use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.
the class AuthenticationManagerBean method logout.
@Override
public void logout() {
try {
UserSession session = userSessionSource.getUserSession();
userSessions.remove(session);
log.info("Logged out: {}", session);
withSecurityContext(new SecurityContext(serverSession), () -> publishUserLoggedOut(session));
} catch (SecurityException e) {
log.warn("Couldn't logout: {}", e);
} catch (NoUserSessionException e) {
log.warn("NoUserSessionException thrown on logout");
}
}
use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.
the class AuthenticationManagerBean method login.
@Override
@Nonnull
public AuthenticationDetails login(Credentials credentials) throws LoginException {
checkNotNullArgument(credentials, "credentials should not be null");
SecurityContext previousSecurityContext = AppContext.getSecurityContext();
AppContext.setSecurityContext(new SecurityContext(serverSession));
AuthenticationDetails authenticationDetails = null;
try {
try (Transaction tx = persistence.createTransaction()) {
publishBeforeLoginEvent(credentials);
authenticationDetails = authenticateInternal(credentials);
tx.commit();
userSessionManager.clearPermissionsOnUser(authenticationDetails.getSession());
setTimeZone(credentials, authenticationDetails);
setSessionAttributes(credentials, authenticationDetails);
storeSession(credentials, authenticationDetails);
log.info("Logged in: {}", authenticationDetails.getSession());
publishUserLoggedInEvent(credentials, authenticationDetails);
return authenticationDetails;
} finally {
publishAfterLoginEvent(credentials, authenticationDetails);
}
} finally {
AppContext.setSecurityContext(previousSecurityContext);
}
}
use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.
the class FileDownloadController method getSession.
protected UserSession getSession(HttpServletRequest request, HttpServletResponse response) throws IOException {
UUID sessionId;
try {
sessionId = UUID.fromString(request.getParameter("s"));
} catch (Exception e) {
return null;
}
AppContext.setSecurityContext(new SecurityContext(sessionId));
try {
UserSession userSession = userSessionService.getUserSession(sessionId);
return userSession;
} catch (NoUserSessionException e) {
return null;
} finally {
AppContext.setSecurityContext(null);
}
}
use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.
the class IdpLogoutCallbackController method logout.
@RequestMapping(value = "logout", method = RequestMethod.POST)
public void logout(@RequestParam(name = "idpSessionId") String idpSessionId, @RequestParam(name = "trustedServicePassword") String trustedServicePassword, HttpServletResponse response) {
if ((!webAuthConfig.getExternalAuthentication() && !webIdpConfig.getIdpEnabled()) || Strings.isNullOrEmpty(webIdpConfig.getIdpBaseURL())) {
log.warn("IDP options is not set, but logout callback url is requested");
response.setStatus(HttpStatus.BAD_REQUEST.value());
return;
}
if (!Objects.equals(webIdpConfig.getIdpTrustedServicePassword(), trustedServicePassword)) {
log.warn("Incorrect trusted service password passed from IDP");
response.setStatus(HttpStatus.UNAUTHORIZED.value());
return;
}
UserSession systemSession;
try {
systemSession = trustedClientService.getSystemSession(webAuthConfig.getTrustedClientPassword());
} catch (LoginException e) {
log.error("Unable to obtain system session", e);
return;
}
log.trace("Logout user session by IDP session {}", idpSessionId);
AppContext.withSecurityContext(new SecurityContext(systemSession), () -> idpService.logoutUserSession(idpSessionId));
}
use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.
the class FileUploadController method getSession.
protected UserSession getSession(HttpServletRequest request, HttpServletResponse response) {
UUID sessionId;
try {
sessionId = UUID.fromString(request.getParameter("s"));
} catch (Exception e) {
return null;
}
AppContext.setSecurityContext(new SecurityContext(sessionId));
try {
return userSessionService.getUserSession(sessionId);
} catch (NoUserSessionException e) {
return null;
} finally {
AppContext.setSecurityContext(null);
}
}
Aggregations