1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package com.hack23.cia.web.impl.ui.application.web.listener;
20
21 import java.util.ArrayList;
22 import java.util.Collection;
23
24 import javax.servlet.http.HttpSession;
25
26 import org.slf4j.Logger;
27 import org.slf4j.LoggerFactory;
28 import org.springframework.beans.factory.annotation.Autowired;
29 import org.springframework.context.ApplicationListener;
30 import org.springframework.security.authentication.AnonymousAuthenticationToken;
31 import org.springframework.security.core.authority.SimpleGrantedAuthority;
32 import org.springframework.security.core.context.SecurityContextHolder;
33 import org.springframework.security.web.session.HttpSessionDestroyedEvent;
34 import org.springframework.stereotype.Service;
35
36 import com.hack23.cia.service.api.ApplicationManager;
37 import com.hack23.cia.service.api.action.application.DestroyApplicationSessionRequest;
38
39
40
41
42 @Service
43 public final class HttpSessionDestroyedEventListener implements ApplicationListener<HttpSessionDestroyedEvent> {
44
45
46 private static final String PRINCIPAL = "principal";
47
48
49 private static final String KEY = "key";
50
51
52 private static final String ROLE_ANONYMOUS = "ROLE_ANONYMOUS";
53
54
55 private static final String LOG_MSG_SESSION_DESTROYED_SESSION_ID = "Session destroyed SESSION_ID :{}";
56
57
58 private static final Logger LOGGER = LoggerFactory.getLogger(HttpSessionDestroyedEventListener.class);
59
60
61 @Autowired
62 private ApplicationManager applicationManager;
63
64
65
66
67 public HttpSessionDestroyedEventListener() {
68 super();
69 }
70
71 @Override
72 public void onApplicationEvent(final HttpSessionDestroyedEvent event) {
73 final HttpSession httpSession = event.getSession();
74 final Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
75 authorities.add(new SimpleGrantedAuthority(ROLE_ANONYMOUS));
76 final DestroyApplicationSessionRequest destroyApplicationSessionRequest = new DestroyApplicationSessionRequest();
77 destroyApplicationSessionRequest.setSessionId(httpSession.getId());
78
79 SecurityContextHolder.getContext()
80 .setAuthentication(new AnonymousAuthenticationToken(KEY, PRINCIPAL, authorities));
81 applicationManager.service(destroyApplicationSessionRequest);
82 SecurityContextHolder.getContext().setAuthentication(null);
83
84 LOGGER.info(LOG_MSG_SESSION_DESTROYED_SESSION_ID, httpSession.getId());
85 }
86
87 }