Author: mposolda Date: 2012-02-16 04:32:31 -0500 (Thu, 16 Feb 2012) New Revision: 8429 Added: portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryListener.java Modified: portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistry.java portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryImpl.java portal/trunk/web/portal/src/main/webapp/WEB-INF/web.xml Log: GTNPORTAL-2275 Added AuthenticationRegistryListener to make sure that AuthenticationRegistry entry is cleared when session expire. Modified: portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistry.java =================================================================== --- portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistry.java 2012-02-15 21:18:41 UTC (rev 8428) +++ portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistry.java 2012-02-16 09:32:31 UTC (rev 8429) @@ -47,4 +47,7 @@ public Credentials removeCredentials(HttpServletRequest request); + + public void removeClient(String sessionId); + } Modified: portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryImpl.java =================================================================== --- portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryImpl.java 2012-02-15 21:18:41 UTC (rev 8428) +++ portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryImpl.java 2012-02-16 09:32:31 UTC (rev 8429) @@ -24,6 +24,8 @@ package org.exoplatform.web.security; +import org.gatein.common.logging.Logger; +import org.gatein.common.logging.LoggerFactory; import org.gatein.wci.security.Credentials; import javax.servlet.http.HttpServletRequest; @@ -39,7 +41,8 @@ */ public class AuthenticationRegistryImpl implements AuthenticationRegistry { - + private static final Logger log = LoggerFactory.getLogger(AuthenticationRegistryImpl.class); + // Key is ID of HTTP Session. Value is map with various attributes of single client (session), // which will be used during authentication process. private final ConcurrentMap<String, Map<String, Object>> registry = new ConcurrentHashMap<String, Map<String, Object>>(); @@ -79,13 +82,24 @@ // Clear map if no more attributes are here. if (attributesOfClient.size() == 0) { - registry.remove(sessionId); + removeClient(sessionId); } return credentials; } + public void removeClient(String sessionId) + { + registry.remove(sessionId); + + if (log.isTraceEnabled()) + { + log.trace("Entry cleared for session " + sessionId); + } + } + + private Map<String, Object> getAttributesOfClient(String sessionId) { Map<String, Object> attributes = registry.get(sessionId); @@ -94,6 +108,11 @@ { attributes = new ConcurrentHashMap<String, Object>(); registry.putIfAbsent(sessionId, attributes); + + if (log.isTraceEnabled()) + { + log.trace("New entry created in AuthenticationRegistry for session " + sessionId); + } } return registry.get(sessionId); Added: portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryListener.java =================================================================== --- portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryListener.java (rev 0) +++ portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/AuthenticationRegistryListener.java 2012-02-16 09:32:31 UTC (rev 8429) @@ -0,0 +1,55 @@ +/* + * JBoss, a division of Red Hat + * Copyright 2012, Red Hat Middleware, LLC, and individual contributors as indicated + * by the @authors tag. See the copyright.txt in the distribution for a + * full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.exoplatform.web.security; + +import org.exoplatform.container.ExoContainer; +import org.exoplatform.container.web.AbstractHttpSessionListener; + +import javax.servlet.http.HttpSessionEvent; + +/** + * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> + */ +public class AuthenticationRegistryListener extends AbstractHttpSessionListener +{ + + @Override + protected boolean requirePortalEnvironment() + { + return true; + } + + + @Override + protected void onSessionCreated(ExoContainer container, HttpSessionEvent event) + { + } + + + @Override + protected void onSessionDestroyed(ExoContainer container, HttpSessionEvent event) + { + AuthenticationRegistry authenticationRegistry = (AuthenticationRegistry)container.getComponentInstanceOfType(AuthenticationRegistry.class); + authenticationRegistry.removeClient(event.getSession().getId()); + } +} Modified: portal/trunk/web/portal/src/main/webapp/WEB-INF/web.xml =================================================================== --- portal/trunk/web/portal/src/main/webapp/WEB-INF/web.xml 2012-02-15 21:18:41 UTC (rev 8428) +++ portal/trunk/web/portal/src/main/webapp/WEB-INF/web.xml 2012-02-16 09:32:31 UTC (rev 8429) @@ -180,7 +180,10 @@ </listener> <listener> <listener-class>org.exoplatform.services.security.web.JAASConversationStateListener</listener-class> - </listener> + </listener> + <listener> + <listener-class>org.exoplatform.web.security.AuthenticationRegistryListener</listener-class> + </listener> <!-- ================================================================== --> <!-- SERVLET --> <!-- ================================================================== -->