saulteafarmer/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Stirling-Tools/Stirling-PDF.git synced 2025-05-25 19:32:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update UserAuthenticationFilter.java

Browse Source
This commit is contained in:
Ludy87 2025-03-27 13:13:05 +01:00
parent 813897175c
commit 287a815793
No known key found for this signature in database
GPG Key ID: 92696155E0220F94
1 changed files with 4 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java
View File

@ -1,7 +1,6 @@
package stirling.software.SPDF.config.security; package stirling.software.SPDF.config.security;
import java.io.IOException; import java.io.IOException;
import java.util.Comparator;
import java.util.List; import java.util.List;
import java.util.Optional; import java.util.Optional;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@ -23,7 +22,6 @@ import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException; import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
@ -34,7 +32,6 @@ import stirling.software.SPDF.model.ApplicationProperties;
import stirling.software.SPDF.model.ApplicationProperties.Security; import stirling.software.SPDF.model.ApplicationProperties.Security;
import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2; import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
import stirling.software.SPDF.model.ApplicationProperties.Security.SAML2; import stirling.software.SPDF.model.ApplicationProperties.Security.SAML2;
import stirling.software.SPDF.model.SessionEntity;
import stirling.software.SPDF.model.User; import stirling.software.SPDF.model.User;
@Slf4j @Slf4j
@ -63,67 +60,6 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
throws ServletException, IOException { throws ServletException, IOException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.isAuthenticated() && loginEnabledValue) {
Object principalTest = authentication.getPrincipal();
String username = UserUtils.getUsernameFromPrincipal(principalTest);
List<SessionInformation> allSessions =
sessionPersistentRegistry.getAllSessions(username, false);
int userSessions = allSessions.size();
int maxUserSessions = sessionPersistentRegistry.getMaxUserSessions();
HttpSession session = request.getSession(false);
if (session == null) {
filterChain.doFilter(request, response);
return;
}
String sessionId = session.getId();
if (userSessions > maxUserSessions) {
// Sortiere nach letzter Aktivität älteste zuerst
List<SessionInformation> sortedSessions =
allSessions.stream()
.sorted(Comparator.comparing(SessionInformation::getLastRequest))
.collect(Collectors.toList());
int sessionsToExpire = userSessions - maxUserSessions;
log.info("Expire {} old sessions", sessionsToExpire);
for (int i = 0; i < sessionsToExpire; i++) {
SessionInformation oldSession = sortedSessions.get(i);
if (!sessionId.equals(oldSession.getSessionId())) {
sessionPersistentRegistry.expireSession(oldSession.getSessionId());
oldSession.expireNow();
log.info(
"Expired old session: {} (last request: {})",
oldSession.getSessionId(),
oldSession.getLastRequest());
}
}
}
for (SessionInformation sessionInformation : allSessions) {
if (sessionId.equals(sessionInformation.getSessionId())) {
sessionPersistentRegistry.refreshLastRequest(sessionId);
}
}
allSessions = sessionPersistentRegistry.getAllSessions(username, false);
log.info(
"username: {} || before Sessions: {} | after Sessions: {}",
username,
userSessions,
allSessions.size());
SessionEntity sessionEntity = sessionPersistentRegistry.getSessionEntity(sessionId);
if (allSessions.isEmpty() || sessionEntity.isExpired()) {
log.info("No sessions found for user: {}", username);
sessionPersistentRegistry.expireSession(sessionId);
authentication.setAuthenticated(false);
SecurityContextHolder.clearContext();
response.sendRedirect(request.getContextPath() + "/login?error=expiredSession");
return;
}
}
if (!loginEnabledValue) { if (!loginEnabledValue) {
// If login is not enabled, just pass all requests without authentication // If login is not enabled, just pass all requests without authentication
filterChain.doFilter(request, response); filterChain.doFilter(request, response);
@ -175,10 +111,10 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
response.getWriter() response.getWriter()
.write( .write(
"Authentication required. Please provide a X-API-KEY in request" "Authentication required. Please provide a X-API-KEY in request"
+ " header.\n" + " header.\n"
+ "This is found in Settings -> Account Settings -> API Key\n" + "This is found in Settings -> Account Settings -> API Key\n"
+ "Alternatively you can disable authentication if this is" + "Alternatively you can disable authentication if this is"
+ " unexpected"); + " unexpected");
return; return;
} }
} }