Exemple #1
0
  public boolean isValidSession(AuthorizedDTO dto, String ipAddress, String path) throws Exception {
    String username = "";

    appDAO.deleteExpiredPatientSessions();

    if (dto == null || dto.getSessionId() == null) {
      log.info(
          "======= isValidSession() no session id submitted by user at ip address of " + ipAddress);
      return false;
    }

    PatientSession patientSession = appDAO.findPatientSessionBySessionId(dto.getSessionId());

    if (patientSession == null) {
      log.info("======= isValidSession() no session found for : " + dto.getSessionId());
      return false;
    }

    if (patientSession.getIpAddress().equals(ipAddress) == false) {
      log.info(
          "======= isValidSession() submitted IP address is of "
              + ipAddress
              + " does not match the one found in current session");
      return false;
    }

    // check for proper access level
    int accessLevel = patientSession.getPatient().getCred().getAccessLevel();
    log.info("======= isValidSession() checking " + path);
    if (Permissions.patientPermissionsMap.get(path) != null) {
      username = patientSession.getPatient().getCred().getUsername();
      log.info(
          "======= isValidSession() checking "
              + path
              + " for user "
              + username
              + " with a permissions level of "
              + accessLevel);
      if (Permissions.patientPermissionsMap.get(path)[accessLevel] == false) {
        log.info(
            "======= isValidSession() user "
                + username
                + " lacks permission level to execute "
                + path);
        return false;
      }
    }

    // update session timestamp to current time
    patientSession.setLastAccessTime(new Date());
    appDAO.update(patientSession);
    log.info(
        "======= isValidSession() user "
            + username
            + "'s timestamp updated to "
            + patientSession.getLastAccessTime());

    return true;
  }
Exemple #2
0
 public void startPatientSession(Patient patient, String ipAddress, AppDAO appDAO)
     throws Exception {
   PatientSession patientSession = new PatientSession();
   patientSession.setPatient(patient);
   patientSession.setSessionId(patient.getCred().getSessionId());
   patientSession.setIpAddress(ipAddress);
   patientSession.setLastAccessTime(new Date());
   appDAO.create(patientSession);
   PatientSessionData patientSessionData = new PatientSessionData();
   patientSessionData.setPatientSession(patientSession);
   log.info("======= Added " + patientSession.toString());
   activityLogService.logViewPatient(
       patient.getId(), null, patient.getId(), "StartPatientSession");
 }