Is there something managing user concurrent sessions?

Question

We need to implement a security enabling a user to be logged only in one session. We will either prevent him to log twice or kill any other session on login.

Is there already something to support that (aka sessiob listener or session filter).

Accepted Answer

The following utility methods returns you requested informations, so they could be called on login. Please note, that is makes use of internal APIs.

package internals;

import java.util.List;
import java.util.concurrent.Callable;
import java.util.stream.Stream;

import org.apache.commons.lang.StringUtils;

import ch.ivyteam.ivy.security.ISecurityManager;
import ch.ivyteam.ivy.security.ISession;
import ch.ivyteam.ivy.security.internal.SecurityManager;


public class SessionUtils {
    public static boolean isUserLoggedInInOtherSessionAsSystem(String userName) {
        return executeAsSystem(() -> isUserLoggedInInOtherSession(userName));
    }

    public static boolean isUserLoggedInInOtherSession(String userName) {
        return getOtherSessionOfUser(userName).findFirst().isPresent();
    }

    public static void logoutUserFromOtherSessionsAsSystem(String userName) {
        executeAsSystem(() -> logoutUserFromOtherSessions(userName));
    }

    public static Void logoutUserFromOtherSessions(String userName) {
        getOtherSessionOfUser(userName).forEach(session -> session.logoutSessionUser());
        return null;
    }

    public static Stream<ISession> getOtherSessionOfUser(String userName)
    {
        if (StringUtils.isBlank(userName)) {
            return Stream.empty();
        }
        ISecurityManager securityManager = SecurityManager.getSecurityManager();
        ISession currentSession = securityManager.getCurrentSession();
        List<ISession> allSessions = securityManager.getSessions();
        return allSessions.stream()
                .filter(session -> session != currentSession)
                .filter(session -> userName.equals(session.getSessionUserName()));
    }

    private static <R> R executeAsSystem(Callable<R> callable)
    {
        try {
            return SecurityManager.getSecurityManager().executeAsSystem(callable);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}

Accepted Answer

0

You could implement an ch.ivyteam.ivy.security.ISessionExtension for that. It can be registered on the SecurityManager e.g.

SecurityManager.getSecurityManager().addSessionExtension(ISessionExtension ext)

link

answered 13.12.2016 at 11:37

Reguel Werme... ♦♦
9.4k●3●19●58
accept rate: 70%

Thanks for answer, I'm going that way, is there a specific place to set this configuration? something getting called at application startup.

(14.12.2016 at 21:25) RemiMorin

You could use an automatically started process for the registration. Similar as described here: http://answers.axonivy.com/questions/1938/how-can-we-use-global-variable-in-automatic-process-element

(15.12.2016 at 08:46) Reguel Werme... ♦♦

Is there something managing user concurrent sessions?

Follow this question

Related questions