org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/vaadin/VaadinSessionManager.java - gerrit/osbp/org.eclipse.osbp.authentication - Git at Google

 /**
  *
  * Copyright (c) 2011, 2016 - Loetz GmbH&Co.KG (69115 Heidelberg, Germany)
  *
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
  * http://www.eclipse.org/legal/epl-v10.html
  *
  * Contributors:
  * Christophe Loetz (Loetz GmbH&Co.KG) - initial implementation
  */
 package org.eclipse.osbp.authentication.vaadin;

 //import com.google.inject.Inject;
 import com.vaadin.server.VaadinSession;
 import org.apache.shiro.session.Session;
 import org.apache.shiro.session.SessionException;
 import org.apache.shiro.session.mgt.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import java.util.UUID;

 // TODO: Auto-generated Javadoc
 /**
  * depends on ideas of David Sowerby.
  *
  *
   * A {@link SessionManager} implementation that uses the {@link VaadinSession} for the current user to persist and
  * locate the Shiro {@link Session}. This tightly ties the Shiro security Session lifecycle to that of the
  * VaadinSession
  * allowing expiration, persistence, and clustering to be handled only in the Vaadin configuration rather than be
  * duplicated in both the Vaadin and Shiro configuration.
  *
  * @author mpilone
  */
 public class VaadinSessionManager implements SessionManager {
     /**
      * The session attribute name prefix used for storing the Shiro Session in the VaadinSession.
      */
     private final static String SESSION_ATTRIBUTE_PREFIX = VaadinSessionManager.class.getName() + ".session.";

     /** The log. */
     private static Logger log = LoggerFactory.getLogger(VaadinSessionManager.class);
     /**
      * The session factory used to create new sessions. In the future, it may make more sense to simply implement a
      * {@link Session} that is a lightweight wrapper on the {@link VaadinSession} rather than storing a
      * {@link SimpleSession} in the {@link VaadinSession}. However by using a SimpleSession, the security information
      * is
      * contained in a neat bucket inside the overall VaadinSession.
      */
     private final SessionFactory sessionFactory;

     /** The session provider. */
     private final VaadinSessionProvider sessionProvider;

     /**
      * Constructs the VaadinSessionManager.
      *
      * @param sessionProvider the session provider
      */

     public VaadinSessionManager(VaadinSessionProvider sessionProvider) {
         this.sessionProvider = sessionProvider;
         sessionFactory = new SimpleSessionFactory();
     }

     /*
      * (non-Javadoc)
      *
      * @see org.apache.shiro.session.mgt.SessionManager#start(org.apache.shiro.session .mgt.SessionContext)
      */
     @Override
     public Session start(SessionContext context) {
         log.debug("starting VaadinSessionManager");
         // Retrieve the VaadinSession for the current user.
         VaadinSession vaadinSession = sessionProvider.get();

         // Create a new security session using the session factory.
         SimpleSession shiroSession = (SimpleSession) sessionFactory.createSession(context);

         // Assign a unique ID to the session now because this session manager
         // doesn't use a SessionDAO for persistence as it delegates to any
         // VaadinSession configured persistence.
         shiroSession.setId(UUID.randomUUID()
                                .toString());

         // Put the security session in the VaadinSession. We use the session's ID as
         // part of the key just to be safe so we can double check that the security
         // session matches when it is requested in getSession.
         vaadinSession.setAttribute(SESSION_ATTRIBUTE_PREFIX + shiroSession.getId(), shiroSession);

         return shiroSession;
     }

     /*
      * (non-Javadoc)
      *
      * @see org.apache.shiro.session.mgt.SessionManager#getSession(org.apache.shiro .session.mgt.SessionKey)
      */
     @Override
     public Session getSession(SessionKey key) throws SessionException {

         // Retrieve the VaadinSession for the current user.
         VaadinSession vaadinSession = sessionProvider.get();

         String attributeName = SESSION_ATTRIBUTE_PREFIX + key.getSessionId();

         if (vaadinSession != null) {
             // If we have a valid VaadinSession, try to get the Shiro Session.
             SimpleSession shiroSession = (SimpleSession) vaadinSession.getAttribute(attributeName);

             if (shiroSession != null) {

                 // Make sure the Shiro Session hasn't been stopped or expired (i.e. the
                 // user logged out).
                 if (shiroSession.isValid()) {
                     return shiroSession;
                 } else {
                     // This is an invalid or expired session so we'll clean it up.
                     vaadinSession.setAttribute(attributeName, null);
                 }
             }
         }

         return null;
     }
 }
	/**
	*
	* Copyright (c) 2011, 2016 - Loetz GmbH&Co.KG (69115 Heidelberg, Germany)
	*
	* All rights reserved. This program and the accompanying materials
	* are made available under the terms of the Eclipse Public License v1.0
	* which accompanies this distribution, and is available at
	* http://www.eclipse.org/legal/epl-v10.html
	*
	* Contributors:
	* Christophe Loetz (Loetz GmbH&Co.KG) - initial implementation
	*/
	package org.eclipse.osbp.authentication.vaadin;

	//import com.google.inject.Inject;
	import com.vaadin.server.VaadinSession;
	import org.apache.shiro.session.Session;
	import org.apache.shiro.session.SessionException;
	import org.apache.shiro.session.mgt.*;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	import java.util.UUID;

	// TODO: Auto-generated Javadoc
	/**
	* depends on ideas of David Sowerby.
	*
	*
	* A {@link SessionManager} implementation that uses the {@link VaadinSession} for the current user to persist and
	* locate the Shiro {@link Session}. This tightly ties the Shiro security Session lifecycle to that of the
	* VaadinSession
	* allowing expiration, persistence, and clustering to be handled only in the Vaadin configuration rather than be
	* duplicated in both the Vaadin and Shiro configuration.
	*
	* @author mpilone
	*/
	public class VaadinSessionManager implements SessionManager {
	/**
	* The session attribute name prefix used for storing the Shiro Session in the VaadinSession.
	*/
	private final static String SESSION_ATTRIBUTE_PREFIX = VaadinSessionManager.class.getName() + ".session.";

	/** The log. */
	private static Logger log = LoggerFactory.getLogger(VaadinSessionManager.class);
	/**
	* The session factory used to create new sessions. In the future, it may make more sense to simply implement a
	* {@link Session} that is a lightweight wrapper on the {@link VaadinSession} rather than storing a
	* {@link SimpleSession} in the {@link VaadinSession}. However by using a SimpleSession, the security information
	* is
	* contained in a neat bucket inside the overall VaadinSession.
	*/
	private final SessionFactory sessionFactory;

	/** The session provider. */
	private final VaadinSessionProvider sessionProvider;

	/**
	* Constructs the VaadinSessionManager.
	*
	* @param sessionProvider the session provider
	*/

	public VaadinSessionManager(VaadinSessionProvider sessionProvider) {
	this.sessionProvider = sessionProvider;
	sessionFactory = new SimpleSessionFactory();
	}

	/*
	* (non-Javadoc)
	*
	* @see org.apache.shiro.session.mgt.SessionManager#start(org.apache.shiro.session .mgt.SessionContext)
	*/
	@Override
	public Session start(SessionContext context) {
	log.debug("starting VaadinSessionManager");
	// Retrieve the VaadinSession for the current user.
	VaadinSession vaadinSession = sessionProvider.get();

	// Create a new security session using the session factory.
	SimpleSession shiroSession = (SimpleSession) sessionFactory.createSession(context);

	// Assign a unique ID to the session now because this session manager
	// doesn't use a SessionDAO for persistence as it delegates to any
	// VaadinSession configured persistence.
	shiroSession.setId(UUID.randomUUID()
	.toString());

	// Put the security session in the VaadinSession. We use the session's ID as
	// part of the key just to be safe so we can double check that the security
	// session matches when it is requested in getSession.
	vaadinSession.setAttribute(SESSION_ATTRIBUTE_PREFIX + shiroSession.getId(), shiroSession);

	return shiroSession;
	}

	/*
	* (non-Javadoc)
	*
	* @see org.apache.shiro.session.mgt.SessionManager#getSession(org.apache.shiro .session.mgt.SessionKey)
	*/
	@Override
	public Session getSession(SessionKey key) throws SessionException {

	// Retrieve the VaadinSession for the current user.
	VaadinSession vaadinSession = sessionProvider.get();

	String attributeName = SESSION_ATTRIBUTE_PREFIX + key.getSessionId();

	if (vaadinSession != null) {
	// If we have a valid VaadinSession, try to get the Shiro Session.
	SimpleSession shiroSession = (SimpleSession) vaadinSession.getAttribute(attributeName);

	if (shiroSession != null) {

	// Make sure the Shiro Session hasn't been stopped or expired (i.e. the
	// user logged out).
	if (shiroSession.isValid()) {
	return shiroSession;
	} else {
	// This is an invalid or expired session so we'll clean it up.
	vaadinSession.setAttribute(attributeName, null);
	}
	}
	}

	return null;
	}
	}