Examples with UserSessionManagementService org.wso2.carbon.identity.application.authentication.framework.UserSessionManagementService used on opensource projects

Search in sources :

Example 1 with UserSessionManagementService

use of org.wso2.carbon.identity.application.authentication.framework.UserSessionManagementService in project carbon-identity-framework by wso2.

the class SessionManagementService method removeMySession.

/**
 * Terminates the requested session, after validating whether the session belongs to the logged in user.
 * @deprecated Use UserSessionManagementService to terminate the session of the current user
 * {@link org.wso2.carbon.identity.application.authentication.framework.UserSessionManagementService
 * #terminateSessionBySessionId(String, String)}
 * @param sessionId
 * @return
 */
public boolean removeMySession(String sessionId) {
    if (StringUtils.isBlank(sessionId)) {
        return false;
    }
    SessionContext sessionContext = FrameworkUtils.getSessionContextFromCache(sessionId, FrameworkUtils.getLoginTenantDomainFromContext());
    // Check whether the session belongs to the logged in user.
    CarbonContext carbonContext = CarbonContext.getThreadLocalCarbonContext();
    String username = carbonContext.getUsername();
    // Extract the user store domain if there is any or set to 'PRIMARY'.
    String userStoreDomain = "PRIMARY";
    username = UserCoreUtil.removeDomainFromName(username);
    AuthenticatedUser authenticatedUser = (AuthenticatedUser) sessionContext.getProperty(FrameworkConstants.AUTHENTICATED_USER);
    if (username.equals(authenticatedUser.getUserName()) && userStoreDomain.equals(authenticatedUser.getUserStoreDomain()) && carbonContext.getTenantDomain().equals(authenticatedUser.getTenantDomain())) {
        ServerSessionManagementService serverSessionManagementService = FrameworkServiceDataHolder.getInstance().getServerSessionManagementService();
        return serverSessionManagementService.removeSession(sessionId);
    } else {
        // TODO : Handle federated scenario.
        log.warn(String.format("Trying to terminate a session which does not belong to logged in user (%s). " + "This might be an attempt for a security breach", username));
        return false;
    }
}
Also used : SessionContext(org.wso2.carbon.identity.application.authentication.framework.context.SessionContext) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) ServerSessionManagementService(org.wso2.carbon.identity.application.authentication.framework.ServerSessionManagementService) CarbonContext(org.wso2.carbon.context.CarbonContext)

Aggregations

CarbonContext (org.wso2.carbon.context.CarbonContext)1 ServerSessionManagementService (org.wso2.carbon.identity.application.authentication.framework.ServerSessionManagementService)1 SessionContext (org.wso2.carbon.identity.application.authentication.framework.context.SessionContext)1 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial