[inlong] branch master updated: [INLONG-7883][Manager] Invalidate user session when deleting user (#7884)

Thu, 20 Apr 2023 23:12:45 -0700 

This is an automated email from the ASF dual-hosted git repository.

dockerzhang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/inlong.git


The following commit(s) were added to refs/heads/master by this push:
     new f75f06bd8 [INLONG-7883][Manager] Invalidate user session when deleting 
user (#7884)
f75f06bd8 is described below

commit f75f06bd815997dcc8daa3c7f911a768594c07e4
Author: fuweng11 <[email protected]>
AuthorDate: Fri Apr 21 14:12:15 2023 +0800

    [INLONG-7883][Manager] Invalidate user session when deleting user (#7884)
---
 .../manager/service/user/UserServiceImpl.java      | 34 ++++++++++++++++++++--
 .../inlong/manager/web/auth/ShiroConfig.java       |  1 +
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git 
a/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/user/UserServiceImpl.java
 
b/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/user/UserServiceImpl.java
index 43899750d..29626ef98 100644
--- 
a/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/user/UserServiceImpl.java
+++ 
b/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/user/UserServiceImpl.java
@@ -58,7 +58,13 @@ import org.apache.inlong.manager.pojo.user.UserRequest;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.session.mgt.eis.SessionDAO;
+import org.apache.shiro.subject.SimplePrincipalCollection;
 import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.support.DefaultSubjectContext;
+import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -67,6 +73,7 @@ import org.springframework.stereotype.Service;
 import java.nio.charset.StandardCharsets;
 import java.time.Duration;
 import java.time.LocalDateTime;
+import java.util.Collection;
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
@@ -276,7 +283,6 @@ public class UserServiceImpl implements UserService {
     @Override
     public Boolean delete(Integer userId, String currentUser) {
         Preconditions.expectNotNull(userId, "User id should not be empty");
-
         // Whether the current user is an administrator
         UserEntity curUser = userMapper.selectByName(currentUser);
         UserEntity entity = userMapper.selectById(userId);
@@ -291,7 +297,7 @@ public class UserServiceImpl implements UserService {
         removeInChargeForDataNode(userName, currentUser);
         removeInChargeForConsume(userName, currentUser);
         userMapper.deleteById(userId);
-
+        removeUserFromSession(userId, currentUser);
         LOGGER.debug("success to delete user by id={}, current user={}", 
userId, currentUser);
         return true;
     }
@@ -460,4 +466,28 @@ public class UserServiceImpl implements UserService {
         }
     }
 
+    public void removeUserFromSession(Integer userId, String operator) {
+        DefaultWebSecurityManager securityManager = 
(DefaultWebSecurityManager) SecurityUtils.getSecurityManager();
+        DefaultWebSessionManager sessionManager = (DefaultWebSessionManager) 
securityManager.getSessionManager();
+        SessionDAO sessionDAO = sessionManager.getSessionDAO();
+        Collection<Session> sessions = sessionDAO.getActiveSessions();
+        if (sessions.size() >= 1) {
+            UserInfo user = null;
+            for (Session onlineSession : sessions) {
+                Object attribute = 
onlineSession.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
+                if (attribute == null) {
+                    continue;
+                }
+                user = (UserInfo) ((SimplePrincipalCollection) 
attribute).getPrimaryPrincipal();
+                if (user == null) {
+                    continue;
+                }
+                if (Objects.equals(user.getId(), userId)) {
+                    sessionDAO.delete(onlineSession);
+                    LOGGER.info("success remove user from session by id={}, 
current user={}", user.getId(), operator);
+                }
+            }
+        }
+    }
+
 }
diff --git 
a/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/auth/ShiroConfig.java
 
b/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/auth/ShiroConfig.java
index cd808489a..b6e5420ce 100644
--- 
a/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/auth/ShiroConfig.java
+++ 
b/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/auth/ShiroConfig.java
@@ -48,6 +48,7 @@ public class ShiroConfig {
     @Bean
     public WebSecurityManager securityManager() {
         DefaultWebSecurityManager securityManager = 
(DefaultWebSecurityManager) inlongShiro.getWebSecurityManager();
+        securityManager.setSessionManager(new DefaultWebSessionManager());
         securityManager.setRealms(shiroRealms());
         return securityManager;
     }

Reply via email to