public boolean isValidSession(AuthorizedDTO dto, String ipAddress, String path) throws Exception { String username = ""; appDAO.deleteExpiredPatientSessions(); if (dto == null || dto.getSessionId() == null) { log.info( "======= isValidSession() no session id submitted by user at ip address of " + ipAddress); return false; } PatientSession patientSession = appDAO.findPatientSessionBySessionId(dto.getSessionId()); if (patientSession == null) { log.info("======= isValidSession() no session found for : " + dto.getSessionId()); return false; } if (patientSession.getIpAddress().equals(ipAddress) == false) { log.info( "======= isValidSession() submitted IP address is of " + ipAddress + " does not match the one found in current session"); return false; } // check for proper access level int accessLevel = patientSession.getPatient().getCred().getAccessLevel(); log.info("======= isValidSession() checking " + path); if (Permissions.patientPermissionsMap.get(path) != null) { username = patientSession.getPatient().getCred().getUsername(); log.info( "======= isValidSession() checking " + path + " for user " + username + " with a permissions level of " + accessLevel); if (Permissions.patientPermissionsMap.get(path)[accessLevel] == false) { log.info( "======= isValidSession() user " + username + " lacks permission level to execute " + path); return false; } } // update session timestamp to current time patientSession.setLastAccessTime(new Date()); appDAO.update(patientSession); log.info( "======= isValidSession() user " + username + "'s timestamp updated to " + patientSession.getLastAccessTime()); return true; }