public void resetUserSessionForProfiles(UserSessionBase userSession) { if (userSession == null) { // Nothing to reset return; } // Let's get the Current User Again String currentLoginId = userSession.getLoginId(); XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId); userSession.setXXPortalUser(gjUser); setUserRoles(userSession); }
private void setUserRoles(UserSessionBase userSession) { List<String> strRoleList = new ArrayList<String>(); List<XXPortalUserRole> roleList = daoManager.getXXPortalUserRole().findByUserId(userSession.getUserId()); for (XXPortalUserRole gjUserRole : roleList) { String userRole = gjUserRole.getUserRole(); strRoleList.add(userRole); if (userRole.equals(XAConstants.ROLE_SYS_ADMIN)) { userSession.setUserAdmin(true); } } userSession.setUserRoleList(strRoleList); }
protected boolean validateUserSession(UserSessionBase userSession, String currentLoginId) { if (currentLoginId.equalsIgnoreCase(userSession.getXXPortalUser().getLoginId())) { return true; } else { logger.info( "loginId doesn't match loginId from HTTPSession. Will create new session. loginId=" + currentLoginId + ", userSession=" + userSession, new Exception()); return false; } }
// non-WEB processing public UserSessionBase processStandaloneSuccessLogin(int authType, String ipAddress) { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); String currentLoginId = authentication.getName(); // Need to build the UserSession XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId); if (gjUser == null) { logger.error("Error getting user for loginId=" + currentLoginId, new Exception()); return null; } XXAuthSession gjAuthSession = new XXAuthSession(); gjAuthSession.setLoginId(currentLoginId); gjAuthSession.setUserId(gjUser.getId()); gjAuthSession.setAuthTime(DateUtil.getUTCDate()); gjAuthSession.setAuthStatus(XXAuthSession.AUTH_STATUS_SUCCESS); gjAuthSession.setAuthType(authType); gjAuthSession.setDeviceType(XACommonEnums.DEVICE_UNKNOWN); gjAuthSession.setExtSessionId(null); gjAuthSession.setRequestIP(ipAddress); gjAuthSession.setRequestUserAgent(null); gjAuthSession = storeAuthSession(gjAuthSession); UserSessionBase userSession = new UserSessionBase(); userSession.setXXPortalUser(gjUser); userSession.setXXAuthSession(gjAuthSession); // create context with user-session and set in thread-local XASecurityContext context = new XASecurityContext(); context.setUserSession(userSession); XAContextHolder.setSecurityContext(context); resetUserSessionForProfiles(userSession); return userSession; }
public UserSessionBase processSuccessLogin( int authType, String userAgent, HttpServletRequest httpRequest) { boolean newSessionCreation = true; UserSessionBase userSession = null; XASecurityContext context = XAContextHolder.getSecurityContext(); if (context != null) { userSession = context.getUserSession(); } Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); WebAuthenticationDetails details = (WebAuthenticationDetails) authentication.getDetails(); String currentLoginId = authentication.getName(); if (userSession != null) { if (validateUserSession(userSession, currentLoginId)) { newSessionCreation = false; } } if (newSessionCreation) { // Need to build the UserSession XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId); if (gjUser == null) { logger.error("Error getting user for loginId=" + currentLoginId, new Exception()); return null; } XXAuthSession gjAuthSession = new XXAuthSession(); gjAuthSession.setLoginId(currentLoginId); gjAuthSession.setUserId(gjUser.getId()); gjAuthSession.setAuthTime(DateUtil.getUTCDate()); gjAuthSession.setAuthStatus(XXAuthSession.AUTH_STATUS_SUCCESS); gjAuthSession.setAuthType(authType); if (details != null) { gjAuthSession.setExtSessionId(details.getSessionId()); gjAuthSession.setRequestIP(details.getRemoteAddress()); } if (userAgent != null) { gjAuthSession.setRequestUserAgent(userAgent); } gjAuthSession.setDeviceType(httpUtil.getDeviceType(userAgent)); gjAuthSession = storeAuthSession(gjAuthSession); userSession = new UserSessionBase(); userSession.setXXPortalUser(gjUser); userSession.setXXAuthSession(gjAuthSession); resetUserSessionForProfiles(userSession); if (details != null) { logger.info( "Login Success: loginId=" + currentLoginId + ", sessionId=" + gjAuthSession.getId() + ", sessionId=" + details.getSessionId() + ", requestId=" + details.getRemoteAddress()); } else { logger.info( "Login Success: loginId=" + currentLoginId + ", sessionId=" + gjAuthSession.getId() + ", details is null"); } } return userSession; }