/**
* OLAT - Online Learning and Training<br>
* http://www.olat.org
* <p>
* Licensed under the Apache License, Version 2.0 (the "License"); <br>
* you may not use this file except in compliance with the License.<br>
* You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing,<br>
* software distributed under the License is distributed on an "AS IS" BASIS, <br>
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
* See the License for the specific language governing permissions and <br>
* limitations under the License.
* <p>
* Copyright (c) since 2004 at Multimedia- & E-Learning Services (MELS),<br>
* University of Zurich, Switzerland.
* <p>
*/
package org.olat.admin;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.RandomStringUtils;
import org.olat.NewControllerFactory;
import org.olat.admin.registration.SystemRegistrationManager;
import org.olat.admin.user.UserAdminContextEntryControllerCreator;
import org.olat.basesecurity.AuthHelper;
import org.olat.core.commons.fullWebApp.util.GlobalStickyMessage;
import org.olat.core.commons.persistence.DBFactory;
import org.olat.core.configuration.OLATModule;
import org.olat.core.id.User;
import org.olat.core.logging.Tracing;
import org.olat.core.util.UserSession;
import org.olat.core.util.vfs.QuotaManager;
import org.olat.instantMessaging.rosterandchat.ChangePresenceJob;
import org.olat.properties.Property;
import org.olat.properties.PropertyManager;
import com.anthonyeden.lib.config.Configuration;
/**
* Description:<BR>
* The administration module takes care of loading and unloading administration
* specific configuration.
* <P>
* Initial Date: Apr 13, 2005
*
* @author gnaegi
*/
public class AdminModule implements OLATModule {
/** Category for system properties **/
public static String SYSTEM_PROPERTY_CATEGORY = "_o3_";
private static final String PROPERTY_MAINTENANCE_MESSAGE = "maintenanceMessageToken";
private static final String PROPERTY_SESSION_ADMINISTRATION = "sessionAdministrationToken";
private static final String CONFIG_ADMIN_MAX_SESSION = "maxNumberOfSessions";
/**
*
*/
public AdminModule() {
super();
}
/**
* @see org.olat.core.configuration.OLATModule#init(com.anthonyeden.lib.config.Configuration)
*/
public void init(Configuration moduleConfig) {
initializeSystemTokenProperty(PROPERTY_MAINTENANCE_MESSAGE);
initializeSystemTokenProperty(PROPERTY_SESSION_ADMINISTRATION);
initializeMaxNumberOfSessions(moduleConfig);
// Initialize the default quotas and the quota manager
QuotaManager.getInstance().init();
DBFactory.getInstance(false).intermediateCommit();
// Add controller factory extension point to launch groups
NewControllerFactory.getInstance().addContextEntryControllerCreator(User.class.getSimpleName(),
new UserAdminContextEntryControllerCreator());
}
/**
* Get 'maxNumberOfSessions' config parameter and set 'maxSessions' in AuthHelper to limit number of session.
* 0 = no limit.
* @param moduleConfig
*/
private void initializeMaxNumberOfSessions(Configuration moduleConfig) {
String maxSessionString = moduleConfig.getChildValue(CONFIG_ADMIN_MAX_SESSION);
if (maxSessionString != null) {
try {
int maxSession = Integer.parseInt(maxSessionString);
AuthHelper.setMaxSessions(maxSession);
Tracing.logInfo("Set limit number of session to=" + maxSession, this.getClass());
} catch(NumberFormatException ex) {
Tracing.logInfo("AdminModule : Cannot set limit number of session " + CONFIG_ADMIN_MAX_SESSION + "=" + maxSessionString + " (must be a integer)", this.getClass());
}
} }
/**
* Check if system property for maintenance message exists, create one if it
* doesn't
* This generated token is used by the remote http maintenance message
* setting mechanism, see method below
* @param tokenPropertyName
*/
private void initializeSystemTokenProperty(String tokenPropertyName) {
PropertyManager pm = PropertyManager.getInstance();
Property p = pm.findProperty(null, null, null, SYSTEM_PROPERTY_CATEGORY, tokenPropertyName);
if (p == null) {
String token = RandomStringUtils.randomAlphanumeric(8);
p = pm.createPropertyInstance(null, null, null, SYSTEM_PROPERTY_CATEGORY, tokenPropertyName, null, null, token, null);
pm.saveProperty(p);
}
}
/**
* @see org.olat.core.configuration.OLATModule#destroy()
*/
public void destroy() {
// Cleanup registration event listeners
SystemRegistrationManager.getInstance().destroy();
}
/**
* Sets the new maintenance message based on a http parameter. The request must use a valid
* token. The token can be looked up in the properties table.
* The maintenance message itself is managed by the OLATContext from the brasato core
* @param message
*/
public static void setMaintenanceMessage(String message) {
GlobalStickyMessage.setGlobalStickyMessage(message, true);
}
public static boolean checkMaintenanceMessageToken(HttpServletRequest request, HttpServletResponse response) {
return checkToken(request, PROPERTY_MAINTENANCE_MESSAGE);
}
public static boolean checkSessionAdminToken(HttpServletRequest request, HttpServletResponse response) {
return checkToken(request, PROPERTY_SESSION_ADMINISTRATION);
}
private static boolean checkToken(HttpServletRequest request, String tokenPropertyName) {
String submittedToken = request.getParameter("token");
if (submittedToken == null) {
Tracing.logAudit("Trying to set maintenance message without using a token. Remote address::" + request.getRemoteAddr(), AdminModule.class);
return false;
}
// get token and compate
PropertyManager pm = PropertyManager.getInstance();
Property p = pm.findProperty(null, null, null, AdminModule.SYSTEM_PROPERTY_CATEGORY, tokenPropertyName);
String token = (p == null ? "" : p.getStringValue());
if (token.matches(submittedToken)) { // limit access to token
return true;
} else {
Tracing.logAudit("Trying to set maintenance message using a wrong token. Remote address::" + request.getRemoteAddr(), AdminModule.class);
return false;
}
}
/**
* Does not allow any further login except administrator-logins.
* @param newLoginBlocked
*/
public static void setLoginBlocked(boolean newLoginBlocked) {
Tracing.logAudit("Session administration: Set login-blocked=" + newLoginBlocked, AdminModule.class);
AuthHelper.setLoginBlocked(newLoginBlocked);
}
/**
* Check if login is blocked
* @return true = login is blocked
*/
public static boolean isLoginBlocked() {
return AuthHelper.isLoginBlocked();
}
/**
* Set the rejectDMZRequests flag - if true this will reject all requests to dmz to other nodes
* @param rejectDMZRequests
*/
public static void setRejectDMZRequests(boolean rejectDMZRequests) {
Tracing.logAudit("Session administration: Set rejectDMZRequests=" + rejectDMZRequests, AdminModule.class);
AuthHelper.setRejectDMZRequests(rejectDMZRequests);
}
/**
* Check if requests to DMZ are rejected resulting in clients to go to another node
* @return true = reject all requests to dmz (to other nodes)
*/
public static boolean isRejectDMZRequests() {
return AuthHelper.isRejectDMZRequests();
}
/**
* Set limit for session. The login-process check this number and allows only this number of sessions.
* 0 = unlimited number of sessions
* @param maxSession
*/
public static void setMaxSessions(int maxSession) {
Tracing.logAudit("Session administration: Set maxSession=" + maxSession, AdminModule.class);
AuthHelper.setMaxSessions(maxSession);
}
/**
* Invalidated all session except administrator-sessions.
* @return Number of invalidated sessions
*/
public static int invalidateAllSessions() {
Tracing.logAudit("Session administration: Invalidate all sessions.", AdminModule.class);
return UserSession.invalidateAllSessions();
}
/**
* Invalidate a number of oldest (last-click time) sessions.
* @param nbrSessions
* @return Number of invalidated sessions
*/
public static int invalidateOldestSessions(int nbrSessions) {
Tracing.logAudit("Session administration: Invalidate oldest sessions Nbr-Sessions=" + nbrSessions, AdminModule.class);
return UserSession.invalidateOldestSessions(nbrSessions);
}
/**
* Set global session timeout in msec.
* @param sessionTimeout
*/
public static void setSessionTimeout(int sessionTimeout) {
Tracing.logAudit("Session administration: Set session-timeout=" + sessionTimeout, AdminModule.class);
//in seconds
UserSession.setGlobalSessionTimeout(sessionTimeout);
//in milliseconds for presence job
ChangePresenceJob.setAutoLogOutCutTimeValue(sessionTimeout*1000);
}
/**
* @return Current session timeout in msec.
*/
public static int getSessionTimeout() {
//changepresencejob holds the session timeout so far in milliseconds
int sessionTimeoutSeconds = Math.round((ChangePresenceJob.getAutoLogOutCutTimeValue() / 1000));
return sessionTimeoutSeconds;
}
/**
* @return Current session-limit.
*/
public static int getMaxSessions() {
return AuthHelper.getMaxSessions();
}
/**
* Enable hibernate-statistics (for JMX interface).
*/
public void enableHibernateStatistics(boolean enableStatistics) {
if (enableStatistics) {
// clear statistics when enable it
DBFactory.getInstance().getStatistics().clear();
}
DBFactory.getInstance().getStatistics().setStatisticsEnabled(enableStatistics);
}
}