Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/SessionMaintainController.java =================================================================== diff -u -rc1cd3b5d3bc88f16ad489fbc19c7d21f5b748305 -r65aec4aac4e80981cd4f91951cae556642027139 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/SessionMaintainController.java (.../SessionMaintainController.java) (revision c1cd3b5d3bc88f16ad489fbc19c7d21f5b748305) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/SessionMaintainController.java (.../SessionMaintainController.java) (revision 65aec4aac4e80981cd4f91951cae556642027139) @@ -25,17 +25,25 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringUtils; +import org.lamsfoundation.lams.logevent.LogEvent; +import org.lamsfoundation.lams.logevent.service.ILogEventService; +import org.lamsfoundation.lams.usermanagement.User; +import org.lamsfoundation.lams.usermanagement.service.IUserManagementService; import org.lamsfoundation.lams.web.session.SessionManager; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; /** * @author Marcin Cieslak */ @Controller @RequestMapping("/sessionmaintain") public class SessionMaintainController { + @Autowired + private ILogEventService logEventService; + @Autowired + private IUserManagementService userManagementService; @RequestMapping(path = "/list") public String list(HttpServletRequest request) { @@ -47,7 +55,13 @@ public String delete(HttpServletRequest request) { String login = request.getParameter("login"); if (StringUtils.isNotBlank(login)) { + User user = userManagementService.getUserByLogin(login); + SessionManager.removeSessionByLogin(login, true); + + String message = new StringBuilder("User ").append(login).append(" (").append(user.getUserId()) + .append(") got logged out by sysadmin").toString(); + logEventService.logEvent(LogEvent.TYPE_LOGOUT, user.getUserId(), user.getUserId(), null, null, message); } return list(request); } Index: lams_central/src/java/org/lamsfoundation/lams/web/HomeController.java =================================================================== diff -u -r44f25ff763552baf103b1bb4ed7d1d2466a937dc -r65aec4aac4e80981cd4f91951cae556642027139 --- lams_central/src/java/org/lamsfoundation/lams/web/HomeController.java (.../HomeController.java) (revision 44f25ff763552baf103b1bb4ed7d1d2466a937dc) +++ lams_central/src/java/org/lamsfoundation/lams/web/HomeController.java (.../HomeController.java) (revision 65aec4aac4e80981cd4f91951cae556642027139) @@ -48,6 +48,8 @@ import org.lamsfoundation.lams.lesson.dto.LessonDTO; import org.lamsfoundation.lams.lesson.service.ILessonService; import org.lamsfoundation.lams.lesson.util.LessonDTOComparator; +import org.lamsfoundation.lams.logevent.LogEvent; +import org.lamsfoundation.lams.logevent.service.ILogEventService; import org.lamsfoundation.lams.security.ISecurityService; import org.lamsfoundation.lams.usermanagement.Organisation; import org.lamsfoundation.lams.usermanagement.Role; @@ -94,7 +96,9 @@ @Autowired private ISecurityService securityService; @Autowired - WebApplicationContext applicationcontext; + private WebApplicationContext applicationcontext; + @Autowired + private ILogEventService logEventService; /** * request for sysadmin environment @@ -293,7 +297,7 @@ // find lessons which can be set as preceding ones for newly created lesson Organisation organisation = (Organisation) userManagementService.findById(Organisation.class, organisationID); Set availableLessons = new TreeSet<>(new LessonDTOComparator()); - for (Lesson availableLesson : (Set) organisation.getLessons()) { + for (Lesson availableLesson : organisation.getLessons()) { Integer availableLessonState = availableLesson.getLessonStateId(); if (!Lesson.REMOVED_STATE.equals(availableLessonState) && !Lesson.FINISHED_STATE.equals(availableLessonState)) { @@ -355,8 +359,17 @@ @RequestMapping("/logout") public String logout(HttpServletRequest req) throws IOException, ServletException { + UserDTO userDTO = getUser(); req.getSession().invalidate(); + + if (userDTO != null) { + String message = new StringBuilder("User ").append(userDTO.getLogin()).append(" (") + .append(userDTO.getUserID()).append(") logged out manually").toString(); + logEventService.logEvent(LogEvent.TYPE_LOGOUT, userDTO.getUserID(), userDTO.getUserID(), null, null, + message); + } + return "redirect:/index.do"; } @@ -372,5 +385,5 @@ private User getRealUser(UserDTO dto) { return userManagementService.getUserByLogin(dto.getLogin()); - } + } } \ No newline at end of file Index: lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java =================================================================== diff -u -r7f420dcfde4984d32bb8acedde964ca613c1cb6c -r65aec4aac4e80981cd4f91951cae556642027139 --- lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java (.../SessionListener.java) (revision 7f420dcfde4984d32bb8acedde964ca613c1cb6c) +++ lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java (.../SessionListener.java) (revision 65aec4aac4e80981cd4f91951cae556642027139) @@ -35,8 +35,6 @@ import org.apache.log4j.Logger; import org.jboss.security.CacheableManager; -import org.lamsfoundation.lams.logevent.LogEvent; -import org.lamsfoundation.lams.logevent.service.ILogEventService; import org.lamsfoundation.lams.security.SimplePrincipal; import org.lamsfoundation.lams.usermanagement.dto.UserDTO; import org.lamsfoundation.lams.util.Configuration; @@ -45,8 +43,6 @@ import org.lamsfoundation.lams.web.filter.LocaleFilter; import org.lamsfoundation.lams.web.session.SessionManager; import org.lamsfoundation.lams.web.util.AttributeNames; -import org.springframework.web.context.WebApplicationContext; -import org.springframework.web.context.support.WebApplicationContextUtils; /** * Listens for creation of HTTP sessions. Sets inactive timeout and default locale. @@ -55,8 +51,6 @@ public class SessionListener implements HttpSessionListener { private static CacheableManager authenticationManager; - private ILogEventService logEventService; - private static Logger log = Logger.getLogger(SessionListener.class); /** HttpSessionListener interface */ @@ -95,30 +89,20 @@ // clear the authentication cache when the session is invalidated HttpSession session = sessionEvent.getSession(); if (session != null) { - boolean sessionFound = SessionManager.removeSessionByID(session.getId(), false, true); + SessionManager.removeSessionByID(session.getId(), false, true); UserDTO userDTO = (UserDTO) session.getAttribute(AttributeNames.USER); if (userDTO != null) { String login = userDTO.getLogin(); Principal principal = new SimplePrincipal(login); SessionListener.authenticationManager.flushCache(principal); - if (sessionFound) { - String message = new StringBuilder("User ").append(login).append(" (").append(userDTO.getUserID()) - .append(") logged out").toString(); - getLogEventService().logEvent(LogEvent.TYPE_LOGOUT, userDTO.getUserID(), userDTO.getUserID(), null, - null, message); - } + // remove obsolete mappings to session + // the session is either already invalidated or will be very soon by another module + + // it seems obsolete as removeSessionByID() above already clears login mapping + // SessionManager.removeSessionByLogin(login, false); } } } - - private ILogEventService getLogEventService() { - if (logEventService == null) { - WebApplicationContext ctx = WebApplicationContextUtils - .getWebApplicationContext(SessionManager.getServletContext()); - logEventService = (ILogEventService) ctx.getBean("logEventService"); - } - return logEventService; - } } \ No newline at end of file Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java =================================================================== diff -u -r12265b9159c1ce543260d9c0421414b88fb7f814 -r65aec4aac4e80981cd4f91951cae556642027139 --- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java (.../SsoHandler.java) (revision 12265b9159c1ce543260d9c0421414b88fb7f814) +++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java (.../SsoHandler.java) (revision 65aec4aac4e80981cd4f91951cae556642027139) @@ -180,6 +180,7 @@ // if user is already logged in on another browser, log him out if (existingSession != null) { SessionManager.removeSessionByID(existingSession.getId(), true, false); + SsoHandler.logLogout(userDTO); } Integer failedAttempts = user.getFailedAttempts(); @@ -308,6 +309,13 @@ user.getUserID(), user.getUserID(), null, null, message); } + private static void logLogout(UserDTO user) { + String message = new StringBuilder("User ").append(user.getLogin()).append(" (").append(user.getUserID()) + .append(") got logged out from another browser").toString(); + SsoHandler.getLogEventService(SessionManager.getServletContext()).logEvent(LogEvent.TYPE_LOGOUT, + user.getUserID(), user.getUserID(), null, null, message); + } + private static IUserManagementService getUserManagementService(ServletContext context) { if (SsoHandler.userManagementService == null) { WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(context);