예제 #1
0
  /**
   * Setup optios and values for the user's session if authentication was ok.
   *
   * @param userSession The UserSession instance of the user
   * @param user The User instance of the authenticated user
   */
  protected void configureUserSession(UserSession userSession, User user) {

    LOG.trace("configureUserSession");
    userSession.dataToUser(user);

    // As an user may come back to the forum before its
    // last visit's session expires, we should check for
    // existent user information and then, if found, store
    // it to the database before getting his information back.
    String sessionId = SessionFacade.isUserInSession(user.getId());

    UserSession tmpUs;
    if (sessionId != null) {
      SessionFacade.storeSessionData(sessionId, JForumExecutionContext.getConnection());
      tmpUs = SessionFacade.getUserSession(sessionId);
      SessionFacade.remove(sessionId);
    } else {
      UserSessionDAO sm = DataAccessDriver.getInstance().newUserSessionDAO();
      tmpUs = sm.selectById(userSession, JForumExecutionContext.getConnection());
    }

    if (tmpUs == null) {
      userSession.setLastVisit(new Date(System.currentTimeMillis()));
    } else {
      // Update last visit and session start time
      userSession.setLastVisit(new Date(tmpUs.getStartTime().getTime() + tmpUs.getSessionTime()));
    }

    // If the execution point gets here, then the user
    // has chosen "autoLogin"
    userSession.setAutoLogin(true);
    SessionFacade.makeLogged();

    I18n.load(user.getLang());
  }
예제 #2
0
  /**
   * Do a refresh in the user's session. This method will update the last visit time for the current
   * user, as well checking for authentication if the session is new or the SSO user has changed
   */
  public void refreshSession() {

    LOG.trace("refreshSession");
    UserSession userSession = SessionFacade.getUserSession();
    RequestContext request = JForumExecutionContext.getRequest();

    if (userSession == null) {
      userSession = new UserSession();
      userSession.registerBasicInfo();
      userSession.setSessionId(request.getSessionContext().getId());
      userSession.setIp(request.getRemoteAddr());
      SessionFacade.makeUnlogged();

      if (!JForumExecutionContext.getForumContext().isBot()) {
        // Non-SSO authentications can use auto login
        if (!ConfigKeys.TYPE_SSO.equals(SystemGlobals.getValue(ConfigKeys.AUTHENTICATION_TYPE))) {
          if (SystemGlobals.getBoolValue(ConfigKeys.AUTO_LOGIN_ENABLED)) {
            this.checkAutoLogin(userSession);
          } else {
            userSession.makeAnonymous();
          }
        } else {
          this.checkSSO(userSession);
        }
      }

      SessionFacade.add(userSession);
    } else if (ConfigKeys.TYPE_SSO.equals(SystemGlobals.getValue(ConfigKeys.AUTHENTICATION_TYPE))) {
      SSO sso;

      try {
        sso =
            (SSO)
                Class.forName(SystemGlobals.getValue(ConfigKeys.SSO_IMPLEMENTATION)).newInstance();
      } catch (Exception e) {
        throw new ForumException(e);
      }

      // If SSO, then check if the session is valid
      if (!sso.isSessionValid(userSession, request)) {
        SessionFacade.remove(userSession.getSessionId());
        refreshSession();
      }
    } else {
      SessionFacade.getUserSession().updateSessionTime();
    }
  }
예제 #3
0
  /**
   * @see
   *     javax.servlet.http.HttpSessionListener#sessionDestroyed(javax.servlet.http.HttpSessionEvent)
   */
  public void sessionDestroyed(HttpSessionEvent event) {
    HttpSession session = event.getSession();

    if (session == null) {
      return;
    }

    String sessionId = session.getId();

    try {
      SessionFacade.storeSessionData(sessionId);
    } catch (Exception e) {
      logger.warn(e);
    }

    logger.info("Destroying the session for: " + sessionId);
    SessionFacade.remove(sessionId);
  }