[New] Implemented UserSessionsService methods properly
This commit is contained in:
parent
c07d4553a1
commit
172f384680
|
@ -21,6 +21,7 @@ import java.time.LocalDateTime;
|
|||
import java.time.ZoneId;
|
||||
import java.time.temporal.ChronoUnit;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
|
@ -41,6 +42,7 @@ import org.slf4j.Logger;
|
|||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import ch.eitchnet.privilege.base.AccessDeniedException;
|
||||
import ch.eitchnet.privilege.base.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.PrivilegeContext;
|
||||
import ch.eitchnet.privilege.model.SimpleRestrictable;
|
||||
|
@ -51,8 +53,11 @@ import ch.eitchnet.utils.dbc.DBC;
|
|||
*/
|
||||
public class DefaultStrolchSessionHandler extends StrolchComponent implements StrolchSessionHandler {
|
||||
|
||||
public static final String PRIVILEGE_INVALIDATE_SESSION = "InvalidateSession";
|
||||
public static final String PRIVILEGE_GET_SESSION = "GetSession";
|
||||
public static final String PARAM_SESSION_TTL_MINUTES = "session.ttl.minutes"; //$NON-NLS-1$
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(DefaultStrolchSessionHandler.class);
|
||||
private static final String PARAM_SESSION_TTL_MINUTES = "session.ttl.minutes"; //$NON-NLS-1$
|
||||
private PrivilegeHandler privilegeHandler;
|
||||
private Map<String, Certificate> certificateMap;
|
||||
private long sessionTtl;
|
||||
|
@ -75,7 +80,7 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St
|
|||
@Override
|
||||
public void start() {
|
||||
this.privilegeHandler = getContainer().getComponent(PrivilegeHandler.class);
|
||||
this.certificateMap = new HashMap<>();
|
||||
this.certificateMap = Collections.synchronizedMap(new HashMap<>());
|
||||
|
||||
this.sessionTimeoutTimer = new Timer("SessionTimeoutTimer", true); //$NON-NLS-1$
|
||||
long checkInterval = TimeUnit.MINUTES.toMillis(1);
|
||||
|
@ -203,28 +208,32 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St
|
|||
@Override
|
||||
public UserSession getSession(Certificate certificate, String sessionId) {
|
||||
PrivilegeContext ctx = this.privilegeHandler.getPrivilegeContext(certificate);
|
||||
ctx.assertHasPrivilege("GetSession");
|
||||
for (Certificate cert : certificateMap.values()) {
|
||||
if (cert.getSessionId().equals(sessionId)) {
|
||||
ctx.validateAction(new SimpleRestrictable("GetSession", cert));
|
||||
return new UserSession(cert);
|
||||
ctx.assertHasPrivilege(PRIVILEGE_GET_SESSION);
|
||||
synchronized (this.certificateMap) {
|
||||
for (Certificate cert : certificateMap.values()) {
|
||||
if (cert.getSessionId().equals(sessionId)) {
|
||||
ctx.validateAction(new SimpleRestrictable(PRIVILEGE_GET_SESSION, cert));
|
||||
return new UserSession(cert);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
throw new PrivilegeException("No Session exists with the id " + sessionId);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserSession> getSessions(Certificate certificate) {
|
||||
PrivilegeContext ctx = this.privilegeHandler.getPrivilegeContext(certificate);
|
||||
ctx.assertHasPrivilege("GetSession");
|
||||
ctx.assertHasPrivilege(PRIVILEGE_GET_SESSION);
|
||||
List<UserSession> sessions = new ArrayList<>(this.certificateMap.size());
|
||||
for (Certificate cert : certificateMap.values()) {
|
||||
try {
|
||||
ctx.validateAction(new SimpleRestrictable("GetSession", cert));
|
||||
sessions.add(new UserSession(cert));
|
||||
} catch (AccessDeniedException e) {
|
||||
// so no, user may not get this session
|
||||
synchronized (this.certificateMap) {
|
||||
for (Certificate cert : certificateMap.values()) {
|
||||
try {
|
||||
ctx.validateAction(new SimpleRestrictable(PRIVILEGE_GET_SESSION, cert));
|
||||
sessions.add(new UserSession(cert));
|
||||
} catch (AccessDeniedException e) {
|
||||
// no, user may not get this session
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -234,25 +243,39 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St
|
|||
@Override
|
||||
public void invalidateSession(Certificate certificate, String sessionId) {
|
||||
PrivilegeContext ctx = this.privilegeHandler.getPrivilegeContext(certificate);
|
||||
ctx.assertHasPrivilege("InvalidateSession");
|
||||
for (Certificate cert : certificateMap.values()) {
|
||||
ctx.assertHasPrivilege(PRIVILEGE_INVALIDATE_SESSION);
|
||||
|
||||
Map<String, Certificate> map;
|
||||
synchronized (this.certificateMap) {
|
||||
map = new HashMap<>(this.certificateMap);
|
||||
}
|
||||
boolean ok = false;
|
||||
for (Certificate cert : map.values()) {
|
||||
if (cert.getSessionId().equals(sessionId)) {
|
||||
ctx.validateAction(new SimpleRestrictable("InvalidateSession", cert));
|
||||
ctx.validateAction(new SimpleRestrictable(PRIVILEGE_INVALIDATE_SESSION, cert));
|
||||
invalidate(cert);
|
||||
ok = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!ok) {
|
||||
throw new PrivilegeException("Can not invalidate session as no session exists with the id " + sessionId);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setSessionLocale(Certificate certificate, String sessionId, Locale locale) {
|
||||
if (!certificate.getSessionId().equals(sessionId)) {
|
||||
String msg = "User''s can only change their own session locale: {0} may not change locale of session {1}";
|
||||
String msg = "User's can only change their own session locale: {0} may not change locale of session {1}";
|
||||
throw new AccessDeniedException(MessageFormat.format(msg, certificate.getUsername(), sessionId));
|
||||
}
|
||||
|
||||
for (Certificate cert : certificateMap.values()) {
|
||||
if (cert.getSessionId().equals(sessionId)) {
|
||||
cert.setLocale(locale);
|
||||
synchronized (this.certificateMap) {
|
||||
for (Certificate cert : certificateMap.values()) {
|
||||
if (cert.getSessionId().equals(sessionId)) {
|
||||
cert.setLocale(locale);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -21,15 +21,22 @@ import li.strolch.rest.StrolchRestfulConstants;
|
|||
import li.strolch.rest.StrolchSessionHandler;
|
||||
import li.strolch.rest.model.Result;
|
||||
import li.strolch.rest.model.UserSession;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
|
||||
@Path("strolch/sessions")
|
||||
public class UserSessionsService {
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(UserSessionsService.class);
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getSessions(@Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
logger.info("[" + cert.getUsername() + "] Returning all sessions...");
|
||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
||||
List<UserSession> sessions = sessionHandler.getSessions(cert);
|
||||
GenericEntity<List<UserSession>> entity = new GenericEntity<List<UserSession>>(sessions) {
|
||||
|
@ -42,6 +49,7 @@ public class UserSessionsService {
|
|||
@Path("{sessionId}")
|
||||
public Response getSession(@Context HttpServletRequest request, @PathParam("sessionId") String sessionId) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
logger.info("[" + cert.getUsername() + "] Returning session " + sessionId);
|
||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
||||
UserSession session = sessionHandler.getSession(cert, sessionId);
|
||||
return Response.ok(session, MediaType.APPLICATION_JSON).build();
|
||||
|
@ -52,6 +60,7 @@ public class UserSessionsService {
|
|||
@Path("{sessionId}")
|
||||
public Response invalidateSession(@Context HttpServletRequest request, @PathParam("sessionId") String sessionId) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
logger.info("[" + cert.getUsername() + "] Invalidating session " + sessionId);
|
||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
||||
sessionHandler.invalidateSession(cert, sessionId);
|
||||
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||
|
@ -63,6 +72,7 @@ public class UserSessionsService {
|
|||
public Response setSessionLocale(@Context HttpServletRequest request, @PathParam("sessionId") String sessionId,
|
||||
@PathParam("locale") String localeS) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
logger.info("[" + cert.getUsername() + "] Setting locale of session " + sessionId + " to " + localeS);
|
||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
||||
Locale locale;
|
||||
try {
|
||||
|
|
|
@ -33,6 +33,10 @@ public class UserSession {
|
|||
@XmlAttribute(name = "lastAccess")
|
||||
private Date lastAccess;
|
||||
|
||||
public UserSession() {
|
||||
// no-arg constructor for JAXB
|
||||
}
|
||||
|
||||
public UserSession(Certificate certificate) {
|
||||
this.sessionId = certificate.getSessionId();
|
||||
this.loginTime = certificate.getLoginTime();
|
||||
|
|
Loading…
Reference in New Issue