2 * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.controller.usermanager.security;
11 import java.util.ArrayList;
12 import java.util.HashMap;
13 import java.util.HashSet;
14 import java.util.Iterator;
15 import java.util.List;
17 import java.util.Map.Entry;
20 import javax.servlet.ServletContext;
21 import javax.servlet.http.HttpSession;
22 import javax.servlet.http.HttpSessionEvent;
24 import org.opendaylight.controller.usermanager.ISessionManager;
25 import org.slf4j.Logger;
26 import org.slf4j.LoggerFactory;
27 import org.springframework.security.core.context.SecurityContext;
29 public class SessionManager implements ISessionManager {
31 private static final Logger logger = LoggerFactory
32 .getLogger(SessionManager.class);
34 private Map<ServletContext, Set<HttpSession>> sessionMap = new HashMap<ServletContext, Set<HttpSession>>();
35 public static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
38 public void sessionCreated(HttpSessionEvent se) {
40 ServletContext ctx = se.getSession().getServletContext();
41 String path = ctx.getContextPath();
43 logger.debug("Servlet Context Path created " + path);
44 logger.debug("Session Id created for ctxt path " + se.getSession().getId());
46 synchronized (sessionMap) {
47 Set<HttpSession> set = sessionMap.get(ctx);
49 set = new HashSet<HttpSession>();
50 sessionMap.put(ctx, set);
52 set.add(se.getSession());
57 public void sessionDestroyed(HttpSessionEvent se) {
58 ServletContext ctx = se.getSession().getServletContext();
59 String path = ctx.getContextPath();
60 logger.debug("Servlet Context Path of destroyed session - " + path);
61 logger.debug("Session Id destroyed " + se.getSession().getId());
63 synchronized (sessionMap) {
64 Set<HttpSession> set = sessionMap.get(ctx);
66 set.remove(se.getSession());
72 public void invalidateSessions(String username, String sessionId) {
74 synchronized (sessionMap) {
75 List<HttpSession> sessionsList = new ArrayList<HttpSession>();
76 Iterator<Map.Entry<ServletContext, Set<HttpSession>>> sessMapIterator = sessionMap
77 .entrySet().iterator();
78 while (sessMapIterator.hasNext()) {
80 Entry<ServletContext, Set<HttpSession>> val = sessMapIterator
82 Iterator<HttpSession> sessIterator = val.getValue().iterator();
84 while (sessIterator.hasNext()) {
85 HttpSession session = sessIterator.next();
86 if (session != null && sessionId != null && session.getId() != null && !session.getId().equals(sessionId)) {
87 Object contextFromSession = session
88 .getAttribute(SPRING_SECURITY_CONTEXT_KEY);
89 if (contextFromSession != null
90 && contextFromSession instanceof SecurityContext) {
91 String storedUserName = ((SecurityContext) contextFromSession)
92 .getAuthentication().getName();
93 if (storedUserName != null && storedUserName.equals(username)) {
94 sessionsList.add(session);
95 sessIterator.remove();
98 logger.debug("storedUserName is null or did not match username " + username);
101 logger.debug("contextFromSession is null or not instance of SecurityContext");
105 logger.debug(" session or sessionId is null ");
110 Iterator<HttpSession> sessionIt = sessionsList.iterator();
111 while (sessionIt.hasNext()) {
112 HttpSession session = sessionIt.next();
114 session.invalidate();