Example 6 with Session
use of org.simbasecurity.core.domain.Session in project simba-os by cegeka.
the class CheckSessionCommandTest method tokenIsTakenFromRequestData_IfNoMappingKeyProvided.
@Test
public void tokenIsTakenFromRequestData_IfNoMappingKeyProvided() throws Exception {
Session sessionMock = mock(Session.class);
when(contextMock.isSsoTokenMappingKeyProvided()).thenReturn(false);
when(contextMock.getCurrentSession()).thenReturn(sessionMock);
command.execute(contextMock);
verify(contextMock, times(2)).getRequestSSOToken();
}Example 7 with Session
use of org.simbasecurity.core.domain.Session in project simba-os by cegeka.
the class UserService method changePassword.
@RequestMapping("changePassword")
@ResponseBody
public void changePassword(@RequestHeader(value = SIMBA_SSO_TOKEN, required = false) String ssoTokenFromHeader, @CookieValue(value = SIMBA_SSO_TOKEN, required = false) String ssoTokenFromCookie, @RequestBody ChangePasswordDTO changePasswordDTO, HttpServletResponse response) {
String ssoToken = (ssoTokenFromHeader != null ? ssoTokenFromHeader : ssoTokenFromCookie);
if (ssoToken == null || changePasswordDTO.getUserName() == null) {
sendUnauthorizedError(response);
return;
}
Session activeSession = sessionRepository.findBySSOToken(new SSOToken(ssoToken));
if (activeSession == null) {
sendUnauthorizedError(response);
return;
} else {
User sessionUser = activeSession.getUser();
User userThatNeedsPasswordChange = userRepository.findByName(changePasswordDTO.getUserName());
if (!sessionUser.getUserName().equals(userThatNeedsPasswordChange.getUserName())) {
sendUnauthorizedError(response);
return;
} else {
try {
userThatNeedsPasswordChange.changePassword(changePasswordDTO.getNewPassword(), changePasswordDTO.getNewPasswordConfirmation());
} catch (SimbaException ex) {
sendError(ErrorSender.UNABLE_TO_CHANGE_PASSWORD_ERROR_CODE, response, ex.getMessage());
return;
}
userRepository.flush();
}
}
}
Also used :
SimbaException(org.simbasecurity.core.exception.SimbaException)
SSOToken(org.simbasecurity.api.service.thrift.SSOToken)
User(org.simbasecurity.core.domain.User)
Session(org.simbasecurity.core.domain.Session)
Example 8 with Session
use of org.simbasecurity.core.domain.Session in project simba-os by cegeka.
the class ManagementAudit method log.
public void log(String pattern, Object... arguments) {
String ssoToken = ThriftTokenAccess.get();
if (ssoToken != null) {
Session session = sessionRepository.findBySSOToken(ssoToken);
String format = format(pattern, arguments);
if (format.length() > MAX_MESSAGE_LENGTH)
format = format.substring(0, MAX_MESSAGE_LENGTH);
audit.log(factory.createEventForManagement(session.getUser().getUserName(), session.getSSOToken(), format));
}
}
Also used :
Session(org.simbasecurity.core.domain.Session)
Example 9 with Session
use of org.simbasecurity.core.domain.Session in project simba-os by cegeka.
the class SessionServiceImpl method purgeExpiredSessions.
@Override
public void purgeExpiredSessions() {
Collection<Session> sessions = sessionRepository.findAll();
for (Session session : sessions) {
if (session.isExpired()) {
archiveSession(session);
audit.log(auditLogEventFactory.createEventForSession(session.getUser().getUserName(), session.getSSOToken(), session.getClientIpAddress(), "Purged expired session"));
sessionRepository.remove(session);
}
}
}Example 10 with Session
use of org.simbasecurity.core.domain.Session in project simba-os by cegeka.
the class SessionServiceImpl method createSession.
@Override
public Session createSession(String userName, String clientIpAddress, String hostServerName, String userAgent, String requestURL) {
User user = userRepository.findByName(userName);
SSOToken ssoToken = new SSOToken(UUID.randomUUID().toString());
Session session = new SessionEntity(user, ssoToken, clientIpAddress, hostServerName);
sessionRepository.persist(session);
audit.log(auditLogEventFactory.createEventForSession(user.getUserName(), ssoToken, clientIpAddress, hostServerName, userAgent, requestURL, SESSION_CREATED));
return session;
}
Also used :
TUser(org.simbasecurity.api.service.thrift.TUser)
User(org.simbasecurity.core.domain.User)
SSOToken(org.simbasecurity.api.service.thrift.SSOToken)
SessionEntity(org.simbasecurity.core.domain.SessionEntity)
Session(org.simbasecurity.core.domain.Session)
TSession(org.simbasecurity.api.service.thrift.TSession)
Aggregations
Session (org.simbasecurity.core.domain.Session)17
Test (org.junit.Test)7
SSOToken (org.simbasecurity.api.service.thrift.SSOToken)5
User (org.simbasecurity.core.domain.User)4
TSession (org.simbasecurity.api.service.thrift.TSession)2
AuditLogEvent (org.simbasecurity.core.audit.AuditLogEvent)2
ChainContext (org.simbasecurity.core.chain.ChainContext)2
State (org.simbasecurity.core.chain.Command.State)2
Query (javax.persistence.Query)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
TException (org.apache.thrift.TException)1
Before (org.junit.Before)1
RequestData (org.simbasecurity.api.service.thrift.RequestData)1
TUser (org.simbasecurity.api.service.thrift.TUser)1
ChainImpl (org.simbasecurity.core.chain.ChainImpl)1
Command (org.simbasecurity.core.chain.Command)1
LoginMapping (org.simbasecurity.core.domain.LoginMapping)1
SSOTokenMapping (org.simbasecurity.core.domain.SSOTokenMapping)1
SessionEntity (org.simbasecurity.core.domain.SessionEntity)1
SimbaException (org.simbasecurity.core.exception.SimbaException)1
