[Fix] invalidate sessions when user is removed
This commit is contained in:
parent
33030564e0
commit
0d3acc13ff
|
@ -579,6 +579,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_REMOVE_USER, new Tuple(null, existingUser)));
|
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_REMOVE_USER, new Tuple(null, existingUser)));
|
||||||
|
|
||||||
// delegate user removal to persistence handler
|
// delegate user removal to persistence handler
|
||||||
|
invalidSessionsFor(existingUser);
|
||||||
this.persistenceHandler.removeUser(username);
|
this.persistenceHandler.removeUser(username);
|
||||||
|
|
||||||
logger.info("Removed user " + username);
|
logger.info("Removed user " + username);
|
||||||
|
@ -1070,6 +1071,19 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void invalidSessionsFor(User user) {
|
||||||
|
List<PrivilegeContext> ctxs;
|
||||||
|
synchronized (this.privilegeContextMap) {
|
||||||
|
ctxs = new ArrayList<>(this.privilegeContextMap.values());
|
||||||
|
}
|
||||||
|
|
||||||
|
for (PrivilegeContext ctx : ctxs) {
|
||||||
|
if (ctx.getUserRep().getUsername().equals(user.getUsername())) {
|
||||||
|
invalidate(ctx.getCertificate());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void initiateChallengeFor(Usage usage, String username) {
|
public void initiateChallengeFor(Usage usage, String username) {
|
||||||
initiateChallengeFor(usage, username, SOURCE_UNKNOWN);
|
initiateChallengeFor(usage, username, SOURCE_UNKNOWN);
|
||||||
|
|
Loading…
Reference in New Issue