/** * Setup optios and values for the user's session if authentication was ok. * * @param userSession The UserSession instance of the user * @param user The User instance of the authenticated user */ protected void configureUserSession(UserSession userSession, User user) { LOG.trace("configureUserSession"); userSession.dataToUser(user); // As an user may come back to the forum before its // last visit's session expires, we should check for // existent user information and then, if found, store // it to the database before getting his information back. String sessionId = SessionFacade.isUserInSession(user.getId()); UserSession tmpUs; if (sessionId != null) { SessionFacade.storeSessionData(sessionId, JForumExecutionContext.getConnection()); tmpUs = SessionFacade.getUserSession(sessionId); SessionFacade.remove(sessionId); } else { UserSessionDAO sm = DataAccessDriver.getInstance().newUserSessionDAO(); tmpUs = sm.selectById(userSession, JForumExecutionContext.getConnection()); } if (tmpUs == null) { userSession.setLastVisit(new Date(System.currentTimeMillis())); } else { // Update last visit and session start time userSession.setLastVisit(new Date(tmpUs.getStartTime().getTime() + tmpUs.getSessionTime())); } // If the execution point gets here, then the user // has chosen "autoLogin" userSession.setAutoLogin(true); SessionFacade.makeLogged(); I18n.load(user.getLang()); }
/** * Do a refresh in the user's session. This method will update the last visit time for the current * user, as well checking for authentication if the session is new or the SSO user has changed */ public void refreshSession() { LOG.trace("refreshSession"); UserSession userSession = SessionFacade.getUserSession(); RequestContext request = JForumExecutionContext.getRequest(); if (userSession == null) { userSession = new UserSession(); userSession.registerBasicInfo(); userSession.setSessionId(request.getSessionContext().getId()); userSession.setIp(request.getRemoteAddr()); SessionFacade.makeUnlogged(); if (!JForumExecutionContext.getForumContext().isBot()) { // Non-SSO authentications can use auto login if (!ConfigKeys.TYPE_SSO.equals(SystemGlobals.getValue(ConfigKeys.AUTHENTICATION_TYPE))) { if (SystemGlobals.getBoolValue(ConfigKeys.AUTO_LOGIN_ENABLED)) { this.checkAutoLogin(userSession); } else { userSession.makeAnonymous(); } } else { this.checkSSO(userSession); } } SessionFacade.add(userSession); } else if (ConfigKeys.TYPE_SSO.equals(SystemGlobals.getValue(ConfigKeys.AUTHENTICATION_TYPE))) { SSO sso; try { sso = (SSO) Class.forName(SystemGlobals.getValue(ConfigKeys.SSO_IMPLEMENTATION)).newInstance(); } catch (Exception e) { throw new ForumException(e); } // If SSO, then check if the session is valid if (!sso.isSessionValid(userSession, request)) { SessionFacade.remove(userSession.getSessionId()); refreshSession(); } } else { SessionFacade.getUserSession().updateSessionTime(); } }
/** * @see * javax.servlet.http.HttpSessionListener#sessionDestroyed(javax.servlet.http.HttpSessionEvent) */ public void sessionDestroyed(HttpSessionEvent event) { HttpSession session = event.getSession(); if (session == null) { return; } String sessionId = session.getId(); try { SessionFacade.storeSessionData(sessionId); } catch (Exception e) { logger.warn(e); } logger.info("Destroying the session for: " + sessionId); SessionFacade.remove(sessionId); }