Ignore:
Timestamp:
Oct 22, 2010, 4:18:34 PM (10 years ago)
Author:
robert@…
Message:

New type of authentication and authorization added to the rest controller. See ticket 118

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/grails-app/services/dbnp/authentication/AuthenticationService.groovy

    r976 r983  
    1919class AuthenticationService {
    2020    def SpringSecurityService
     21    static final int expiryTime = 60; // Number of minutes a remotely logged in user remains active
    2122
    2223    boolean transactional = true
    2324
    24     protected boolean isLoggedIn() {
    25       def principal = SpringSecurityService.getPrincipal()
    26 
    27       // If the user is logged in, the principal should be a GrailsUser object.
    28       // If the user is not logged in, the principal is the 'anonymous username'
    29       // i.e. a string
    30       if( principal instanceof GrailsUser ) {
    31           return true;
    32       }
    33 
    34       return false;
     25    public boolean isLoggedIn() {
     26        return SpringSecurityService.isLoggedIn();
    3527    }
    3628
    37     protected SecUser getLoggedInUser() {
     29    public SecUser getLoggedInUser() {
    3830      def principal = SpringSecurityService.getPrincipal()
    3931
     
    4739      return null;
    4840    }
     41
     42    /**
     43     * Logs a user in for a remote session
     44     */
     45    public boolean logInRemotely( String consumer, String token, SecUser user ) {
     46        // Make sure there is no other logged in user anymore
     47        logOffRemotely( consumer, token )
     48
     49        def SAUser = new SessionAuthenticatedUser( consumer: consumer, token: token, secUser: user, expiryDate: createExpiryDate() )
     50
     51        return SAUser.save(flush: true)
     52    }
     53   
     54    public boolean logOffRemotely( String consumer, String token ) {
     55        def user = getSessionAuthenticatedUser(consumer, token)
     56       
     57        if( user )
     58            user.delete()
     59       
     60        return true
     61    }
     62
     63    /**
     64     * Checks whether a user is logged in from a remote consumer with the
     65     * given token
     66     */
     67    public boolean isRemotelyLoggedIn( String consumer, String token ) {
     68        // Remove expired users, otherwise they will be kept in the database forever
     69        removeExpiredTokens()
     70
     71        // Check whether a user exists
     72        def user = getSessionAuthenticatedUser(consumer, token)
     73
     74        // Check whether the user is logged in. Since we don't want to return a
     75        // user, we explicitly return true or false
     76        if( user ) {
     77                        // The expiry date should be reset
     78                        updateExpiryDate( user )
     79
     80            return true
     81                } else {
     82            return false
     83                }
     84    }
     85
     86    /**
     87     * Returns the user that is logged in remotely
     88     */
     89    public SecUser getRemotelyLoggedInUser( String consumer, String token ) {
     90        // Remove expired users, otherwise they will be kept in the database forever
     91        removeExpiredTokens()
     92
     93        // Check whether a user exists
     94        def user = getSessionAuthenticatedUser(consumer, token)
     95
     96        return user ? user.secUser : null
     97    }
     98
     99    /**
     100     * Removes all tokens for remote logins that have expired
     101     */
     102    protected boolean removeExpiredTokens() {
     103        SessionAuthenticatedUser.executeUpdate("delete SessionAuthenticatedUser u where u.expiryDate < :expiryDate", [ expiryDate: new Date() ])
     104    }
     105
     106    /**
     107         * Returns the currently logged in user from the database or null if no user is logged in
     108         */
     109        protected SessionAuthenticatedUser getSessionAuthenticatedUser( String consumer, String token ) {
     110        def c = SessionAuthenticatedUser.createCriteria()
     111        def result = c.get {
     112                and {
     113                        eq( "consumer", consumer)
     114                        eq( "token", token)
     115                        gt( "expiryDate", new Date())
     116                }
     117        }
     118
     119        if( result )
     120            return result
     121        else
     122            return null
     123    }
     124
     125        /**
     126         * Returns the expiry date for a user that is active now.
     127         */
     128        protected Date createExpiryDate() {
     129                // Compute expiryDate
     130                long now = new Date().getTime();
     131                return new Date( now + AuthenticationService.expiryTime * 60 * 1000 );
     132
     133        }
     134
     135        /**
     136         * Resets the expiry date of the given user. This should be called every time
     137         * an action occurs with this user. That way, if (in case of a timeout of 60 minutes)
     138         * he logs in and returns 50 minutes later, he will keep a timeout value of
     139         * 60 minutes, instead of only 10 minutes.
     140         */
     141        protected boolean updateExpiryDate( SessionAuthenticatedUser user ) {
     142                user.expiryDate = createExpiryDate()
     143                return user.save( flush: true )
     144        }
    49145}
Note: See TracChangeset for help on using the changeset viewer.