Examples with UserSession com.jeesuite.security.model.UserSession used on opensource projects

Example 1 with UserSession

use of com.jeesuite.security.model.UserSession in project jeesuite-libs by vakinge.

the class SecurityDelegatingFilter method doFilter.

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    // 忽略静态资源
    if (request.getRequestURI().contains(DOT) && (apiUriSuffix == null || !request.getRequestURI().endsWith(apiUriSuffix))) {
        chain.doFilter(req, res);
        return;
    }
    if (request.getMethod().equals(HttpMethod.OPTIONS.name())) {
        chain.doFilter(req, res);
        return;
    }
    if (additionHandler != null) {
        additionHandler.beforeAuthorization(request, response);
    }
    CurrentRuntimeContext.init(request, response);
    UserSession userSession = null;
    try {
        userSession = SecurityDelegating.doAuthorization();
    } catch (UnauthorizedException e) {
        if (WebUtils.isAjax(request)) {
            WebUtils.responseOutJson(response, MSG_401_UNAUTHORIZED);
        } else {
            if (SecurityDelegating.getConfigurerProvider().error401Page() == null) {
                response.setStatus(401);
                WebUtils.responseOutHtml(response, "401 Unauthorized");
            } else {
                String loginPage = WebUtils.getBaseUrl(request) + SecurityDelegating.getConfigurerProvider().error401Page();
                response.sendRedirect(loginPage);
            }
        }
        return;
    } catch (ForbiddenAccessException e) {
        if (WebUtils.isAjax(request)) {
            WebUtils.responseOutJson(response, MSG_403_FORBIDDEN);
        } else {
            if (SecurityDelegating.getConfigurerProvider().error403Page() == null) {
                response.setStatus(403);
                WebUtils.responseOutHtml(response, "403 Forbidden");
            } else {
                String loginPage = WebUtils.getBaseUrl(request) + SecurityDelegating.getConfigurerProvider().error403Page();
                response.sendRedirect(loginPage);
            }
        }
        return;
    }
    // 
    if (additionHandler != null) {
        additionHandler.afterAuthorization(userSession);
    }
    chain.doFilter(req, res);
}

Example 2 with UserSession

use of com.jeesuite.security.model.UserSession in project jeesuite-libs by vakinge.

the class SecurityDelegating method updateSession.

public static UserSession updateSession(AuthUser userInfo) {
    UserSession session = getCurrentSession();
    session.setUser(userInfo);
    if (getInstance().decisionProvider.kickOff()) {
        UserSession otherSession = getInstance().sessionManager.getLoginSessionByUserId(userInfo.getId());
        if (otherSession != null && !otherSession.getSessionId().equals(session.getSessionId())) {
            getInstance().sessionManager.removeLoginSession(otherSession.getSessionId());
        }
    }
    getInstance().sessionManager.storageLoginSession(session);
    return session;
}

Example 3 with UserSession

use of com.jeesuite.security.model.UserSession in project jeesuite-libs by vakinge.

the class SecurityDelegating method doAuthorization.

/**
 * 鉴权
 * @param userId
 * @param uri
 */
public static UserSession doAuthorization() throws UnauthorizedException, ForbiddenAccessException {
    UserSession session = getCurrentSession();
    String uri = CurrentRuntimeContext.getRequest().getRequestURI();
    boolean isAdmin = session != null && session.getUser() != null && session.getUser().isAdmin();
    if (!isAdmin && !getInstance().resourceManager.isAnonymous(uri)) {
        if (session == null || session.isAnonymous()) {
            throw new UnauthorizedException();
        }
        String permissionKey = ApiPermssionCheckHelper.buildPermissionKey(CurrentRuntimeContext.getRequest().getMethod(), uri);
        PermissionLevel permissionLevel = ApiPermssionCheckHelper.matchPermissionLevel(getInstance().resourceManager, permissionKey);
        // 如果需鉴权
        if (permissionLevel == PermissionLevel.PermissionRequired) {
            List<String> permissions = getInstance().resourceManager.getUserPermissions(session);
            if (!ApiPermssionCheckHelper.checkPermissions(getInstance().resourceManager, permissionKey, permissions)) {
                throw new ForbiddenAccessException();
            }
        }
    }
    // 
    if (session != null) {
        CurrentRuntimeContext.setAuthUser(session.getUser());
        if (StringUtils.isNotBlank(session.getTenantId())) {
            CurrentRuntimeContext.setTenantId(session.getTenantId());
        }
        // 续租
        if (session.getExpiredAt() - System.currentTimeMillis() < SESSION_RNEWAL_BEFORE_MILLS) {
            getInstance().sessionManager.storageLoginSession(session);
        }
    }
    return session;
}

Example 4 with UserSession

use of com.jeesuite.security.model.UserSession in project jeesuite-libs by vakinge.

the class SecuritySessionManager method getSession.

public UserSession getSession(boolean createIfAbsent) {
    String sessionId = getSessionId();
    UserSession session = null;
    if (StringUtils.isNotBlank(sessionId)) {
        session = getLoginSession(sessionId);
    }
    if (createIfAbsent && session == null) {
        session = UserSession.create();
        if (sessionId != null && isDevTestEnv) {
            session.setSessionId(sessionId);
        }
        HttpServletRequest request = CurrentRuntimeContext.getRequest();
        Cookie cookie = createSessionCookies(request, session.getSessionId(), sessionExpireIn);
        CurrentRuntimeContext.getResponse().addCookie(cookie);
        // 
        storageLoginSession(session);
    }
    return session;
}

Example 5 with UserSession

use of com.jeesuite.security.model.UserSession in project jeesuite-libs by vakinge.

the class SecuritySessionManager method removeLoginSession.

public void removeLoginSession(String sessionId) {
    String key = sessionId;
    UserSession session = getLoginSession(sessionId);
    if (session != null && !session.isAnonymous()) {
        storageManager.getCache(cacheName).remove(key);
        key = String.format(SESSION_UID_CACHE_KEY, session.getUser().getId());
        storageManager.getCache(cacheName).remove(key);
    }
}