My application currently tracks the last login date of a user, but
doesn't keep track of the last accessed date. I don't really like the
way I implemented this long ago and would like some advice before
refactoring things.
Currently I'm doing this in my AuthorizingRealm to update when a user
manually logs in:
protected AuthenticationInfo
doGetAuthenticationInfo(AuthenticationToken authcToken) throws
AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
Member member = memberService.findMember(token.getUsername());
if (member != null) {
memberService.updateAccessed(member);
return new SimpleAuthenticationInfo(member.getId(),
member.getPassword(), getName());
}
return null;
}
This is in my CookieRememberMeManager to track remembered logins:
@Override
public PrincipalCollection getRememberedPrincipals(SubjectContext
subjectContext) {
PrincipalCollection principals =
super.getRememberedPrincipals(subjectContext);
if ( principals != null ) {
Long id = (Long) principals.getPrimaryPrincipal();
memberService.updateAccessed(id);
}
return principals;
}
Hibernate is used to update the member's accessed date in MemberService:
public void updateAccessed(Member member) {
log.info("Updating accessed date for "+member.getLogInfo());
member.setAccessed(new Date());
memberDao.save(member);
}
So currently, I'm really only storing the last *login* date, not the
last *accessed* date. I'd like to store the last accessed date.
I asked a similar question before, but it was long ago before the
Shiro 1.0 release, so I think things may have changed. At the time I
was advised to utilize SessionListener for some aspects of this. Now
that I'm looking at it again, it seems to me that I should pull the
memberService.updateAccess() calls out of my Realm and
RememberMeManager and put them into an AuthenticationListener and/or
SessionListener.
How do I best go about finding and saving the last accessed date? Are
all of the following statements accurate?
* SessionListener.onStart() happens when a session starts, but it
doesn't yet know WHO started that session. So it really doesn't help
me.
* SessionListener.onStop() and onExpiration() could be used to save
the last accessed time to the Member's table.
* AuthenticationListener.onSuccess() could be used to save the time a
user authenticates, but this doesn't help for rememberme logins.
* AuthenticationListener.onLogout() could be used to save the time a
user logs out, but won't help for sessions that time out.
* Should there be a SessionListener.onUserAssociated() method? Les
suggested I add a Jira for this, but that was long ago. Is there an
alternative solution now, or does this still make sense to add?
* Would it be possible for something like SessionListener.onAccess()
to be implemented?
Basically, I'd like to know what the best solution would be to always
maintain the last accessed date of a user, not just the last login
date.
Thanks!
Tauren
