Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[New] changed session ID to be a UUID

This commit is contained in:
Robert von Burg 2015-03-15 11:03:23 +01:00
parent c2f4d7468b
commit 6ccb4425cc
1 changed files with 3 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/main/java/ch/eitchnet/privilege/handler/DefaultPrivilegeHandler.java
View File

@ -27,6 +27,7 @@ import java.util.Locale;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import java.util.stream.Stream;
@ -78,11 +79,6 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
*/
protected static final Logger logger = LoggerFactory.getLogger(DefaultPrivilegeHandler.class);
/**
* last assigned id for the {@link Certificate}s
*/
private long lastSessionId;
/**
* Map keeping a reference to all active sessions
*/
@ -1000,7 +996,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
String authToken = this.encryptionHandler.convertToHash(this.encryptionHandler.nextToken());
// get next session id
String sessionId = nextSessionId();
String sessionId = UUID.randomUUID().toString();
// create a new certificate, with details of the user
certificate = new Certificate(sessionId, new Date(), username, user.getFirstname(), user.getLastname(),
@ -1329,7 +1325,6 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
// validate privilege conflicts
validatePrivilegeConflicts();
this.lastSessionId = 0l;
this.privilegeContextMap = Collections.synchronizedMap(new HashMap<String, PrivilegeContext>());
this.initialized = true;
}
@ -1426,13 +1421,6 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
}
/**
* @return a new session id
*/
private synchronized String nextSessionId() {
return Long.toString(++this.lastSessionId % Long.MAX_VALUE);
}
/**
* Passwords should not be kept as strings, as string are immutable, this method thus clears the byte array so that
* the password is not in memory anymore
@ -1552,7 +1540,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
String authToken = this.encryptionHandler.nextToken();
// get next session id
String sessionId = nextSessionId();
String sessionId = UUID.randomUUID().toString();
// create a new certificate, with details of the user
Certificate systemUserCertificate = new Certificate(sessionId, new Date(), systemUsername, user.getFirstname(),