################################################################
# MathJAX CDN
########################################################################
diff --git a/src/main/webapp-tomcat/WEB-INF/web.xml b/src/main/webapp-tomcat/WEB-INF/web.xml
index 760b48ba8e564c00f5bd43af505990eaa2a8630b..bdfa32926c5ac08d9f16db0932184a4e0f3ca59d 100644
--- a/src/main/webapp-tomcat/WEB-INF/web.xml
+++ b/src/main/webapp-tomcat/WEB-INF/web.xml
@@ -42,11 +42,6 @@
<filter-class>org.olat.resource.accesscontrol.provider.paypal.PaypalIPNFilter</filter-class>
</filter>
- <filter>
- <filter-name>CrossOriginFilter</filter-name>
- <filter-class>org.olat.core.servlets.CrossOriginFilter</filter-class>
- </filter>
-
<filter>
<filter-name>RESTApiLoginFilter</filter-name>
<filter-class>org.olat.restapi.security.RestApiLoginFilter</filter-class>
@@ -68,11 +63,6 @@
<url-pattern>/paypal/*</url-pattern>
</filter-mapping>
- <filter-mapping>
- <filter-name>CrossOriginFilter</filter-name>
- <url-pattern>/restapi/*</url-pattern>
- </filter-mapping>
-
<filter-mapping>
<filter-name>RESTApiLoginFilter</filter-name>
<url-pattern>/restapi/*</url-pattern>
diff --git a/src/main/webapp-wildfly/WEB-INF/web.xml b/src/main/webapp-wildfly/WEB-INF/web.xml
index 46eac91f6a09ed7aeb517e82c5753cd97d4f9649..5ed599594f9c9c70c8aff01f8cbaf7fd739b4add 100644
--- a/src/main/webapp-wildfly/WEB-INF/web.xml
+++ b/src/main/webapp-wildfly/WEB-INF/web.xml
@@ -47,11 +47,6 @@
<filter-class>org.olat.resource.accesscontrol.provider.paypal.PaypalIPNFilter</filter-class>
</filter>
- <filter>
- <filter-name>CrossOriginFilter</filter-name>
- <filter-class>org.olat.core.servlets.CrossOriginFilter</filter-class>
- </filter>
-
<filter>
<filter-name>RESTApiLoginFilter</filter-name>
<filter-class>org.olat.restapi.security.RestApiLoginFilter</filter-class>
@@ -84,11 +79,6 @@
<url-pattern>/paypal/*</url-pattern>
</filter-mapping>
- <filter-mapping>
- <filter-name>CrossOriginFilter</filter-name>
- <url-pattern>/restapi/*</url-pattern>
- </filter-mapping>
-
<filter-mapping>
<filter-name>RESTApiLoginFilter</filter-name>
<url-pattern>/restapi/*</url-pattern>
diff --git a/src/test/java/org/olat/core/gui/render/TestRenderStaticURLCacheHeaders.java b/src/test/java/org/olat/core/gui/render/TestRenderStaticURLCacheHeaders.java
deleted file mode 100644
index 39e29fdbef57a96030c6dcc1d87fede42c4fe294..0000000000000000000000000000000000000000
--- a/src/test/java/org/olat/core/gui/render/TestRenderStaticURLCacheHeaders.java
+++ /dev/null
@@ -1,123 +0,0 @@
-/**
-* OLAT - Online Learning and Training<br>
-* http://www.olat.org
-* <p>
-* Licensed under the Apache License, Version 2.0 (the "License"); <br>
-* you may not use this file except in compliance with the License.<br>
-* You may obtain a copy of the License at
-* <p>
-* http://www.apache.org/licenses/LICENSE-2.0
-* <p>
-* Unless required by applicable law or agreed to in writing,<br>
-* software distributed under the License is distributed on an "AS IS" BASIS, <br>
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
-* See the License for the specific language governing permissions and <br>
-* limitations under the License.
-* <p>
-* Copyright (c) since 2004 at Multimedia- & E-Learning Services (MELS),<br>
-* University of Zurich, Switzerland.
-* <hr>
-* <a href="http://www.openolat.org">
-* OpenOLAT - Online Learning and Training</a><br>
-* This file has been modified by the OpenOLAT community. Changes are licensed
-* under the Apache 2.0 license as the original file.
-* <p>
-*/
-package org.olat.core.gui.render;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-import static org.junit.Assume.assumeNoException;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.net.HttpURLConnection;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-
-import org.junit.Test;
-
-/**
- * Description:<br>
- * downloads the entry page from olat*.uzh.ch and checks if the response
- * headers are sent with proper cache control entries like:
- * Cache-Control: max-age=31536000, public
- * This allows browsers to cache static resources and minimize traffic which returns 304 (not modified).
- * If the tests fails make sure that http.conf from apache has the following entry
- *
- * <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
- * Header set Cache-Control "max-age=31536000, public"
- * </FilesMatch>
- *
- * <P>
- * Initial Date: 17.01.2011 <br>
- *
- * @author guido
- */
-public class TestRenderStaticURLCacheHeaders {
-
- private String[] uris = {"https://olatng.uzh.ch/", "https://olat.uzh.ch/"};
-
- @Test
- public void cacheHeaders() {
- for (int i = 0; i < uris.length; i++) {
- try {
- loadFromUrl(uris[i]);
- } catch (Exception e) {
- fail(uris[i]+" from server failed with the following message: "+e.getMessage());
- }
- }
- }
-
-
- public void loadFromUrl(String uri) throws IOException, MalformedURLException, ParseException {
- URL url;
- HttpURLConnection uc = null;
- int responseCode = 0;
- try {
- url = new URL(uri + "olat/dmz/");
- uc = (HttpURLConnection) url.openConnection();
- responseCode = uc.getResponseCode();
- } catch (Exception e) {
- //skip if connection cannot be made but check every few month that url's are correct
- SimpleDateFormat format = new SimpleDateFormat("dd.MM.yy");
- Date when = format.parse("27.03.11");
- //set date in future to pass test if urls are not correct anymore
- //but if time has passed we want the test to fail to adjust the url's
- if (new Date().before(when)) {
- assumeNoException(e);
- }
- }
-
- assertEquals(200, responseCode);
- assertEquals(true, uc.getContentType().startsWith("text/html"));
- BufferedReader in = new BufferedReader(new InputStreamReader(uc
- .getInputStream()));
- String inputLine;
- // grab the first url that points to an static resource to check headers
- while ((inputLine = in.readLine()) != null) {
- if (inputLine.contains("src=\"/olat/raw/")) {
- //System.out.println("Found line: " + inputLine);
- break;
- }
- }
- in.close();
-
- String jsUrl = inputLine.substring(inputLine.indexOf("src=\"") + 6,
- inputLine.lastIndexOf("\""));
- assertTrue(jsUrl.startsWith("olat/"));
- url = new URL(uri + jsUrl);
- uc = (HttpURLConnection) url.openConnection();
- assertEquals(200, uc.getResponseCode());
- // the cached elements in olat e.g. js, css ... should have an cache
- // lifetime of one year
- assertEquals("max-age=31536000, public", uc.getHeaderField("Cache-Control"));
-
- }
-
-}