org.springframework.security.web.session.HttpSessionDestroyedEvent Java Examples

The following examples show how to use org.springframework.security.web.session.HttpSessionDestroyedEvent. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SessionListener.java    From webanno with Apache License 2.0 6 votes vote down vote up 
@EventListener
@Order(Ordered.LOWEST_PRECEDENCE)
public void onSessionDestroyed(HttpSessionDestroyedEvent aEvent)
{
    if (aEvent.getSecurityContexts().isEmpty()) {
        log.trace("Session destroyed for anonymous user [{}]", aEvent.getSession().getId());
        return;
    }
    
    String username = aEvent.getSecurityContexts().stream()
            .findFirst()
            .map(SecurityContext::getAuthentication)
            .map(Authentication::getName)
            .orElse("<UNKNOWN>");
    log.trace("Session destroyed for user [{}] [{}]", username, aEvent.getSession().getId());
    sessionRegistry.removeSessionInformation(aEvent.getSession().getId());
}
Example #2
Source File: HttpSessionDestroyedEventListener.java    From cia with Apache License 2.0 5 votes vote down vote up 
@Override
public void onApplicationEvent(final HttpSessionDestroyedEvent event) {
	final HttpSession httpSession = event.getSession();
	final Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
	authorities.add(new SimpleGrantedAuthority(ROLE_ANONYMOUS));
	final DestroyApplicationSessionRequest destroyApplicationSessionRequest = new DestroyApplicationSessionRequest();
	destroyApplicationSessionRequest.setSessionId(httpSession.getId());

	SecurityContextHolder.getContext()
			.setAuthentication(new AnonymousAuthenticationToken(KEY, PRINCIPAL, authorities));
	applicationManager.service(destroyApplicationSessionRequest);
	SecurityContextHolder.getContext().setAuthentication(null);

	LOGGER.info(LOG_MSG_SESSION_DESTROYED_SESSION_ID, httpSession.getId());
}
Example #3
Source File: SessionLogoutTracker.java    From fredbet with Creative Commons Attribution Share Alike 4.0 International 4 votes vote down vote up 
@Override
public void onApplicationEvent(HttpSessionDestroyedEvent event) {
	String sessionId = event.getSession().getId();
	sessionTrackingService.registerLogout(sessionId);
	LOG.info("Logout: sessionId={}", sessionId);
}
Example #4
Source File: SecurityContextRegistryImpl.java    From molgenis with GNU Lesser General Public License v3.0 4 votes vote down vote up 
@EventListener
public void handleHttpSessionDestroyedEvent(HttpSessionDestroyedEvent httpSessionDestroyedEvent) {
  String sessionId = httpSessionDestroyedEvent.getId();
  httpSessionMap.remove(sessionId);
}
Example #5
Source File: SecurityContextRegistryImplTest.java    From molgenis with GNU Lesser General Public License v3.0 4 votes vote down vote up 
@Test
void testHandleHttpSessionDestroyedEvent() {
  securityContextRegistry.handleHttpSessionDestroyedEvent(
      new HttpSessionDestroyedEvent(httpSessionWithSecurityContext));
}