Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Fix] invalidate sessions when user is removed

This commit is contained in:
Robert von Burg 2019-04-04 19:27:28 +02:00
parent 33030564e0
commit 0d3acc13ff
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
View File

@ -579,6 +579,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_REMOVE_USER, new Tuple(null, existingUser)));
// delegate user removal to persistence handler
invalidSessionsFor(existingUser);
this.persistenceHandler.removeUser(username);
logger.info("Removed user " + username);
@ -1070,6 +1071,19 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
}
private void invalidSessionsFor(User user) {
List<PrivilegeContext> ctxs;
synchronized (this.privilegeContextMap) {
ctxs = new ArrayList<>(this.privilegeContextMap.values());
}
for (PrivilegeContext ctx : ctxs) {
if (ctx.getUserRep().getUsername().equals(user.getUsername())) {
invalidate(ctx.getCertificate());
}
}
}
@Override
public void initiateChallengeFor(Usage usage, String username) {
initiateChallengeFor(usage, username, SOURCE_UNKNOWN);