diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java index 8fcb14fe9..e650892d2 100644 --- a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java +++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java @@ -570,6 +570,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler { logger.info("Updated user " + newUser.getUsername()); + // update any existing sessions for this user + updateExistingSessionsForUser(newUser); + return newUser.asUserRep(); } @@ -644,6 +647,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler { logger.info("Added role " + roleName + " to " + newUser.getUsername()); + // update any existing sessions for this user + updateExistingSessionsForUser(newUser); + return newUser.asUserRep(); } @@ -685,6 +691,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler { logger.info("Removed role " + roleName + " from " + newUser.getUsername()); + // update any existing sessions for this user + updateExistingSessionsForUser(newUser); + return newUser.asUserRep(); } @@ -882,6 +891,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler { logger.info("Replaced role " + newRole.getName()); + // update any existing certificates with new role + updateExistingSessionsWithNewRole(newRole); + return newRole.asRoleRep(); } @@ -974,6 +986,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler { logger.info("Added/replaced privilege " + privilegeRep.getName() + " to " + roleName); + // update any existing certificates with new role + updateExistingSessionsWithNewRole(newRole); + return newRole.asRoleRep(); } @@ -1017,9 +1032,56 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler { logger.info("Removed privilege " + privilegeName + " from " + roleName); + // update any existing certificates with new role + updateExistingSessionsWithNewRole(newRole); + return newRole.asRoleRep(); } + /** + * Replaces any existing {@link PrivilegeContext} for the given user by updating with the new user object + * + * @param newUser + * the new user to update with + */ + private void updateExistingSessionsForUser(User newUser) { + synchronized (this.privilegeContextMap) { + List ctxs = new ArrayList<>(this.privilegeContextMap.values()); + for (PrivilegeContext ctx : ctxs) { + if (ctx.getUserRep().getUsername().equals(newUser.getUsername())) { + Certificate cert = ctx.getCertificate(); + cert = buildCertificate(cert.getUsage(), newUser, cert.getAuthToken(), cert.getSessionId()); + PrivilegeContext privilegeContext = buildPrivilegeContext(cert, newUser); + this.privilegeContextMap.put(cert.getSessionId(), privilegeContext); + } + } + } + } + + /** + * Replaces any existing {@link PrivilegeContext} for users with the given role + * + * @param role + * the role to update with + */ + private void updateExistingSessionsWithNewRole(Role role) { + synchronized (this.privilegeContextMap) { + List ctxs = new ArrayList<>(this.privilegeContextMap.values()); + for (PrivilegeContext ctx : ctxs) { + if (ctx.getUserRep().hasRole(role.getName())) { + User user = this.persistenceHandler.getUser(ctx.getUsername()); + if (user == null) + continue; + + Certificate cert = ctx.getCertificate(); + cert = buildCertificate(cert.getUsage(), user, cert.getAuthToken(), cert.getSessionId()); + PrivilegeContext privilegeContext = buildPrivilegeContext(cert, user); + this.privilegeContextMap.put(cert.getSessionId(), privilegeContext); + } + } + } + } + @Override public void initiateChallengeFor(Usage usage, String username) { @@ -1570,7 +1632,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler { // validate privilege conflicts validatePrivilegeConflicts(); - this.privilegeContextMap = Collections.synchronizedMap(new HashMap()); + this.privilegeContextMap = Collections.synchronizedMap(new HashMap<>()); loadSessions(); diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/model/Certificate.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/model/Certificate.java index 926475b8f..2e239e97f 100644 --- a/li.strolch.privilege/src/main/java/li/strolch/privilege/model/Certificate.java +++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/model/Certificate.java @@ -117,6 +117,7 @@ public final class Certificate implements Serializable { this.propertyMap = Collections.unmodifiableMap(propertyMap); this.userRoles = Collections.unmodifiableSet(userRoles); + this.lastAccess = new Date(); } /** diff --git a/li.strolch.service/src/main/java/li/strolch/service/privilege/roles/PrivilageAddOrReplacePrivilegeOnRoleCommand.java b/li.strolch.service/src/main/java/li/strolch/service/privilege/roles/PrivilageAddOrReplacePrivilegeOnRoleCommand.java deleted file mode 100644 index 37d8344b0..000000000 --- a/li.strolch.service/src/main/java/li/strolch/service/privilege/roles/PrivilageAddOrReplacePrivilegeOnRoleCommand.java +++ /dev/null @@ -1,31 +0,0 @@ -package li.strolch.service.privilege.roles; - -import li.strolch.agent.api.ComponentContainer; -import li.strolch.persistence.api.StrolchTransaction; -import li.strolch.service.api.Command; - -public class PrivilageAddOrReplacePrivilegeOnRoleCommand extends Command { - - public PrivilageAddOrReplacePrivilegeOnRoleCommand(ComponentContainer container, StrolchTransaction tx) { - super(container, tx); - } - - @Override - public void validate() { - // TODO Auto-generated method stub - - } - - @Override - public void doCommand() { - // TODO Auto-generated method stub - - } - - @Override - public void undo() { - // TODO Auto-generated method stub - - } - -}