Example 1 with Session
use of org.simbasecurity.core.domain.Session in project simba-os by cegeka.
the class SessionDatabaseRepository method findBySSOToken.
public Session findBySSOToken(String ssoToken) {
Query query = entityManager.createQuery("SELECT s FROM SessionEntity s WHERE s.ssoToken = :ssoToken").setParameter("ssoToken", ssoToken);
List<Session> resultList = query.getResultList();
if (resultList.size() == 0) {
return null;
} else if (resultList.size() == 1) {
return resultList.get(0);
}
throw new IllegalStateException("Multiple sessions found for token: '" + ssoToken + "'");
}Example 2 with Session
use of org.simbasecurity.core.domain.Session in project simba-os by cegeka.
the class SessionServiceImplTest method createSessionMock.
private Session createSessionMock(boolean expired) {
User userMock = mock(User.class);
when(userMock.getUserName()).thenReturn(USER_NAME);
Session sessionMock = mock(Session.class);
when(sessionMock.isExpired()).thenReturn(expired);
when(sessionMock.getUser()).thenReturn(userMock);
when(sessionMock.getClientIpAddress()).thenReturn(REMOTE_IP);
when(sessionMock.getSSOToken()).thenReturn(SSO_TOKEN);
return sessionMock;
}Example 3 with Session
use of org.simbasecurity.core.domain.Session in project simba-os by cegeka.
the class CheckSessionCommand method execute.
@Override
public State execute(ChainContext context) throws Exception {
SSOToken ssoToken;
if (context.isSsoTokenMappingKeyProvided() && context.getCurrentSession() != null) {
ssoToken = context.getCurrentSession().getSSOToken();
} else {
ssoToken = context.getRequestSSOToken();
}
if (ssoToken == null) {
redirectToLogin(context);
audit.log(auditLogFactory.createEventForAuthentication(context, AuditMessages.NO_SSOTOKEN_FOUND_REDIRECT_LOGIN));
return State.FINISH;
}
Session currentSession = context.getCurrentSession();
if (currentSession == null || currentSession.isExpired()) {
redirectToLogin(context);
sessionService.removeSession(currentSession);
audit.log(auditLogFactory.createEventForAuthenticationForFailure(context, AuditMessages.SESSION_INVALID));
return State.FINISH;
}
currentSession.updateLastAccesTime();
context.setUserPrincipal(currentSession.getUser().getUserName());
audit.log(auditLogFactory.createEventForAuthenticationForSuccess(context, AuditMessages.CHECK_SESSION));
return State.CONTINUE;
}Example 4 with Session
use of org.simbasecurity.core.domain.Session in project simba-os by cegeka.
the class LogoutCommandTest method onLogoutRequestRemoveSessionAndRedirectAndDeleteCookie.
@Test
public void onLogoutRequestRemoveSessionAndRedirectAndDeleteCookie() throws Exception {
SSOToken sSOToken = new SSOToken("token");
when(chainContext.getUserName()).thenReturn(USERNAME);
when(chainContext.getClientIpAddress()).thenReturn(CLIENT_IP);
when(chainContext.isLogoutRequest()).thenReturn(true);
Session sessionMock = mock(Session.class);
when(chainContext.getCurrentSession()).thenReturn(sessionMock);
when(chainContext.getRequestSSOToken()).thenReturn(sSOToken);
State state = logoutCommand.execute(chainContext);
assertEquals(State.FINISH, state);
verify(sessionService).removeSession(isA(Session.class));
verify(chainContext).activateAction(ActionType.DELETE_COOKIE);
verify(chainContext).redirectToLogout();
verify(auditMock).log(captor.capture());
AuditLogEvent resultAuditLogEvent = captor.getValue();
assertEquals(AuditLogEventCategory.SESSION, resultAuditLogEvent.getCategory());
assertEquals(AuditMessages.SUCCESS + AuditMessages.LOGGED_OUT + ": SSOToken=" + sSOToken, resultAuditLogEvent.getMessage());
}
Also used :
AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent)
SSOToken(org.simbasecurity.api.service.thrift.SSOToken)
State(org.simbasecurity.core.chain.Command.State)
Session(org.simbasecurity.core.domain.Session)
Test(org.junit.Test)
Example 5 with Session
use of org.simbasecurity.core.domain.Session in project simba-os by cegeka.
the class ChangePasswordCommandTest method testPasswordChangeDuringSessionRedirectToPasswordChanged.
@Test
public void testPasswordChangeDuringSessionRedirectToPasswordChanged() throws Exception {
Session sessionMock = mock(Session.class);
when(chainContextMock.getCurrentSession()).thenReturn(sessionMock);
when(chainContextMock.isChangePasswordRequest()).thenReturn(Boolean.TRUE);
when(chainContextMock.getUserName()).thenReturn(USERNAME);
when(chainContextMock.getClientIpAddress()).thenReturn(IP_ADDRESS);
when(chainContextMock.getRequestParameter(AuthenticationConstants.PASSWORD)).thenReturn(OLD_PASSWORD);
when(chainContextMock.getRequestParameter(AuthenticationConstants.NEW_PASSWORD)).thenReturn(NEW_PASSWORD);
State state = command.execute(chainContextMock);
verify(auditMock).log(captor.capture());
AuditLogEvent resultAuditLogEvent = captor.getValue();
assertEquals(AuditLogEventCategory.SESSION, resultAuditLogEvent.getCategory());
assertEquals(AuditMessages.SUCCESS + AuditMessages.PASSWORD_CHANGED, resultAuditLogEvent.getMessage());
verify(chainContextMock).redirectToPasswordChanged();
assertEquals(State.FINISH, state);
}Aggregations
Session (org.simbasecurity.core.domain.Session)17
Test (org.junit.Test)7
SSOToken (org.simbasecurity.api.service.thrift.SSOToken)5
User (org.simbasecurity.core.domain.User)4
TSession (org.simbasecurity.api.service.thrift.TSession)2
AuditLogEvent (org.simbasecurity.core.audit.AuditLogEvent)2
ChainContext (org.simbasecurity.core.chain.ChainContext)2
State (org.simbasecurity.core.chain.Command.State)2
Query (javax.persistence.Query)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
TException (org.apache.thrift.TException)1
Before (org.junit.Before)1
RequestData (org.simbasecurity.api.service.thrift.RequestData)1
TUser (org.simbasecurity.api.service.thrift.TUser)1
ChainImpl (org.simbasecurity.core.chain.ChainImpl)1
Command (org.simbasecurity.core.chain.Command)1
LoginMapping (org.simbasecurity.core.domain.LoginMapping)1
SSOTokenMapping (org.simbasecurity.core.domain.SSOTokenMapping)1
SessionEntity (org.simbasecurity.core.domain.SessionEntity)1
SimbaException (org.simbasecurity.core.exception.SimbaException)1
