opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/security/SessionManager.java

   1 /*
   2  * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.controller.usermanager.security;
  10
  11 import java.util.ArrayList;
  12 import java.util.HashMap;
  13 import java.util.HashSet;
  14 import java.util.Iterator;
  15 import java.util.List;
  16 import java.util.Map;
  17 import java.util.Map.Entry;
  18 import java.util.Set;
  19
  20 import javax.servlet.ServletContext;
  21 import javax.servlet.http.HttpSession;
  22 import javax.servlet.http.HttpSessionEvent;
  23
  24 import org.opendaylight.controller.usermanager.ISessionManager;
  25 import org.slf4j.Logger;
  26 import org.slf4j.LoggerFactory;
  27 import org.springframework.security.core.context.SecurityContext;
  28
  29 public class SessionManager implements ISessionManager {
  30
  31     private static final Logger logger = LoggerFactory
  32             .getLogger(SessionManager.class);
  33
  34     private Map<ServletContext, Set<HttpSession>> sessionMap = new HashMap<ServletContext, Set<HttpSession>>();
  35     public static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
  36
  37     @Override
  38     public void sessionCreated(HttpSessionEvent se) {
  39
  40         ServletContext ctx = se.getSession().getServletContext();
  41         String path = ctx.getContextPath();
  42
  43         logger.debug("Servlet Context Path created " + path);
  44         logger.debug("Session Id created for ctxt path " + se.getSession().getId());
  45
  46         synchronized (sessionMap) {
  47             Set<HttpSession> set = sessionMap.get(ctx);
  48             if (set == null) {
  49                 set = new HashSet<HttpSession>();
  50                 sessionMap.put(ctx, set);
  51             }
  52             set.add(se.getSession());
  53         }
  54     }
  55
  56     @Override
  57     public void sessionDestroyed(HttpSessionEvent se) {
  58         ServletContext ctx = se.getSession().getServletContext();
  59         String path = ctx.getContextPath();
  60         logger.debug("Servlet Context Path of destroyed session - " + path);
  61         logger.debug("Session Id destroyed " + se.getSession().getId());
  62
  63         synchronized (sessionMap) {
  64             Set<HttpSession> set = sessionMap.get(ctx);
  65             if (set != null) {
  66                 set.remove(se.getSession());
  67             }
  68         }
  69     }
  70
  71     @Override
  72     public void invalidateSessions(String username, String sessionId) {
  73
  74         synchronized (sessionMap) {
  75             List<HttpSession> sessionsList = new ArrayList<HttpSession>();
  76             Iterator<Map.Entry<ServletContext, Set<HttpSession>>> sessMapIterator = sessionMap
  77                     .entrySet().iterator();
  78             while (sessMapIterator.hasNext()) {
  79
  80                 Entry<ServletContext, Set<HttpSession>> val = sessMapIterator
  81                         .next();
  82                 Iterator<HttpSession> sessIterator = val.getValue().iterator();
  83
  84                 while (sessIterator.hasNext()) {
  85                     HttpSession session = sessIterator.next();
  86                     if (session != null && sessionId != null && session.getId() != null && !session.getId().equals(sessionId)) {
  87                         Object contextFromSession = session
  88                                 .getAttribute(SPRING_SECURITY_CONTEXT_KEY);
  89                         if (contextFromSession != null
  90                                 && contextFromSession instanceof SecurityContext) {
  91                             String storedUserName = ((SecurityContext) contextFromSession)
  92                                     .getAuthentication().getName();
  93                             if (storedUserName != null && storedUserName.equals(username)) {
  94                                 sessionsList.add(session);
  95                                 sessIterator.remove();
  96                             }
  97                             else {
  98                                 logger.debug("storedUserName is null or did not match username " + username);
  99                             }
 100                         } else {
 101                             logger.debug("contextFromSession is null or not instance of SecurityContext");
 102                         }
 103                     }
 104                     else {
 105                         logger.debug(" session or sessionId is null ");
 106                     }
 107                 }
 108             }
 109
 110             Iterator<HttpSession> sessionIt = sessionsList.iterator();
 111             while (sessionIt.hasNext()) {
 112                 HttpSession session = sessionIt.next();
 113                 sessionIt.remove();
 114                 session.invalidate();
 115             }
 116         }
 117     }
 118
 119 }