Create SessionStatusController.java

2025-04-19 11:11:18 +00:00 · 2025-03-27 12:17:33 +01:00 · 2025-03-27 12:17:33 +01:00 · 389f1f31e9
commit 389f1f31e9
parent a11e688e4c
1 changed files with 101 additions and 0 deletions
--- a/src/main/java/stirling/software/SPDF/config/security/session/SessionStatusController.java
+++ b/src/main/java/stirling/software/SPDF/config/security/session/SessionStatusController.java
@ -0,0 +1,101 @@
+package stirling.software.SPDF.config.anonymus.session;
+
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.session.SessionInformation;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
+
+import lombok.extern.slf4j.Slf4j;
+
+import stirling.software.SPDF.config.security.UserUtils;
+import stirling.software.SPDF.config.security.session.SessionPersistentRegistry;
+
+@RestController
+@Slf4j
+public class SessionStatusController {
+
+    @Autowired private SessionPersistentRegistry sessionPersistentRegistry;
+
+    @GetMapping("/session/status")
+    public ResponseEntity<String> getSessionStatus(HttpServletRequest request) {
+        HttpSession session = request.getSession(false);
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        if (authentication != null && authentication.isAuthenticated()) {
+            Object principalTest = authentication.getPrincipal();
+            String username = UserUtils.getUsernameFromPrincipal(principalTest);
+
+            List<SessionInformation> allSessions =
+                    sessionPersistentRegistry.getAllSessions(username, false);
+
+            boolean isActivSession =
+                    sessionPersistentRegistry.getAllSessions().stream()
+                            .filter(
+                                    sessionEntity ->
+                                            session.getId().equals(sessionEntity.getSessionId()))
+                            .anyMatch(sessionEntity -> !sessionEntity.isExpired());
+
+            int userSessions = allSessions.size();
+            int maxUserSessions = sessionPersistentRegistry.getMaxUserSessions();
+
+            if (userSessions >= maxUserSessions && !isActivSession) {
+                return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                        .body("Session ungültig oder abgelaufen");
+            } else if (session.getId() != null && isActivSession) {
+                return ResponseEntity.ok("Session gültig: " + session.getId());
+            } else {
+                return ResponseEntity.ok(
+                        "User: " + username + " has " + userSessions + " sessions");
+            }
+        } else {
+            log.info("Session ungültig oder abgelaufen");
+        }
+        return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                .body(sessionPersistentRegistry.getAllSessionsNotExpired().size() + "");
+    }
+
+    @GetMapping("/session/expire")
+    public ResponseEntity<String> expireSession(HttpServletRequest request) {
+        HttpSession session = request.getSession(false);
+        if (session != null) {
+            sessionPersistentRegistry.expireSession(session.getId());
+            return ResponseEntity.ok("Session invalidated");
+        } else {
+            return ResponseEntity.ok("No session to invalidate");
+        }
+    }
+
+    @GetMapping("/session/expire/all")
+    public ResponseEntity<String> expireAllSessions() {
+        sessionPersistentRegistry.expireAllSessions();
+        return ResponseEntity.ok("All sessions invalidated");
+    }
+
+    @GetMapping("/session/expire/{username}")
+    public ResponseEntity<String> expireAllSessionsByUsername(@PathVariable String username) {
+        SecurityContext cxt = SecurityContextHolder.getContext();
+        Authentication auth = cxt.getAuthentication();
+        if (auth != null && auth.isAuthenticated()) {
+            Object principal = auth.getPrincipal();
+            String principalName = UserUtils.getUsernameFromPrincipal(principal);
+            if (principalName.equals(username)) {
+                sessionPersistentRegistry.expireAllSessionsByUsername(username);
+                return ResponseEntity.ok("All sessions invalidated for user: " + username);
+            } else {
+                return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized");
+            }
+        }
+        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized");
+    }
+}