Examples of org.olat.core.util.UserSession

• org.olat.core.util.UserSession
  Description:
  the httpsession contains an instance of this class. the UserSession is either authenticated or not; and if it is, then it also contains things like the Identity, the locale etc. of the current user.

  @author Felix Jost

    }

    //
    // create the olat ureq and get an associated main window to spawn the "tab"
    //
    UserSession usess = UserSession.getUserSession(request);
    UserRequest ureq = null;
    try {
      //upon creation URL is checked for
      ureq = new UserRequest(uriPrefix, request, response);
    } catch(NumberFormatException nfe) {
      //MODE could not be decoded
      //typically if robots with wrong urls hit the system
      //or user have bookmarks
      //or authors copy-pasted links to the content.
      //showing redscreens for non valid URL is wrong instead
      //a 404 message must be shown -> e.g. robots correct their links.
      if(log.isDebug()){
        log.debug("Bad Request "+request.getPathInfo());
      }
      DispatcherAction.sendBadRequest(request.getPathInfo(), response);
      return;
    }
    GUIInterna.setLoadPerformanceMode(ureq);

    boolean auth = usess.isAuthenticated();
    if (auth) {
      usess.putEntryInNonClearedStore(AuthenticatedDispatcher.AUTHDISPATCHER_BUSINESSPATH, businessPath);

      String url = getRedirectToURL(usess);
      DispatcherAction.redirectTo(response, url);
    } else {
      //prepare for redirect
      usess.putEntryInNonClearedStore(AuthenticatedDispatcher.AUTHDISPATCHER_BUSINESSPATH, businessPath);

      String guestAccess = ureq.getParameter(AuthenticatedDispatcher.GUEST);
      if (guestAccess == null || !LoginModule.isGuestLoginLinksEnabled()) {
        DispatcherAction.redirectToDefaultDispatcher(response);
        return;

   * @param request
   * @param response
   * @param uriPrefix
   */
  public void execute(HttpServletRequest request, HttpServletResponse response, String uriPrefix) {
    UserSession usess = UserSession.getUserSession(request);
    UserRequest ureq = null;

    try {
      ureq = new UserRequest(uriPrefix, request, response);
      boolean auth = usess.isAuthenticated();

      if (!auth ||   !ureq.isValidDispatchURI()) {
        // String lang =
        // I18nManager.getInstance().getDefaultLocale().toString();
        Identity ident = ManagerFactory.getManager().findIdentityByName("administrator");

        usess.signOffAndClear();
        usess.setIdentity(ident);
        usess.setRoles(new Roles(true, true, true, true, false, true));
        usess.setLocale(I18nManager.getInstance().getLocaleOrDefault(ident.getUser().getPreferences().getLanguage()));

        // brasato:: was
        // Windows.getWindows(ureq).getWindowManager().getGlobalSettings().setFontSize(
        // identity.getUser().getPreferences().getFontsize() );
        Windows.getWindows(ureq).setAttribute("fontsize", ident.getUser().getPreferences().getFontsize());

        AuthHelper.setSessionInfoFor(ident, OLATAuthenticationController.PROVIDER_OLAT, ureq);
        // put users personal rss token into session
        RSSUtil.putPersonalRssTokenInSession(ureq);
        // confirm signedOn
        usess.signOn();

        //
        Windows.getWindows(ureq).getWindowManager().setAjaxWanted(ureq, true);

        // successfull login, reregister window

  /**
   * @see org.olat.core.dispatcher.Dispatcher#execute(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String)
   */
  public void execute(HttpServletRequest request, HttpServletResponse response, String uriPrefix) {
    UserSession usess = UserSession.getUserSession(request);
    UserRequest ureq = null;
    try{
      //upon creation URL is checked for
      ureq = new UserRequest(uriPrefix, request, response);
    }catch(NumberFormatException nfe){

    }

    UserRequest ureq = new UserRequest(uriPrefix, request, response);
    //String sessionId = request.getRequestedSessionId();
    try {
      UserSession usess = ureq.getUserSession();
      Windows ws = Windows.getWindows(usess);
      synchronized (ws) {  //o_clusterOK by:fj

        Window window;
        boolean windowHere = ws.isExisting(ureq.getWindowID());
        boolean validDispatchUri = ureq.isValidDispatchURI();
        if (validDispatchUri && !windowHere) {
          // probably valid framework link from previous user && new Session(no window):
          // when a previous user logged off, and 30min later (when the httpsession is invalidated), the next user clicks e.g. on
          // the log-in link in the -same- browser window ->
          // -> there is no window -> create a new one
          window = null;
          usess.signOffAndClear();
          // request new windows since it is a new usersession, the old one was purged
          ws = Windows.getWindows(usess);
        } else {
          if (validDispatchUri) {
            window = ws.getWindow(ureq);
          } else {
            // e.g. /dmz/ -> start screen, clear previous session data
            window = null;
            usess.signOffAndClear();
            // request new windows since it is a new usersession, the old one was purged
            ws = Windows.getWindows(usess);
          }
        }

  }

  public void testReproceCompilerFreakout() throws Exception {
    UserActivityLoggerImpl ual = new UserActivityLoggerImpl();
    HttpSession session = new MockHttpSession();
    UserSession userSession = UserSession.getUserSession(session);

    assertTrue("isactivated", DBModule.isActivated());

    User user = UserManager.getInstance().createAndPersistUser("foo","bar","foo@bar.goo");
    Identity identity = ManagerFactory.getManager().createAndPersistIdentity("foo", user, "me", "foo", "bar");
    userSession.setSessionInfo(new SessionInfo("user", session));
    userSession.setIdentity(identity);
    ual.frameworkSetSession(userSession);
    System.out.println("********************************************************");
    System.out.println("Starting ReproduceCompilerFreakout Test... Runs Forever!");
    System.out.println("********************************************************");
    while(true) {

    int httpsCount = 0;
    int activeSessionCnt = 0;
    if (command.equals("users")) { // get user stats of (authenticated) usersessions
      Set userSessions = UserSession.getAuthenticatedUserSessions();
      for (Iterator it_usess = userSessions.iterator(); it_usess.hasNext();) {
        UserSession usess = (UserSession) it_usess.next();
        activeSessionCnt++;
        SessionInfo sessInfo = usess.getSessionInfo();
        if (sessInfo.isSecure()) httpsCount++;
      }
      result.append(activeSessionCnt); // active authenticated sessions
      result.append("\n");
      result.append(httpsCount); // ,,, of which are secure
      result.append("\n0\n");
      result.append(instanceId);
    } else if (command.equals("webdav")) { // get webdav stats of (authenticated) usersessions
      Set userSessions = UserSession.getAuthenticatedUserSessions();
      int webdavcount = 0;
      int securewebdavcount = 0;
      for (Iterator it_usess = userSessions.iterator(); it_usess.hasNext();) {
        UserSession usess = (UserSession) it_usess.next();
        SessionInfo sessInfo = usess.getSessionInfo();
        if (sessInfo.isWebDAV()) {
          webdavcount++;
          if (sessInfo.isSecure()) securewebdavcount++;
        }
      }

  /**
   * @see org.olat.core.gui.components.table.TableDataModel#getValueAt(int, int)
   */
  public Object getValueAt(int row, int col) {
    UserSession usess = (UserSession)getObject(row);
    SessionInfo sessInfo = usess.getSessionInfo();
    if (usess.isAuthenticated()) {
      switch (col) {
        case 0: return sessInfo.getLastname();
        case 1: return sessInfo.getFirstname();
        case 2: return sessInfo.getLogin();
        case 3: return sessInfo.getAuthProvider();

   *      org.olat.core.gui.control.Controller, org.olat.core.gui.control.Event)
   */
  public void event(UserRequest ureq, Controller source, Event event) {
    if (source == dialogController) {
      if (DialogBoxUIFactory.isYesEvent(event)) {
        UserSession usess = (UserSession) usessTableModel.getObject(selRow);
        SessionInfo sessInfo = usess.getSessionInfo();
        if (usess.isAuthenticated()) {
          HttpSession session = sessInfo.getSession();
          if (session!=null) {
            try{
              session.invalidate();
            } catch(IllegalStateException ise) {
              // thrown when session already invalidated. fine. ignore.
            }
          }
          showInfo("sess.kill.done", sessInfo.getLogin() );
        }
        reset();
      }
    }
    else if (source == tableCtr) {
      if (event.getCommand().equals(Table.COMMANDLINK_ROWACTION_CLICKED)) {
        TableEvent te = (TableEvent) event;
        selRow = te.getRowId();
        // session info (we only have authenticated sessions here
        UserSession usess = (UserSession) usessTableModel.getObject(selRow);
        //if (!usess.isAuthenticated()) throw new AssertException("usersession was not authenticated!?");
        myContent.setPage(VELOCITY_ROOT + "/sessionDetails.html");
        myContent.contextPut("us", usess);
        SessionInfo sessInfo = usess.getSessionInfo();
        myContent.contextPut("si", sessInfo);
        boolean isAuth = usess.isAuthenticated();
        myContent.contextPut("isauth", isAuth? "yes" : "-- NOT AUTHENTICATED!");

        long creatTime = -1;
        long lastAccessTime = -1;

        boolean success = false;
        if (isAuth) {
          try {
            HttpSession se = sessInfo.getSession();
            creatTime = se.getCreationTime();
            lastAccessTime = se.getLastAccessedTime();
            success = true;
          } catch (Exception ise) {
            // nothing to do
          }
        }

        if (success) {
          myContent.contextPut("created", f.formatDateAndTime(new Date(creatTime)));
          myContent.contextPut("lastaccess", f.formatDateAndTime(new Date(lastAccessTime)));
        } else {
          myContent.contextPut("created", " -- this session has been invalidated --");
          myContent.contextPut("lastaccess", " -- this session has been invalidated --");
        }

        if (success) {
          // lock information
          String username = sessInfo.getLogin();
          ArrayList lockList = new ArrayList();
          List<LockEntry> locks = CoordinatorManager.getCoordinator().getLocker().adminOnlyGetLockEntries();
          Formatter f = Formatter.getInstance(ureq.getLocale());
          for (LockEntry entry : locks) {
            if (entry.getOwner().getName().equals(username)) {
              lockList.add(entry.getKey()+" "+f.formatDateAndTime(new Date(entry.getLockAquiredTime())));
            }
          }
          myContent.contextPut("locklist", lockList);

          // user environment
          myContent.contextPut("env", usess.getIdentityEnvironment());

          // GUI statistics
          Windows ws = Windows.getWindows(usess);
          StringBuilder sb = new StringBuilder();
          for (Iterator iterator = ws.getWindowIterator(); iterator.hasNext();) {

   * @param request
   * @param response
   * @param uriPrefix
   */
  public void execute(HttpServletRequest request, HttpServletResponse response, String uriPrefix) {
    UserSession usess = UserSession.getUserSession(request);
    UserRequest ureq = null;
    try {
      //upon creation URL is checked for
      ureq = new UserRequest(uriPrefix, request, response);
    } catch(NumberFormatException nfe) {
      //MODE could not be decoded
      //typically if robots with wrong urls hit the system
      //or user have bookmarks
      //or authors copy-pasted links to the content.
      //showing redscreens for non valid URL is wrong instead
      //a 404 message must be shown -> e.g. robots correct their links.
      if(Tracing.isDebugEnabled(UzhAuthenticatedDispatcher.class)){
        Tracing.logDebug("Bad Request "+request.getPathInfo(), this.getClass());
      }
      DispatcherAction.sendBadRequest(request.getPathInfo(), response);
      return;
    }
    GUIInterna.setLoadPerformanceMode(ureq);

    boolean auth = usess.isAuthenticated();

    if (!auth) {
      //check for legacy unizh url's and redirect
      if (checkForRedirect(request, response) ) return;


      if (!ureq.isValidDispatchURI()) {
        // might be a direct jump request -> remember it if not logged in yet
        String reqUri = request.getRequestURI();
        String query = request.getQueryString();
        String allGet = reqUri + QUESTIONMARK + query;
        usess.putEntryInNonClearedStore(AUTHDISPATCHER_ENTRYURL, allGet);
      }
      String guestAccess = ureq.getParameter(GUEST);
      if (guestAccess == null) {
        DispatcherAction.redirectToDefaultDispatcher(response);
        return;
      } else if (guestAccess.equals(TRUE)) {
        // try to log in as anonymous
        int loginStatus = AuthHelper.doAnonymousLogin(ureq,I18nManager.getInstance().getLocaleOrDefault(ureq.getParameter(LANG)) );
        if ( loginStatus != AuthHelper.LOGIN_OK ) {
          if (loginStatus == AuthHelper.LOGIN_NOTAVAILABLE) {
            DispatcherAction.redirectToServiceNotAvailable(response);
          }
          return;
        }
        // else now logged in as anonymous user, continue
      }
    }

    // authenticated!
    try {

      //kill session if not secured via SSL
      if (forceSecureAccessOnly && !request.isSecure()) {
        SessionInfo sessionInfo = usess.getSessionInfo();
        if (sessionInfo!=null) {
          HttpSession session = sessionInfo.getSession();
          if (session!=null) {
            try{
              session.invalidate();
            } catch(IllegalStateException ise) {
              // thrown when session already invalidated. fine. ignore.
            }
          }
        }
        DispatcherAction.redirectToDefaultDispatcher(response);
        return;
      }
    //check for legacy unizh url's and redirect
      if (checkForRedirect(request, response)) return ;

      usess.getSessionInfo().setLastClickTime();
      String origUrl = (String) usess.removeEntryFromNonClearedStore(AUTHDISPATCHER_ENTRYURL);
      if (origUrl != null) {
        // we had a direct jump request
        // to avoid a endless redirect, remove the guest parameter if any
        // this can happen if a guest has cookies disabled
        String url = new URIHelper(origUrl).removeParameter(GUEST).toString();

      Tracing.logAudit("was denied login", AuthHelper.class);
      return LOGIN_DENIED;
    }
    // if the user sending the cookie did not log out and we are logging in
    // again, then we need to make sure everything is cleaned up. we cleanup in all cases.
    UserSession usess = ureq.getUserSession();
    // prepare for a new user: clear all the instance vars of the userSession
    // note: does not invalidate the session, since it is reused
    usess.signOffAndClear();
    // init the UserSession for the new User
    // we can set the identity and finish the log in process
    usess.setIdentity(identity);
    setRolesFor(identity, usess);

    // check if loginDenied or maxSession (only for non-admin)
    if ( (loginBlocked && !usess.getRoles().isOLATAdmin())
        || ( ((maxSessions != MAX_SESSION_NO_LIMIT) && (UserSession.getUserSessionsCnt() >= maxSessions)) && !usess.getRoles().isOLATAdmin() ) ) {
      Tracing.logAudit("Login was blocked for username=" + usess.getIdentity().getName() + ", loginBlocked=" + loginBlocked + " NbrOfSessions=" + UserSession.getUserSessionsCnt() , AuthHelper.class);
      usess.signOffAndClear();
      return LOGIN_NOTAVAILABLE;
    }

    // set authprovider
    //usess.getIdentityEnvironment().setAuthProvider(authProvider);

    //set the language
    usess.setLocale( I18nManager.getInstance().getLocaleOrDefault(identity.getUser().getPreferences().getLanguage()) );
    // update fontsize in users session globalsettings
    Windows.getWindows(ureq).getWindowManager().setFontSize(Integer.parseInt(identity.getUser().getPreferences().getFontsize() ));
    // put users personal rss token into session
    RSSUtil.putPersonalRssTokenInSession(ureq);
    // calculate session info and attach it to the user session
    setSessionInfoFor(identity, authProvider, ureq);
    //confirm signedOn
    usess.signOn();
    // set users web delivery mode
    setAjaxModeFor(ureq);
    // update web delivery mode in session info
    ureq.getUserSession().getSessionInfo().setWebModeFromUreq(ureq);
    return LOGIN_OK;