| 1 | package gov.va.med.edp.web.servlet.listener;
|
|---|
| 2 |
|
|---|
| 3 | import gov.va.med.edp.dao.SessionDao;
|
|---|
| 4 | import gov.va.med.edp.springframework.security.userdetails.VistaUserDetails;
|
|---|
| 5 | import gov.va.med.edp.vo.SessionVO;
|
|---|
| 6 | import gov.va.med.edp.web.controller.SessionConstants;
|
|---|
| 7 | import org.apache.commons.logging.Log;
|
|---|
| 8 | import org.apache.commons.logging.LogFactory;
|
|---|
| 9 | import org.springframework.security.context.HttpSessionContextIntegrationFilter;
|
|---|
| 10 | import org.springframework.security.context.SecurityContext;
|
|---|
| 11 | import org.springframework.web.context.WebApplicationContext;
|
|---|
| 12 | import org.springframework.web.context.support.WebApplicationContextUtils;
|
|---|
| 13 | import org.springframework.dao.DataAccessException;
|
|---|
| 14 |
|
|---|
| 15 | import javax.servlet.http.HttpSessionAttributeListener;
|
|---|
| 16 | import javax.servlet.http.HttpSessionBindingEvent;
|
|---|
| 17 |
|
|---|
| 18 | public class TimeOutIntegrationSessionAttributeListener implements HttpSessionAttributeListener {
|
|---|
| 19 | private static final String SESSION_DAO_BEAN_NAME = "sessionDao";
|
|---|
| 20 |
|
|---|
| 21 | private static final Log log = LogFactory.getLog(TimeOutIntegrationSessionAttributeListener.class);
|
|---|
| 22 |
|
|---|
| 23 | public void attributeAdded(HttpSessionBindingEvent event) {
|
|---|
| 24 | if (!event.getName().equals(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY)) return;
|
|---|
| 25 |
|
|---|
| 26 | setTimeOut(event);
|
|---|
| 27 | }
|
|---|
| 28 |
|
|---|
| 29 | public void attributeRemoved(HttpSessionBindingEvent event) {
|
|---|
| 30 | if (!event.getName().equals(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY)) return;
|
|---|
| 31 | }
|
|---|
| 32 |
|
|---|
| 33 | public void attributeReplaced(HttpSessionBindingEvent event) {
|
|---|
| 34 | if (!event.getName().equals(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY)) return;
|
|---|
| 35 |
|
|---|
| 36 | setTimeOut(event);
|
|---|
| 37 | }
|
|---|
| 38 |
|
|---|
| 39 | private void setTimeOut(HttpSessionBindingEvent event) {
|
|---|
| 40 | SecurityContext securityContext = (SecurityContext) event.getValue();
|
|---|
| 41 | VistaUserDetails userInfo = (VistaUserDetails) securityContext.getAuthentication().getPrincipal();
|
|---|
| 42 |
|
|---|
| 43 | try {
|
|---|
| 44 | WebApplicationContext ac = getApplicationContext(event);
|
|---|
| 45 | SessionDao dao = (SessionDao) ac.getBean(SESSION_DAO_BEAN_NAME, SessionDao.class);
|
|---|
| 46 |
|
|---|
| 47 | SessionVO sessionInfo = dao.getSessionInfo(userInfo.getLoginStationNumber(), userInfo.getDuz());
|
|---|
| 48 |
|
|---|
| 49 | String serverPackageVersion = sessionInfo.getServerPackageVersion();
|
|---|
| 50 | if (log.isDebugEnabled()) log.debug("set server package version to '" + serverPackageVersion + "'");
|
|---|
| 51 | event.getSession().setAttribute(SessionConstants.SERVER_PACKAGE_VERSION_KEY, serverPackageVersion);
|
|---|
| 52 |
|
|---|
| 53 | int timeOut = sessionInfo.getMaxInactiveInterval();
|
|---|
| 54 | event.getSession().setMaxInactiveInterval(timeOut);
|
|---|
| 55 | if (log.isDebugEnabled()) log.debug("set timeout for user " + userInfo.getDuz() + " to " + timeOut + " seconds.");
|
|---|
| 56 | } catch (DataAccessException e) {
|
|---|
| 57 | log.error("unable to fetch session info", e);
|
|---|
| 58 | event.getSession().setAttribute(SessionConstants.SERVER_ERROR_KEY, e);
|
|---|
| 59 | }
|
|---|
| 60 | }
|
|---|
| 61 |
|
|---|
| 62 | private WebApplicationContext getApplicationContext(HttpSessionBindingEvent event) throws IllegalStateException {
|
|---|
| 63 | return WebApplicationContextUtils.getRequiredWebApplicationContext(event.getSession().getServletContext());
|
|---|
| 64 | }
|
|---|
| 65 |
|
|---|
| 66 | }
|
|---|
