Index: lams_bb_integration/src/org/lamsfoundation/ld/integration/blackboard/LamsSecurityUtil.java =================================================================== diff -u -r81854e6f4d7d41dd0aae5150b0be193bd7790f1f -r6e9eb68ce0a5a3982f117119a09beb9e4425326e --- lams_bb_integration/src/org/lamsfoundation/ld/integration/blackboard/LamsSecurityUtil.java (.../LamsSecurityUtil.java) (revision 81854e6f4d7d41dd0aae5150b0be193bd7790f1f) +++ lams_bb_integration/src/org/lamsfoundation/ld/integration/blackboard/LamsSecurityUtil.java (.../LamsSecurityUtil.java) (revision 6e9eb68ce0a5a3982f117119a09beb9e4425326e) @@ -61,11 +61,13 @@ * @param ctx * the blackboard contect, contains session data * @param method - * the mehtod to request of LAMS "author", "monitor", "learner" + * the mehtod to request of LAMS "author", "monitor", "learnerStrictAuth" + * @param lsid + * lesson id. It is expected to be present in case of "monitor" and "learnerStrictAuth" * @return a url pointing to the LAMS lesson, monitor, author session * @throws Exception */ - public static String generateRequestURL(Context ctx, String method) { + public static String generateRequestURL(Context ctx, String method, String lsid) { String serverAddr = getServerAddress(); String serverId = getServerID(); @@ -81,7 +83,7 @@ String firstName = ctx.getUser().getGivenName(); String lastName = ctx.getUser().getFamilyName(); String email = ctx.getUser().getEmailAddress(); - String hash = generateAuthenticationHash(timestamp, username, method, serverId); + String hash = generateAuthenticationHash(timestamp, username, method, lsid, serverId); String courseId = ctx.getCourse().getCourseId(); String locale = ctx.getUser().getLocale(); @@ -96,6 +98,10 @@ + URLEncoder.encode(reqSrc, "UTF8") + "&firstName=" + URLEncoder.encode(firstName, "UTF-8") + "&lastName=" + URLEncoder.encode(lastName, "UTF-8") + "&email=" + URLEncoder.encode(email, "UTF-8"); + + if ("learnerStrictAuth".equals(method) || "monitor".equals(method)) { + url += "&lsid=" + lsid; + } } catch (UnsupportedEncodingException e) { throw new RuntimeException(e); @@ -425,11 +431,16 @@ // } // generate authentication hash code to validate parameters - public static String generateAuthenticationHash(String datetime, String login, String method, String serverId) { + public static String generateAuthenticationHash(String datetime, String login, String method, String lsid, String serverId) { String secretkey = LamsPluginUtil.getSecretKey(); - String plaintext = datetime.toLowerCase().trim() + login.toLowerCase().trim() + method.toLowerCase().trim() - + serverId.toLowerCase().trim() + secretkey.toLowerCase().trim(); + //in case of learnerStrictAuth we should also include lsid value when creating hash: [ts + uid + method + lsid + serverID + serverKey] + //regular case: [ts + uid + method + serverID + serverKey] + String plaintext = "learnerStrictAuth".equals(method) ? datetime.toLowerCase().trim() + + login.toLowerCase().trim() + method.toLowerCase().trim() + lsid.toLowerCase().trim() + + serverId.toLowerCase().trim() + secretkey.toLowerCase().trim() : datetime.toLowerCase().trim() + + login.toLowerCase().trim() + method.toLowerCase().trim() + serverId.toLowerCase().trim() + + secretkey.toLowerCase().trim(); String hash = sha1(plaintext); return hash; Index: lams_bb_integration/web/modules/create.jsp =================================================================== diff -u -rb7e06dae16f6240a1de8e6d9d13ddbb1c23f1c6b -r6e9eb68ce0a5a3982f117119a09beb9e4425326e --- lams_bb_integration/web/modules/create.jsp (.../create.jsp) (revision b7e06dae16f6240a1de8e6d9d13ddbb1c23f1c6b) +++ lams_bb_integration/web/modules/create.jsp (.../create.jsp) (revision 6e9eb68ce0a5a3982f117119a09beb9e4425326e) @@ -37,7 +37,7 @@ } // Get the Login Request URL for authoring LAMS Lessons - String authorUrl = LamsSecurityUtil.generateRequestURL(ctx, "author"); + String authorUrl = LamsSecurityUtil.generateRequestURL(ctx, "author", null); // Get the list of Learning Designs //String learningDesigns = LamsSecurityUtil.getLearningDesigns(ctx, 2); Index: lams_bb_integration/web/modules/learnermonitor.jsp =================================================================== diff -u -r73b15901d976f33952217ba1c2eedae29319decb -r6e9eb68ce0a5a3982f117119a09beb9e4425326e --- lams_bb_integration/web/modules/learnermonitor.jsp (.../learnermonitor.jsp) (revision 73b15901d976f33952217ba1c2eedae29319decb) +++ lams_bb_integration/web/modules/learnermonitor.jsp (.../learnermonitor.jsp) (revision 6e9eb68ce0a5a3982f117119a09beb9e4425326e) @@ -45,9 +45,9 @@ // Get the LAMS access URLs String lsid = request.getParameter("lsid"); - String learnerUrl = LamsSecurityUtil.generateRequestURL(ctx, "learner") + "&lsid=" + lsid; - String monitorUrl = LamsSecurityUtil.generateRequestURL(ctx, "monitor") + "&lsid=" + lsid; - String liveEditUrl = LamsSecurityUtil.generateRequestURL(ctx, "author"); + String learnerUrl = LamsSecurityUtil.generateRequestURL(ctx, "learnerStrictAuth", lsid); + String monitorUrl = LamsSecurityUtil.generateRequestURL(ctx, "monitor", lsid); + String liveEditUrl = LamsSecurityUtil.generateRequestURL(ctx, "author", null); // Get Course ID and Session User ID BbPersistenceManager bbPm = BbServiceManager.getPersistenceService().getDbPersistenceManager(); Index: lams_bb_integration/web/modules/preview.jsp =================================================================== diff -u -re145b2587e58d80c54fb208848e06d290c5473cd -r6e9eb68ce0a5a3982f117119a09beb9e4425326e --- lams_bb_integration/web/modules/preview.jsp (.../preview.jsp) (revision e145b2587e58d80c54fb208848e06d290c5473cd) +++ lams_bb_integration/web/modules/preview.jsp (.../preview.jsp) (revision 6e9eb68ce0a5a3982f117119a09beb9e4425326e) @@ -65,7 +65,7 @@ } //redirect to preview lesson - String previewUrl = LamsSecurityUtil.generateRequestURL(ctx, "learner") + "&lsid=" + lsId; + String previewUrl = LamsSecurityUtil.generateRequestURL(ctx, "learnerStrictAuth", lsId); response.sendRedirect(previewUrl); %>