Index: lams_bb_integration/src/org/lamsfoundation/ld/integration/blackboard/LamsSecurityUtil.java =================================================================== diff -u -re1b434f44fc40d89c93b91e87bc65a110f030f71 -ra6321ec69f3de68d5f6cbdc44f20edf5ca42e6f8 --- lams_bb_integration/src/org/lamsfoundation/ld/integration/blackboard/LamsSecurityUtil.java (.../LamsSecurityUtil.java) (revision e1b434f44fc40d89c93b91e87bc65a110f030f71) +++ lams_bb_integration/src/org/lamsfoundation/ld/integration/blackboard/LamsSecurityUtil.java (.../LamsSecurityUtil.java) (revision a6321ec69f3de68d5f6cbdc44f20edf5ca42e6f8) @@ -61,11 +61,13 @@ * @param ctx * the blackboard contect, contains session data * @param method - * the mehtod to request of LAMS "author", "monitor", "learner" + * the mehtod to request of LAMS "author", "monitor", "learnerStrictAuth" + * @param lsid + * lesson id. It is expected to be present in case of "monitor" and "learnerStrictAuth" * @return a url pointing to the LAMS lesson, monitor, author session * @throws Exception */ - public static String generateRequestURL(Context ctx, String method) { + public static String generateRequestURL(Context ctx, String method, String lsid) { String serverAddr = getServerAddress(); String serverId = getServerID(); @@ -81,7 +83,7 @@ String firstName = ctx.getUser().getGivenName(); String lastName = ctx.getUser().getFamilyName(); String email = ctx.getUser().getEmailAddress(); - String hash = generateAuthenticationHash(timestamp, username, method, serverId); + String hash = generateAuthenticationHash(timestamp, username, method, lsid, serverId); String courseId = ctx.getCourse().getCourseId(); String locale = ctx.getUser().getLocale(); @@ -96,6 +98,10 @@ + URLEncoder.encode(reqSrc, "UTF8") + "&firstName=" + URLEncoder.encode(firstName, "UTF-8") + "&lastName=" + URLEncoder.encode(lastName, "UTF-8") + "&email=" + URLEncoder.encode(email, "UTF-8"); + + if ("learnerStrictAuth".equals(method) || "monitor".equals(method)) { + url += "&lsid=" + lsid; + } } catch (UnsupportedEncodingException e) { throw new RuntimeException(e); @@ -425,11 +431,16 @@ // } // generate authentication hash code to validate parameters - public static String generateAuthenticationHash(String datetime, String login, String method, String serverId) { + public static String generateAuthenticationHash(String datetime, String login, String method, String lsid, String serverId) { String secretkey = LamsPluginUtil.getSecretKey(); - String plaintext = datetime.toLowerCase().trim() + login.toLowerCase().trim() + method.toLowerCase().trim() - + serverId.toLowerCase().trim() + secretkey.toLowerCase().trim(); + //in case of learnerStrictAuth we should also include lsid value when creating hash: [ts + uid + method + lsid + serverID + serverKey] + //regular case: [ts + uid + method + serverID + serverKey] + String plaintext = "learnerStrictAuth".equals(method) ? datetime.toLowerCase().trim() + + login.toLowerCase().trim() + method.toLowerCase().trim() + lsid.toLowerCase().trim() + + serverId.toLowerCase().trim() + secretkey.toLowerCase().trim() : datetime.toLowerCase().trim() + + login.toLowerCase().trim() + method.toLowerCase().trim() + serverId.toLowerCase().trim() + + secretkey.toLowerCase().trim(); String hash = sha1(plaintext); return hash; Index: lams_bb_integration/web/modules/create.jsp =================================================================== diff -u -r073f61a2b4aa920c35875d8b0c57a11d7e15ec04 -ra6321ec69f3de68d5f6cbdc44f20edf5ca42e6f8 --- lams_bb_integration/web/modules/create.jsp (.../create.jsp) (revision 073f61a2b4aa920c35875d8b0c57a11d7e15ec04) +++ lams_bb_integration/web/modules/create.jsp (.../create.jsp) (revision a6321ec69f3de68d5f6cbdc44f20edf5ca42e6f8) @@ -37,7 +37,7 @@ } // Get the Login Request URL for authoring LAMS Lessons - String authorUrl = LamsSecurityUtil.generateRequestURL(ctx, "author"); + String authorUrl = LamsSecurityUtil.generateRequestURL(ctx, "author", null); // Get the list of Learning Designs //String learningDesigns = LamsSecurityUtil.getLearningDesigns(ctx, 2); Index: lams_bb_integration/web/modules/learnermonitor.jsp =================================================================== diff -u -rbcf5c4bc34b90e43231b3545e1280c37912b1c42 -ra6321ec69f3de68d5f6cbdc44f20edf5ca42e6f8 --- lams_bb_integration/web/modules/learnermonitor.jsp (.../learnermonitor.jsp) (revision bcf5c4bc34b90e43231b3545e1280c37912b1c42) +++ lams_bb_integration/web/modules/learnermonitor.jsp (.../learnermonitor.jsp) (revision a6321ec69f3de68d5f6cbdc44f20edf5ca42e6f8) @@ -45,9 +45,9 @@ // Get the LAMS access URLs String lsid = request.getParameter("lsid"); - String learnerUrl = LamsSecurityUtil.generateRequestURL(ctx, "learner") + "&lsid=" + lsid; - String monitorUrl = LamsSecurityUtil.generateRequestURL(ctx, "monitor") + "&lsid=" + lsid; - String liveEditUrl = LamsSecurityUtil.generateRequestURL(ctx, "author"); + String learnerUrl = LamsSecurityUtil.generateRequestURL(ctx, "learnerStrictAuth", lsid); + String monitorUrl = LamsSecurityUtil.generateRequestURL(ctx, "monitor", lsid); + String liveEditUrl = LamsSecurityUtil.generateRequestURL(ctx, "author", null); // Get Course ID and Session User ID BbPersistenceManager bbPm = BbServiceManager.getPersistenceService().getDbPersistenceManager(); Index: lams_bb_integration/web/modules/preview.jsp =================================================================== diff -u -rceb0cd59c019481da796281a115e4d2e61034b25 -ra6321ec69f3de68d5f6cbdc44f20edf5ca42e6f8 --- lams_bb_integration/web/modules/preview.jsp (.../preview.jsp) (revision ceb0cd59c019481da796281a115e4d2e61034b25) +++ lams_bb_integration/web/modules/preview.jsp (.../preview.jsp) (revision a6321ec69f3de68d5f6cbdc44f20edf5ca42e6f8) @@ -65,7 +65,7 @@ } //redirect to preview lesson - String previewUrl = LamsSecurityUtil.generateRequestURL(ctx, "learner") + "&lsid=" + lsId; + String previewUrl = LamsSecurityUtil.generateRequestURL(ctx, "learnerStrictAuth", lsId); response.sendRedirect(previewUrl); %>