public void resetUserSessionForProfiles(UserSessionBase userSession) {
if (userSession == null) {
// Nothing to reset
return;
}
// Let's get the Current User Again
String currentLoginId = userSession.getLoginId();
XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId);
userSession.setXXPortalUser(gjUser);
setUserRoles(userSession);
}
private void setUserRoles(UserSessionBase userSession) {
List<String> strRoleList = new ArrayList<String>();
List<XXPortalUserRole> roleList =
daoManager.getXXPortalUserRole().findByUserId(userSession.getUserId());
for (XXPortalUserRole gjUserRole : roleList) {
String userRole = gjUserRole.getUserRole();
strRoleList.add(userRole);
if (userRole.equals(XAConstants.ROLE_SYS_ADMIN)) {
userSession.setUserAdmin(true);
}
}
userSession.setUserRoleList(strRoleList);
}
protected boolean validateUserSession(UserSessionBase userSession, String currentLoginId) {
if (currentLoginId.equalsIgnoreCase(userSession.getXXPortalUser().getLoginId())) {
return true;
} else {
logger.info(
"loginId doesn't match loginId from HTTPSession. Will create new session. loginId="
+ currentLoginId
+ ", userSession="
+ userSession,
new Exception());
return false;
}
}
// non-WEB processing
public UserSessionBase processStandaloneSuccessLogin(int authType, String ipAddress) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String currentLoginId = authentication.getName();
// Need to build the UserSession
XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId);
if (gjUser == null) {
logger.error("Error getting user for loginId=" + currentLoginId, new Exception());
return null;
}
XXAuthSession gjAuthSession = new XXAuthSession();
gjAuthSession.setLoginId(currentLoginId);
gjAuthSession.setUserId(gjUser.getId());
gjAuthSession.setAuthTime(DateUtil.getUTCDate());
gjAuthSession.setAuthStatus(XXAuthSession.AUTH_STATUS_SUCCESS);
gjAuthSession.setAuthType(authType);
gjAuthSession.setDeviceType(XACommonEnums.DEVICE_UNKNOWN);
gjAuthSession.setExtSessionId(null);
gjAuthSession.setRequestIP(ipAddress);
gjAuthSession.setRequestUserAgent(null);
gjAuthSession = storeAuthSession(gjAuthSession);
UserSessionBase userSession = new UserSessionBase();
userSession.setXXPortalUser(gjUser);
userSession.setXXAuthSession(gjAuthSession);
// create context with user-session and set in thread-local
XASecurityContext context = new XASecurityContext();
context.setUserSession(userSession);
XAContextHolder.setSecurityContext(context);
resetUserSessionForProfiles(userSession);
return userSession;
}
public UserSessionBase processSuccessLogin(
int authType, String userAgent, HttpServletRequest httpRequest) {
boolean newSessionCreation = true;
UserSessionBase userSession = null;
XASecurityContext context = XAContextHolder.getSecurityContext();
if (context != null) {
userSession = context.getUserSession();
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
WebAuthenticationDetails details = (WebAuthenticationDetails) authentication.getDetails();
String currentLoginId = authentication.getName();
if (userSession != null) {
if (validateUserSession(userSession, currentLoginId)) {
newSessionCreation = false;
}
}
if (newSessionCreation) {
// Need to build the UserSession
XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId);
if (gjUser == null) {
logger.error("Error getting user for loginId=" + currentLoginId, new Exception());
return null;
}
XXAuthSession gjAuthSession = new XXAuthSession();
gjAuthSession.setLoginId(currentLoginId);
gjAuthSession.setUserId(gjUser.getId());
gjAuthSession.setAuthTime(DateUtil.getUTCDate());
gjAuthSession.setAuthStatus(XXAuthSession.AUTH_STATUS_SUCCESS);
gjAuthSession.setAuthType(authType);
if (details != null) {
gjAuthSession.setExtSessionId(details.getSessionId());
gjAuthSession.setRequestIP(details.getRemoteAddress());
}
if (userAgent != null) {
gjAuthSession.setRequestUserAgent(userAgent);
}
gjAuthSession.setDeviceType(httpUtil.getDeviceType(userAgent));
gjAuthSession = storeAuthSession(gjAuthSession);
userSession = new UserSessionBase();
userSession.setXXPortalUser(gjUser);
userSession.setXXAuthSession(gjAuthSession);
resetUserSessionForProfiles(userSession);
if (details != null) {
logger.info(
"Login Success: loginId="
+ currentLoginId
+ ", sessionId="
+ gjAuthSession.getId()
+ ", sessionId="
+ details.getSessionId()
+ ", requestId="
+ details.getRemoteAddress());
} else {
logger.info(
"Login Success: loginId="
+ currentLoginId
+ ", sessionId="
+ gjAuthSession.getId()
+ ", details is null");
}
}
return userSession;
}