use of org.projectforge.framework.persistence.user.api.ThreadLocalUserContext in project projectforge by micromata.
the class MySession method getUser.
/**
* @return The logged-in user or null if no user is logged-in.
*/
public synchronized PFUserDO getUser() {
if (userContext == null) {
// Happens after login via React page or if user isn't logged in.
userContext = ThreadLocalUserContext.getUserContext();
if (userContext != null && userContext.getUser() != null) {
final HttpServletRequest request = ((ServletWebRequest) RequestCycle.get().getRequest()).getContainerRequest();
final UserContext sessionUserContext = UserFilter.getUserContext(request);
if (sessionUserContext == null || sessionUserContext.getUser() == null) {
log.warn("******* User is given in ThreadLocalUserContext, but not given in session. This paranoia setting shouldn't occur. User: " + ToStringUtil.toJsonString(userContext));
return null;
}
if (!Objects.equals(sessionUserContext.getUser().getId(), userContext.getUser().getId())) {
log.warn("******* Security warning: User is given in ThreadLocalUserContext differs from user of session. This paranoia setting shouldn't occur. Thread local user=" + ToStringUtil.toJsonString(userContext) + ", session user=" + ToStringUtil.toJsonString(sessionUserContext.getUser()));
return null;
}
log.info("User '" + userContext.getUser().getUsername() + "' now also logged-in for Wicket stuff.");
userContext = sessionUserContext;
}
}
return userContext != null ? userContext.getUser() : null;
}
Aggregations