View Javadoc
1   /*
2    * Copyright 2014 James Pether Sörling
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *   http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   *	$Id$
17   *  $HeadURL$
18  */
19  package com.hack23.cia.web.impl.ui.application.web.listener;
20  
21  import java.util.ArrayList;
22  import java.util.Collection;
23  
24  import javax.servlet.http.HttpSession;
25  
26  import org.slf4j.Logger;
27  import org.slf4j.LoggerFactory;
28  import org.springframework.beans.factory.annotation.Autowired;
29  import org.springframework.context.ApplicationListener;
30  import org.springframework.security.authentication.AnonymousAuthenticationToken;
31  import org.springframework.security.core.authority.SimpleGrantedAuthority;
32  import org.springframework.security.core.context.SecurityContextHolder;
33  import org.springframework.security.web.session.HttpSessionDestroyedEvent;
34  import org.springframework.stereotype.Service;
35  
36  import com.hack23.cia.service.api.ApplicationManager;
37  import com.hack23.cia.service.api.action.application.DestroyApplicationSessionRequest;
38  
39  /**
40   * The Class HttpSessionDestroyedEventListener.
41   */
42  @Service
43  public final class HttpSessionDestroyedEventListener implements ApplicationListener<HttpSessionDestroyedEvent> {
44  
45  	/** The Constant PRINCIPAL. */
46  	private static final String PRINCIPAL = "principal";
47  
48  	/** The Constant KEY. */
49  	private static final String KEY = "key";
50  
51  	/** The Constant ROLE_ANONYMOUS. */
52  	private static final String ROLE_ANONYMOUS = "ROLE_ANONYMOUS";
53  
54  	/** The Constant LOG_MSG_SESSION_DESTROYED_SESSION_ID. */
55  	private static final String LOG_MSG_SESSION_DESTROYED_SESSION_ID = "Session destroyed SESSION_ID :{}";
56  
57  	/** The Constant LOGGER. */
58  	private static final Logger LOGGER = LoggerFactory.getLogger(HttpSessionDestroyedEventListener.class);
59  
60  	/** The application manager. */
61  	@Autowired
62  	private ApplicationManager applicationManager;
63  
64  	/**
65  	 * Instantiates a new http session destroyed event listener.
66  	 */
67  	public HttpSessionDestroyedEventListener() {
68  		super();
69  	}
70  
71  	@Override
72  	public void onApplicationEvent(final HttpSessionDestroyedEvent event) {
73  		final HttpSession httpSession = event.getSession();
74  		final Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
75  		authorities.add(new SimpleGrantedAuthority(ROLE_ANONYMOUS));
76  		final DestroyApplicationSessionRequest destroyApplicationSessionRequest = new DestroyApplicationSessionRequest();
77  		destroyApplicationSessionRequest.setSessionId(httpSession.getId());
78  
79  		SecurityContextHolder.getContext()
80  				.setAuthentication(new AnonymousAuthenticationToken(KEY, PRINCIPAL, authorities));
81  		applicationManager.service(destroyApplicationSessionRequest);
82  		SecurityContextHolder.getContext().setAuthentication(null);
83  
84  		LOGGER.info(LOG_MSG_SESSION_DESTROYED_SESSION_ID, httpSession.getId());
85  	}
86  
87  }