Examples with ThreadLocalUserContext org.projectforge.framework.persistence.user.api.ThreadLocalUserContext used on opensource projects

Example 1 with ThreadLocalUserContext

use of org.projectforge.framework.persistence.user.api.ThreadLocalUserContext in project projectforge by micromata.

the class MySession method getUser.

/**
 * @return The logged-in user or null if no user is logged-in.
 */
public synchronized PFUserDO getUser() {
    if (userContext == null) {
        // Happens after login via React page or if user isn't logged in.
        userContext = ThreadLocalUserContext.getUserContext();
        if (userContext != null && userContext.getUser() != null) {
            final HttpServletRequest request = ((ServletWebRequest) RequestCycle.get().getRequest()).getContainerRequest();
            final UserContext sessionUserContext = UserFilter.getUserContext(request);
            if (sessionUserContext == null || sessionUserContext.getUser() == null) {
                log.warn("******* User is given in ThreadLocalUserContext, but not given in session. This paranoia setting shouldn't occur. User: " + ToStringUtil.toJsonString(userContext));
                return null;
            }
            if (!Objects.equals(sessionUserContext.getUser().getId(), userContext.getUser().getId())) {
                log.warn("******* Security warning: User is given in ThreadLocalUserContext differs from user of session. This paranoia setting shouldn't occur. Thread local user=" + ToStringUtil.toJsonString(userContext) + ", session user=" + ToStringUtil.toJsonString(sessionUserContext.getUser()));
                return null;
            }
            log.info("User '" + userContext.getUser().getUsername() + "' now also logged-in for Wicket stuff.");
            userContext = sessionUserContext;
        }
    }
    return userContext != null ? userContext.getUser() : null;
}