Ejemplo n.º 1
0
 /** GET /account/sessions -> get the current open sessions. */
 @RequestMapping(
     value = "/account/sessions",
     method = RequestMethod.GET,
     produces = MediaType.APPLICATION_JSON_VALUE)
 @Timed
 public ResponseEntity<List<PersistentToken>> getCurrentSessions() {
   return userRepository
       .findOneByLogin(SecurityUtils.getCurrentUser().getUsername())
       .map(
           user -> new ResponseEntity<>(persistentTokenRepository.findByUser(user), HttpStatus.OK))
       .orElse(new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR));
 }
Ejemplo n.º 2
0
 /**
  * DELETE /account/sessions?series={series} -> invalidate an existing session.
  *
  * <p>- You can only delete your own sessions, not any other user's session - If you delete one of
  * your existing sessions, and that you are currently logged in on that session, you will still be
  * able to use that session, until you quit your browser: it does not work in real time (there is
  * no API for that), it only removes the "remember me" cookie - This is also true if you
  * invalidate your current session: you will still be able to use it until you close your browser
  * or that the session times out. But automatic login (the "remember me" cookie) will not work
  * anymore. There is an API to invalidate the current session, but there is no API to check which
  * session uses which cookie.
  */
 @RequestMapping(value = "/account/sessions/{series}", method = RequestMethod.DELETE)
 @Timed
 public void invalidateSession(@PathVariable String series) throws UnsupportedEncodingException {
   String decodedSeries = URLDecoder.decode(series, "UTF-8");
   userRepository
       .findOneByLogin(SecurityUtils.getCurrentUser().getUsername())
       .ifPresent(
           u -> {
             persistentTokenRepository
                 .findByUser(u)
                 .stream()
                 .filter(
                     persistentToken ->
                         StringUtils.equals(persistentToken.getSeries(), decodedSeries))
                 .findAny()
                 .ifPresent(t -> persistentTokenRepository.delete(decodedSeries));
           });
 }