From cb725ccf8c116d47487245e8462ccd99faeaeec1 Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Thu, 27 Mar 2025 13:14:18 +0100 Subject: [PATCH] Update EndpointInterceptor.java --- .../SPDF/config/EndpointInterceptor.java | 73 +++++++++++++++++-- 1 file changed, 68 insertions(+), 5 deletions(-) diff --git a/src/main/java/stirling/software/SPDF/config/EndpointInterceptor.java b/src/main/java/stirling/software/SPDF/config/EndpointInterceptor.java index 69222328f..cad973549 100644 --- a/src/main/java/stirling/software/SPDF/config/EndpointInterceptor.java +++ b/src/main/java/stirling/software/SPDF/config/EndpointInterceptor.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.config; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; import org.springframework.web.servlet.HandlerInterceptor; @@ -17,11 +18,15 @@ public class EndpointInterceptor implements HandlerInterceptor { private final EndpointConfiguration endpointConfiguration; private final SessionsInterface sessionsInterface; + private boolean loginEnabled = true; public EndpointInterceptor( - EndpointConfiguration endpointConfiguration, SessionsInterface sessionsInterface) { + EndpointConfiguration endpointConfiguration, + SessionsInterface sessionsInterface, + @Qualifier("loginEnabled") boolean loginEnabled) { this.endpointConfiguration = endpointConfiguration; this.sessionsInterface = sessionsInterface; + this.loginEnabled = loginEnabled; } @Override @@ -46,23 +51,81 @@ public class EndpointInterceptor implements HandlerInterceptor { || request.getRequestURI().contains("/error") || request.getRequestURI().contains("/session/status") || request.getRequestURI().contains("/session/expire") - || request.getRequestURI().contains("/session/expire-all") + || request.getRequestURI().contains("/session/expire/") || request.getRequestURI().endsWith(".js") || request.getRequestURI().endsWith(".png") || request.getRequestURI().endsWith(".webmanifest") || request.getRequestURI().contains("/files/")) { return true; } else { - String sessionId = session != null ? session.getId() : null; + if (session == null) { + session = request.getSession(true); + } + final HttpSession finalSession = session; + String sessionId = finalSession.getId(); - if (sessionId == null || !sessionsInterface.isSessionValid(sessionId)) { + // Den aktuellen Benutzer (principalName) aus der Session ermitteln. + // Es wird angenommen, dass das Attribut "principalName" in der Session gesetzt + // wurde. + final String currentPrincipal = + finalSession.getAttribute("principalName") != null + ? finalSession.getAttribute("principalName").toString() + : "unknown"; + + // Zähle alle nicht abgelaufenen Sessions des aktuellen Benutzers. + long userSessions = + sessionsInterface.getAllSessions().stream() + .filter( + s -> + !s.isExpired() + && currentPrincipal.equals( + s.getPrincipalName())) + .count(); + + // Zähle alle nicht abgelaufenen Sessions in der Anwendung. + long totalSessions = + sessionsInterface.getAllSessions().stream() + .filter(s -> !s.isExpired()) + .count(); + + log.info( + "Aktive Sessions für {}: {} (max: {}) | Gesamt: {} (max: {})", + currentPrincipal, + userSessions, + sessionsInterface.getMaxUserSessions(), + totalSessions, + sessionsInterface.getMaxApplicationSessions()); + + // Prüfe die Grenzen: + // Falls entweder die Benutzersessions oder die Anwendungssessions das Limit + // erreicht haben + // und die aktuelle Session noch NICHT registriert ist, dann wird ein Fehler + // zurückgegeben. + boolean isCurrentSessionRegistered = + sessionsInterface.getAllSessions().stream() + .filter(s -> !s.isExpired()) + .anyMatch(s -> s.getSessionId().equals(sessionId)); + + if ((userSessions >= sessionsInterface.getMaxUserSessions() + || totalSessions >= sessionsInterface.getMaxApplicationSessions()) + && !isCurrentSessionRegistered) { response.sendError( HttpServletResponse.SC_UNAUTHORIZED, - "Max sessions reached for this user. To continue on this device, please close your session in another browser."); + "Max sessions reached for this user. To continue on this device, please" + + " close your session in another browser."); return false; + } + + // Wenn die Session noch nicht registriert ist, registriere sie; andernfalls update + // den Last-Request. + if (!isCurrentSessionRegistered) { + log.info("Register session: {}", sessionId); + sessionsInterface.registerSession(finalSession); } else { + log.info("Update session last request: {}", sessionId); sessionsInterface.updateSessionLastRequest(sessionId); } + return true; } }