/**
* Setup optios and values for the user's session if authentication was ok.
*
* @param userSession The UserSession instance of the user
* @param user The User instance of the authenticated user
*/
protected void configureUserSession(UserSession userSession, User user) {
LOG.trace("configureUserSession");
userSession.dataToUser(user);
// As an user may come back to the forum before its
// last visit's session expires, we should check for
// existent user information and then, if found, store
// it to the database before getting his information back.
String sessionId = SessionFacade.isUserInSession(user.getId());
UserSession tmpUs;
if (sessionId != null) {
SessionFacade.storeSessionData(sessionId, JForumExecutionContext.getConnection());
tmpUs = SessionFacade.getUserSession(sessionId);
SessionFacade.remove(sessionId);
} else {
UserSessionDAO sm = DataAccessDriver.getInstance().newUserSessionDAO();
tmpUs = sm.selectById(userSession, JForumExecutionContext.getConnection());
}
if (tmpUs == null) {
userSession.setLastVisit(new Date(System.currentTimeMillis()));
} else {
// Update last visit and session start time
userSession.setLastVisit(new Date(tmpUs.getStartTime().getTime() + tmpUs.getSessionTime()));
}
// If the execution point gets here, then the user
// has chosen "autoLogin"
userSession.setAutoLogin(true);
SessionFacade.makeLogged();
I18n.load(user.getLang());
}
/**
* Do a refresh in the user's session. This method will update the last visit time for the current
* user, as well checking for authentication if the session is new or the SSO user has changed
*/
public void refreshSession() {
LOG.trace("refreshSession");
UserSession userSession = SessionFacade.getUserSession();
RequestContext request = JForumExecutionContext.getRequest();
if (userSession == null) {
userSession = new UserSession();
userSession.registerBasicInfo();
userSession.setSessionId(request.getSessionContext().getId());
userSession.setIp(request.getRemoteAddr());
SessionFacade.makeUnlogged();
if (!JForumExecutionContext.getForumContext().isBot()) {
// Non-SSO authentications can use auto login
if (!ConfigKeys.TYPE_SSO.equals(SystemGlobals.getValue(ConfigKeys.AUTHENTICATION_TYPE))) {
if (SystemGlobals.getBoolValue(ConfigKeys.AUTO_LOGIN_ENABLED)) {
this.checkAutoLogin(userSession);
} else {
userSession.makeAnonymous();
}
} else {
this.checkSSO(userSession);
}
}
SessionFacade.add(userSession);
} else if (ConfigKeys.TYPE_SSO.equals(SystemGlobals.getValue(ConfigKeys.AUTHENTICATION_TYPE))) {
SSO sso;
try {
sso =
(SSO)
Class.forName(SystemGlobals.getValue(ConfigKeys.SSO_IMPLEMENTATION)).newInstance();
} catch (Exception e) {
throw new ForumException(e);
}
// If SSO, then check if the session is valid
if (!sso.isSessionValid(userSession, request)) {
SessionFacade.remove(userSession.getSessionId());
refreshSession();
}
} else {
SessionFacade.getUserSession().updateSessionTime();
}
}
/**
* @see
* javax.servlet.http.HttpSessionListener#sessionDestroyed(javax.servlet.http.HttpSessionEvent)
*/
public void sessionDestroyed(HttpSessionEvent event) {
HttpSession session = event.getSession();
if (session == null) {
return;
}
String sessionId = session.getId();
try {
SessionFacade.storeSessionData(sessionId);
} catch (Exception e) {
logger.warn(e);
}
logger.info("Destroying the session for: " + sessionId);
SessionFacade.remove(sessionId);
}
