test/cuba
1
0
Fork 0
mirror of https://gitee.com/jmix/cuba.git synced 2024-12-04 20:28:00 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

PL-10635 REST API Token revocation is not reflected in user session log

Browse Source
This commit is contained in:
Yuriy Artamonov 2018-04-03 16:26:10 +04:00
parent 7c2a67bba2
commit e60164846a
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
modules/core/src/com/haulmont/cuba/restapi/ServerTokenStoreImpl.java
View File

@ -31,8 +31,10 @@ import com.haulmont.cuba.core.global.TimeSource;
import com.haulmont.cuba.core.global.View;
import com.haulmont.cuba.core.sys.AppContext;
import com.haulmont.cuba.core.sys.SecurityContext;
import com.haulmont.cuba.security.app.UserSessionLog;
import com.haulmont.cuba.security.app.UserSessionsAPI;
import com.haulmont.cuba.security.auth.AuthenticationManager;
import com.haulmont.cuba.security.entity.SessionAction;
import com.haulmont.cuba.security.global.NoUserSessionException;
import com.haulmont.cuba.security.global.UserSession;
import org.apache.commons.lang.LocaleUtils;
@ -59,6 +61,9 @@ public class ServerTokenStoreImpl implements ServerTokenStore {
@Inject
protected AuthenticationManager authenticationManager;
@Inject
protected UserSessionLog userSessionLog;
@Inject
protected UserSessionsAPI userSessions;
@ -527,8 +532,6 @@ public class ServerTokenStoreImpl implements ServerTokenStore {
try {
refreshTokenValueToRefreshTokenStore.put(refreshToken.getTokenValue(), refreshToken.getTokenBytes());
refreshTokenValueToAuthenticationStore.put(refreshToken.getTokenValue(), refreshToken.getAuthenticationBytes());
} finally {
lock.writeLock().unlock();
}
@ -598,6 +601,8 @@ public class ServerTokenStoreImpl implements ServerTokenStore {
AppContext.setSecurityContext(new SecurityContext(session));
try {
authenticationManager.logout();
userSessionLog.updateSessionLogRecord(session, SessionAction.LOGOUT);
} finally {
AppContext.setSecurityContext(null);
}

2
modules/core/src/com/haulmont/cuba/security/auth/AuthenticationServiceBean.java
View File

@ -141,8 +141,6 @@ public class AuthenticationServiceBean implements AuthenticationService {
throw new RuntimeException("Logout of system session from client is not permitted");
}
userSessionLog.updateSessionLogRecord(session, SessionAction.LOGOUT);
authenticationManager.logout();
userSessionLog.updateSessionLogRecord(session, SessionAction.LOGOUT);