1 | package gov.va.med.edp.web.servlet.listener;
|
---|
2 |
|
---|
3 | import gov.va.med.edp.dao.SessionDao;
|
---|
4 | import gov.va.med.edp.springframework.security.userdetails.VistaUserDetails;
|
---|
5 | import gov.va.med.edp.vo.SessionVO;
|
---|
6 | import gov.va.med.edp.web.controller.SessionConstants;
|
---|
7 | import org.apache.commons.logging.Log;
|
---|
8 | import org.apache.commons.logging.LogFactory;
|
---|
9 | import org.springframework.security.context.HttpSessionContextIntegrationFilter;
|
---|
10 | import org.springframework.security.context.SecurityContext;
|
---|
11 | import org.springframework.web.context.WebApplicationContext;
|
---|
12 | import org.springframework.web.context.support.WebApplicationContextUtils;
|
---|
13 | import org.springframework.dao.DataAccessException;
|
---|
14 |
|
---|
15 | import javax.servlet.http.HttpSessionAttributeListener;
|
---|
16 | import javax.servlet.http.HttpSessionBindingEvent;
|
---|
17 |
|
---|
18 | public class TimeOutIntegrationSessionAttributeListener implements HttpSessionAttributeListener {
|
---|
19 | private static final String SESSION_DAO_BEAN_NAME = "sessionDao";
|
---|
20 |
|
---|
21 | private static final Log log = LogFactory.getLog(TimeOutIntegrationSessionAttributeListener.class);
|
---|
22 |
|
---|
23 | public void attributeAdded(HttpSessionBindingEvent event) {
|
---|
24 | if (!event.getName().equals(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY)) return;
|
---|
25 |
|
---|
26 | setTimeOut(event);
|
---|
27 | }
|
---|
28 |
|
---|
29 | public void attributeRemoved(HttpSessionBindingEvent event) {
|
---|
30 | if (!event.getName().equals(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY)) return;
|
---|
31 | }
|
---|
32 |
|
---|
33 | public void attributeReplaced(HttpSessionBindingEvent event) {
|
---|
34 | if (!event.getName().equals(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY)) return;
|
---|
35 |
|
---|
36 | setTimeOut(event);
|
---|
37 | }
|
---|
38 |
|
---|
39 | private void setTimeOut(HttpSessionBindingEvent event) {
|
---|
40 | SecurityContext securityContext = (SecurityContext) event.getValue();
|
---|
41 | VistaUserDetails userInfo = (VistaUserDetails) securityContext.getAuthentication().getPrincipal();
|
---|
42 |
|
---|
43 | try {
|
---|
44 | WebApplicationContext ac = getApplicationContext(event);
|
---|
45 | SessionDao dao = (SessionDao) ac.getBean(SESSION_DAO_BEAN_NAME, SessionDao.class);
|
---|
46 |
|
---|
47 | SessionVO sessionInfo = dao.getSessionInfo(userInfo.getLoginStationNumber(), userInfo.getDuz());
|
---|
48 |
|
---|
49 | String serverPackageVersion = sessionInfo.getServerPackageVersion();
|
---|
50 | if (log.isDebugEnabled()) log.debug("set server package version to '" + serverPackageVersion + "'");
|
---|
51 | event.getSession().setAttribute(SessionConstants.SERVER_PACKAGE_VERSION_KEY, serverPackageVersion);
|
---|
52 |
|
---|
53 | int timeOut = sessionInfo.getMaxInactiveInterval();
|
---|
54 | event.getSession().setMaxInactiveInterval(timeOut);
|
---|
55 | if (log.isDebugEnabled()) log.debug("set timeout for user " + userInfo.getDuz() + " to " + timeOut + " seconds.");
|
---|
56 | } catch (DataAccessException e) {
|
---|
57 | log.error("unable to fetch session info", e);
|
---|
58 | event.getSession().setAttribute(SessionConstants.SERVER_ERROR_KEY, e);
|
---|
59 | }
|
---|
60 | }
|
---|
61 |
|
---|
62 | private WebApplicationContext getApplicationContext(HttpSessionBindingEvent event) throws IllegalStateException {
|
---|
63 | return WebApplicationContextUtils.getRequiredWebApplicationContext(event.getSession().getServletContext());
|
---|
64 | }
|
---|
65 |
|
---|
66 | }
|
---|