@Override protected void destroySession(HazelcastHttpSession session, boolean invalidate) { super.destroySession(session, invalidate); if (invalidate) { ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(servletContext); if (appContext != null) { ensureSessionRegistryInitialized(appContext); if (sessionRegistry != null) { String originalSessionId = session.getOriginalSessionId(); // If original session id is registered already, we don't need it. // So, we should remove it also. sessionRegistry.removeSessionInformation(originalSessionId); /** * Publish an event to notify * {@link org.springframework.security.core.session.SessionRegistry} instance. * So Spring clears information about our Hazelcast session. */ appContext.publishEvent(new HttpSessionDestroyedEvent(session)); LOGGER.finest("Published destroy session event for Spring for session with id " + session.getId()); } } } }
@Override public void onApplicationEvent(SessionDestroyedEvent event) { logger.debug("onApplicationEvent"); if (event instanceof HttpSessionDestroyedEvent) { String sessionId = ((HttpSession) event.getSource()).getId(); removeSessionInformation(sessionId); } }
@Override public void onApplicationEvent(HttpSessionDestroyedEvent event) { ReentrantLock lock = SESSION_LOCKS.remove(event.getSession().getId()); if (lock != null && LOG.isDebugEnabled()) { LOG.debug("Destroyed lock due to session invalidation: " + lock.toString()); } }
@Override public void onApplicationEvent(final HttpSessionDestroyedEvent event) { final HttpSession httpSession = event.getSession(); final Collection<SimpleGrantedAuthority> authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority(ROLE_ANONYMOUS)); final DestroyApplicationSessionRequest destroyApplicationSessionRequest = new DestroyApplicationSessionRequest(); destroyApplicationSessionRequest.setSessionId(httpSession.getId()); SecurityContextHolder.getContext() .setAuthentication(new AnonymousAuthenticationToken(KEY, PRINCIPAL, authorities)); applicationManager.service(destroyApplicationSessionRequest); SecurityContextHolder.getContext().setAuthentication(null); LOGGER.info(LOG_MSG_SESSION_DESTROYED_SESSION_ID, httpSession.getId()); }
@Override public void onApplicationEvent(HttpSessionDestroyedEvent event) { String blubber = event.getSession().getId(); List<String> reqs = sessToReqMap.get(blubber); if(reqs!=null) { for(String req: reqs) { tasks.remove(req); } } sessToReqMap.remove(blubber); }
@Override public void onApplicationEvent(HttpSessionDestroyedEvent event) { logger.debug("Session is ended"); }
@Override public void onApplicationEvent(HttpSessionDestroyedEvent httpSessionDestroyedEvent) { LOGGER.info("session {} is revoked", httpSessionDestroyedEvent.getId()); }
@Override public void onApplicationEvent(HttpSessionDestroyedEvent event) { expireSessionConsumers(event.getId()); }
@EventListener public void handleHttpSessionDestroyedEvent(HttpSessionDestroyedEvent httpSessionDestroyedEvent) { String sessionId = httpSessionDestroyedEvent.getId(); httpSessionMap.remove(sessionId); }
@Test public void testHandleHttpSessionDestroyedEvent() { securityContextRegistry.handleHttpSessionDestroyedEvent( new HttpSessionDestroyedEvent(httpSessionWithSecurityContext)); }