Search in sources :

Example 1 with SessionContext

use of org.polymap.core.runtime.session.SessionContext in project polymap4-core by Polymap4.

the class WebDavServer method createNewSession.

/**
 * Initializes a new session for the given user.
 * <p/>
 * This method is called by {@link SecurityManagerAdapter}
 *
 * @param user
 * @return The specified user.
 */
public static Principal createNewSession(final Principal user) {
    HttpServletRequest req = io.milton.servlet.ServletRequest.getRequest();
    final HttpSession session = req.getSession();
    // HTTP session timeout: 30min
    session.setMaxInactiveInterval(30 * 60);
    FsPlugin.getDefault().sessionContextProvider.mapContext(user.getName(), true);
    final SessionContext sessionContext = SessionContext.current();
    // ContentManager
    Locale locale = req.getLocale();
    sessionContext.setAttribute("contentManager", ContentManager.forUser(user.getName(), locale, sessionContext));
    // invalidate HTTP session when context is destroyed
    sessionContext.addSessionListener(new ISessionListener() {

        public void beforeDestroy() {
            log.info("SessionContext is destroyed -> invalidating HTTP session");
            try {
                // sessionContext.removeSessionListener( this );
                session.invalidate();
            } catch (Exception e) {
                log.warn("HTTP session already invalidated: " + e);
            }
        }
    });
    // session destroy listener
    session.setAttribute("sessionListener", new HttpSessionBindingListener() {

        public void valueBound(HttpSessionBindingEvent ev) {
        }

        public void valueUnbound(HttpSessionBindingEvent ev) {
            // 
            sessionContext.execute(new Runnable() {

                public void run() {
                    ContentManager.releaseSession(user.getName());
                }
            });
            // prevent life-lock
            if (!sessionContext.isDestroyed() && sessionContext.getAttribute("destroying") == null) {
                sessionContext.setAttribute("destroying", true);
                FsPlugin.getDefault().sessionContextProvider.destroyContext(sessionContext.getSessionKey());
                log.info("HTTP Session destroyed: " + session.getId() + ", user: " + user);
            }
        }
    });
    log.info("New HTTP session: " + session.getId() + ", user: " + user);
    return user;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Locale(java.util.Locale) HttpSessionBindingEvent(javax.servlet.http.HttpSessionBindingEvent) HttpSession(javax.servlet.http.HttpSession) HttpSessionBindingListener(javax.servlet.http.HttpSessionBindingListener) ISessionListener(org.polymap.core.runtime.session.ISessionListener) SessionContext(org.polymap.core.runtime.session.SessionContext) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Example 2 with SessionContext

use of org.polymap.core.runtime.session.SessionContext in project polymap4-core by Polymap4.

the class ServiceContext2 method execute.

public <E extends Exception> void execute(Task<E> task) throws E {
    // XXX no GeoServerClassLoader; just one instance per JVM
    // assert context.cl != null;
    // ClassLoader orig = Thread.currentThread().getContextClassLoader();
    // Thread.currentThread().setContextClassLoader( context.cl );
    // assert Thread.currentThread().getContextClassLoader() == context.cl;
    SessionContext current = SessionContext.current();
    assert current == null : "Thread already mapped to a SessionContext: " + current.getSessionKey();
    try {
        boolean mapped = contextProvider.mapContext(sessionKey, true);
        log.debug("SessionContext: " + SessionContext.current());
        assert mapped : "Thread already mapped to a SessionContext: " + SessionContext.current().getSessionKey();
        SecurityContext securityContext = SecurityContext.instance();
        if (!securityContext.isLoggedIn()) {
            // XXX this user is used to authenticate upstream mapzone services
            securityContext.loginTrusted("admin");
        }
        task.call();
    } finally {
        // Thread.currentThread().setContextClassLoader( orig );
        contextProvider.unmapContext();
    }
}
Also used : SecurityContext(org.polymap.core.security.SecurityContext) SessionContext(org.polymap.core.runtime.session.SessionContext)

Example 3 with SessionContext

use of org.polymap.core.runtime.session.SessionContext in project polymap4-core by Polymap4.

the class SecurityContext method tryLogin.

public boolean tryLogin() {
    if (isLoggedIn()) {
        throw new IllegalStateException("Already logged in for this SessionContext.");
    }
    try {
        sc.login();
        subject = sc.getSubject();
        principals = new HashSet(subject.getPrincipals());
        // find user
        user = principals.stream().filter(p -> p instanceof UserPrincipal).findAny().orElseThrow(() -> new LoginException("Es wurde kein Nutzer in der Konfiguration gefunden"));
        // allow to access the instance directly via current session (find user for example)
        SessionContext.current().setAttribute("user", user);
        // add roles of user to principals
        Set<AuthorizationModule> authModules = subject.getPrivateCredentials(AuthorizationModule.class);
        if (authModules.size() != 1) {
            throw new RuntimeException("No AuthorizationModule specified. Is jaas_config.txt correct?");
        }
        principals.addAll(authModules.iterator().next().rolesOf(subject));
        return true;
    }// }
     catch (LoginException e) {
        // login failed
        return false;
    }
}
Also used : LoginException(javax.security.auth.login.LoginException) SessionContext(org.polymap.core.runtime.session.SessionContext) URL(java.net.URL) Set(java.util.Set) SessionSingleton(org.polymap.core.runtime.session.SessionSingleton) Supplier(java.util.function.Supplier) Subject(javax.security.auth.Subject) LoginContextFactory(org.eclipse.equinox.security.auth.LoginContextFactory) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) List(java.util.List) Principal(java.security.Principal) Log(org.apache.commons.logging.Log) LogFactory(org.apache.commons.logging.LogFactory) ILoginContext(org.eclipse.equinox.security.auth.ILoginContext) LoginException(javax.security.auth.login.LoginException) HashSet(java.util.HashSet)

Example 4 with SessionContext

use of org.polymap.core.runtime.session.SessionContext in project polymap4-core by Polymap4.

the class EntityStateTracker method addListener.

/**
 * @param handler An {@link IEntityStateListener} or any other
 *        {@link EventHandler annotated} object.
 * @param filters
 */
public void addListener(Object handler, EventFilter... filters) {
    SessionContext context = SessionContext.current();
    assert context != null : "No context when registering IEntityStateListener!";
    // if impl changes then check QiModule#addListener too!
    EventManager.instance().subscribe(handler, filters);
}
Also used : SessionContext(org.polymap.core.runtime.session.SessionContext)

Aggregations

SessionContext (org.polymap.core.runtime.session.SessionContext)4 IOException (java.io.IOException)1 URL (java.net.URL)1 Principal (java.security.Principal)1 ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Locale (java.util.Locale)1 Set (java.util.Set)1 Supplier (java.util.function.Supplier)1 Subject (javax.security.auth.Subject)1 LoginException (javax.security.auth.login.LoginException)1 ServletException (javax.servlet.ServletException)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpSession (javax.servlet.http.HttpSession)1 HttpSessionBindingEvent (javax.servlet.http.HttpSessionBindingEvent)1 HttpSessionBindingListener (javax.servlet.http.HttpSessionBindingListener)1 Log (org.apache.commons.logging.Log)1 LogFactory (org.apache.commons.logging.LogFactory)1 ILoginContext (org.eclipse.equinox.security.auth.ILoginContext)1