From 91a08057c1ab366d2f1e6d42a47c47317b408717 Mon Sep 17 00:00:00 2001 From: Robert von Burg Date: Sun, 5 Apr 2015 01:27:50 +0200 Subject: [PATCH] [Minor] fixed session timeout not being audit action timeout --- .../li/strolch/runtime/StrolchConstants.java | 3 +++ .../DefaultStrolchPrivilegeHandler.java | 19 +++++++++++++++++-- .../runtime/privilege/PrivilegeHandler.java | 7 +++++++ .../rest/DefaultStrolchSessionHandler.java | 17 +++++++++++++++-- 4 files changed, 42 insertions(+), 4 deletions(-) diff --git a/li.strolch.agent/src/main/java/li/strolch/runtime/StrolchConstants.java b/li.strolch.agent/src/main/java/li/strolch/runtime/StrolchConstants.java index d8a91ccb4..f6564cbe0 100644 --- a/li.strolch.agent/src/main/java/li/strolch/runtime/StrolchConstants.java +++ b/li.strolch.agent/src/main/java/li/strolch/runtime/StrolchConstants.java @@ -69,6 +69,9 @@ public class StrolchConstants { public static final String PRIVILEGE = "Privilege"; //$NON-NLS-1$ public static final String CERTIFICATE = "Certificate"; //$NON-NLS-1$ + public static final String LOGIN = "Login"; //$NON-NLS-1$ + public static final String LOGOUT = "Logout"; //$NON-NLS-1$ + public static final String SESSION_TIME_OUT = "SessionTimeout"; //$NON-NLS-1$ public static final String ROLE = "Role"; //$NON-NLS-1$ public static final String USER = "User"; //$NON-NLS-1$ diff --git a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java index b81113b51..81fab4e85 100644 --- a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java +++ b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java @@ -117,7 +117,7 @@ public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements try { Certificate certificate = this.privilegeHandler.authenticate(username, password); StrolchRealm realm = getContainer().getRealm(certificate); - try (StrolchTransaction tx = realm.openTx(certificate, getClass())) { + try (StrolchTransaction tx = realm.openTx(certificate, StrolchPrivilegeConstants.LOGIN)) { tx.setSuppressDoNothingLogging(true); tx.setSuppressAudits(true); Audit audit = tx.auditFrom(AccessType.CREATE, StrolchPrivilegeConstants.PRIVILEGE, @@ -147,7 +147,22 @@ public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements assertContainerStarted(); boolean invalidateSession = this.privilegeHandler.invalidateSession(certificate); StrolchRealm realm = getContainer().getRealm(certificate); - try (StrolchTransaction tx = realm.openTx(certificate, getClass())) { + try (StrolchTransaction tx = realm.openTx(certificate, StrolchPrivilegeConstants.LOGOUT)) { + tx.setSuppressDoNothingLogging(true); + tx.setSuppressAudits(true); + Audit audit = tx.auditFrom(AccessType.DELETE, StrolchPrivilegeConstants.PRIVILEGE, + StrolchPrivilegeConstants.CERTIFICATE, certificate.getUsername()); + tx.getAuditTrail().add(tx, audit); + } + return invalidateSession; + } + + @Override + public boolean sessionTimeout(Certificate certificate) { + assertContainerStarted(); + boolean invalidateSession = this.privilegeHandler.invalidateSession(certificate); + StrolchRealm realm = getContainer().getRealm(certificate); + try (StrolchTransaction tx = realm.openTx(certificate, StrolchPrivilegeConstants.SESSION_TIME_OUT)) { tx.setSuppressDoNothingLogging(true); tx.setSuppressAudits(true); Audit audit = tx.auditFrom(AccessType.DELETE, StrolchPrivilegeConstants.PRIVILEGE, diff --git a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java index 0175dc083..43779a466 100644 --- a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java +++ b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java @@ -47,6 +47,13 @@ public interface PrivilegeHandler { * @see ch.eitchnet.privilege.handler.PrivilegeHandler#invalidateSession(ch.eitchnet.privilege.model.Certificate) */ public abstract boolean invalidateSession(Certificate certificate); + + /** + * @param certificate + * @return + * @see ch.eitchnet.privilege.handler.PrivilegeHandler#invalidateSession(ch.eitchnet.privilege.model.Certificate) + */ + public abstract boolean sessionTimeout(Certificate certificate); /** * @param certificate diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java b/li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java index fc9ae4b60..9b0464829 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java @@ -156,7 +156,7 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St @Override public void invalidate(Certificate certificate) { - DBC.PRE.assertNotNull("Certificate must bet given!", certificate); //$NON-NLS-1$ + DBC.PRE.assertNotNull("Certificate must be given!", certificate); //$NON-NLS-1$ Certificate removedCert; synchronized (this.certificateMap) { @@ -168,6 +168,19 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St this.privilegeHandler.invalidateSession(certificate); } + protected void sessionTimeout(Certificate certificate) { + DBC.PRE.assertNotNull("Certificate must be given!", certificate); //$NON-NLS-1$ + + Certificate removedCert; + synchronized (this.certificateMap) { + removedCert = this.certificateMap.remove(certificate.getAuthToken()); + } + if (removedCert == null) + logger.error(MessageFormat.format("No session was registered with token {0}", certificate.getAuthToken())); //$NON-NLS-1$ + + this.privilegeHandler.sessionTimeout(certificate); + } + /** * @return the certificateMap */ @@ -200,7 +213,7 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St if (timeOutTime.isAfter(LocalDateTime.ofInstant(lastAccess, systemDefault))) { String msg = "Session {0} for user {1} has expired, invalidating session..."; //$NON-NLS-1$ logger.info(MessageFormat.format(msg, certificate.getAuthToken(), certificate.getUsername())); - invalidate(certificate); + sessionTimeout(certificate); } } }