Changeset 1939
- Timestamp:
- Jun 24, 2011, 12:56:22 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 5 edited
-
grails-app/conf/BaseFilters.groovy (modified) (1 diff)
-
grails-app/domain/dbnp/authentication/SecUser.groovy (modified) (1 diff)
-
grails-app/domain/dbnp/authentication/SessionAuthenticatedUser.groovy (modified) (1 diff)
-
grails-app/services/dbnp/authentication/AuthenticationService.groovy (modified) (5 diffs)
-
grails-app/services/dbnp/authentication/RemoteAuthenticationService.groovy (added)
-
grails-app/services/dbnp/modules/ModuleNotificationService.groovy (modified) (2 diffs)
-
test/unit/gscf (added)
-
test/unit/gscf/RemoteAuthenticationServiceTests.groovy (added)
Legend:
- Unmodified
- Added
- Removed
-
trunk/grails-app/conf/BaseFilters.groovy
r1921 r1939 38 38 // set session lifetime to 1 week 39 39 session.setMaxInactiveInterval(604800) 40 } 41 } 42 43 // Save a reference to the logged in user in the session, 44 // in order to use it later on. This is needed, because webflows are not capable of retrieving 45 // the logged in user from the authenticationService, since that service (more specific: spring security) 46 // is not serializable. 47 saveUser(controller: '*', action: '*' ) { 48 before = { 49 // set the secUser in the session 50 def secUser = authenticationService.getLoggedInUser() 51 if (secUser) { 52 session.gscfUser = secUser 53 } else { 54 // remove session variable 55 if( session?.gscfUser ) 56 session.removeAttribute('gscfUser') 57 } 40 58 } 41 59 } -
trunk/grails-app/domain/dbnp/authentication/SecUser.groovy
r1584 r1939 42 42 return getAuthorities().contains(SecRole.findByAuthority('ROLE_ADMIN')); 43 43 } 44 45 /** 46 * Delete all remote logins for this user as well. 47 */ 48 def beforeDelete = { 49 executeUpdate( "DELETE FROM SessionAuthenticatedUser sau WHERE sau.secUser = :secUser", [ "secUser": this ] ); 50 } 44 51 } -
trunk/grails-app/domain/dbnp/authentication/SessionAuthenticatedUser.groovy
r1430 r1939 16 16 package dbnp.authentication 17 17 18 class SessionAuthenticatedUser {18 class SessionAuthenticatedUser implements Serializable { 19 19 String consumer 20 20 String token -
trunk/grails-app/services/dbnp/authentication/AuthenticationService.groovy
r1931 r1939 19 19 class AuthenticationService { 20 20 def springSecurityService 21 static final int expiryTime = 12 * 60; // Number of minutes a remotely logged in user remains active21 def remoteAuthenticationService 22 22 23 23 static transactional = true … … 44 44 */ 45 45 public boolean logInRemotely( String consumer, String token, SecUser user ) { 46 // Remove expired users, otherwise they will be kept in the database forever 47 removeExpiredTokens() 48 49 // Make sure there is no other logged in user anymore 50 logOffRemotely( consumer, token ) 51 52 def SAUser = new SessionAuthenticatedUser( consumer: consumer, token: token, secUser: user, expiryDate: createExpiryDate() ) 53 54 return SAUser.save(flush: true) 46 remoteAuthenticationService.logInRemotely( consumer, token, user ); 55 47 } 56 48 57 49 public boolean logOffRemotely( String consumer, String token ) { 58 def user = getSessionAuthenticatedUser(consumer, token) 59 60 if( user ) { 61 user.refresh() 62 user.delete() 63 } 64 65 return true 50 remoteAuthenticationService.logOffRemotely( consumer, token ); 66 51 } 67 52 … … 71 56 */ 72 57 public boolean isRemotelyLoggedIn( String consumer, String token ) { 73 // Check whether a user exists 74 def user = getSessionAuthenticatedUser(consumer, token) 75 76 // Check whether the user is logged in. Since we don't want to return a 77 // user, we explicitly return true or false 78 if( user ) { 79 // The expiry date should be reset 80 updateExpiryDate( user ) 81 82 return true 83 } else { 84 return false 85 } 58 remoteAuthenticationService.isRemotelyLoggedIn( consumer, token ); 86 59 } 87 60 … … 90 63 */ 91 64 public SecUser getRemotelyLoggedInUser( String consumer, String token ) { 92 // Check whether a user exists 93 def user = getSessionAuthenticatedUser(consumer, token) 94 95 return user ? user.secUser : null 65 remoteAuthenticationService.getRemotelyLoggedInUser( consumer, token ); 96 66 } 97 67 … … 101 71 */ 102 72 public void deleteRemoteSessions( SecUser user ) { 103 if( user ) { 104 SessionAuthenticatedUser.executeUpdate("delete SessionAuthenticatedUser u where u.secUser = :secUser", [ secUser: user ]) 105 } 106 } 107 108 /** 109 * Removes all tokens for remote logins that have expired 110 */ 111 protected boolean removeExpiredTokens() { 112 SessionAuthenticatedUser.executeUpdate("delete SessionAuthenticatedUser u where u.expiryDate < :expiryDate", [ expiryDate: new Date() ]) 113 } 114 115 /** 116 * Returns the currently logged in user from the database or null if no user is logged in 117 */ 118 protected SessionAuthenticatedUser getSessionAuthenticatedUser( String consumer, String token ) { 119 def c = SessionAuthenticatedUser.createCriteria() 120 def result = c.get { 121 and { 122 eq( "consumer", consumer) 123 eq( "token", token) 124 gt( "expiryDate", new Date()) 125 } 126 } 127 128 if( result ) 129 return result 130 else 131 return null 132 } 133 134 /** 135 * Returns the expiry date for a user that is active now. 136 */ 137 protected Date createExpiryDate() { 138 // Compute expiryDate 139 long now = new Date().getTime(); 140 return new Date( now + AuthenticationService.expiryTime * 60 * 1000 ); 141 142 } 143 144 /** 145 * Resets the expiry date of the given user. This should be called every time 146 * an action occurs with this user. That way, if (in case of a timeout of 60 minutes) 147 * he logs in and returns 50 minutes later, he will keep a timeout value of 148 * 60 minutes, instead of only 10 minutes. 149 */ 150 protected boolean updateExpiryDate( SessionAuthenticatedUser user ) { 151 user.expiryDate = createExpiryDate() 152 return user.save( flush: true ) 73 remoteAuthenticationService.deleteRemoteSessions( user ); 153 74 } 154 75 } -
trunk/grails-app/services/dbnp/modules/ModuleNotificationService.groovy
r1588 r1939 17 17 import dbnp.studycapturing.* 18 18 import org.dbnp.gdt.* 19 import org.springframework.web.context.request.RequestContextHolder 19 20 20 21 class ModuleNotificationService implements Serializable { 22 def remoteAuthenticationService 23 21 24 static transactional = false 22 25 … … 42 45 def modules = AssayModule.findByNotify(true); 43 46 47 // If no modules are set to notify, return 48 if( !modules ) 49 return 50 51 52 // Try to see which user is logged in. If no user is logged in (or no http session exists yet) 53 // we send no authentication parameters 54 def user 55 try { 56 user = RequestContextHolder.currentRequestAttributes().getSession().gscfUser 57 58 if( !user ) 59 throw new Exception( "No user is logged in" ); 60 61 } catch( Exception e ) { 62 log.warn "Sending study change notification without authentication, because an exception occurred: " + e.getMessage(); 63 } 64 44 65 def urls = [] 45 66 modules.each { module -> 46 urls << module.url + '/rest/notifyStudyChange?studyToken=' + study.giveUUID() 67 // create a random session token that will be used to allow to module to 68 // sync with gscf prior to presenting the measurement data 69 def sessionToken = UUID.randomUUID().toString() 70 def consumer = module.url 71 72 // Create a URL to call 73 def authenticationParameters = ""; 74 if( user ) { 75 // put the session token to work (for 15 minutes) 76 remoteAuthenticationService.logInRemotely( consumer, sessionToken, user, 15 * 60 ) 77 78 authenticationParameters = "consumer=" + consumer + "&sessionToken=" + sessionToken; 79 } 80 81 urls << module.url + '/rest/notifyStudyChange?studyToken=' + study.giveUUID() + ( authenticationParameters ? "&" + authenticationParameters : "" ) 47 82 } 48 83 84 // Notify the module in a separate thread, so the user doesn't have to wait for it 49 85 Thread.start { 50 86 urls.each { url ->
Note: See TracChangeset
for help on using the changeset viewer.
