HttpSessionDestroyedEventListener.java

  1. /*
  2.  * Copyright 2010-2025 James Pether Sörling
  3.  *
  4.  * Licensed under the Apache License, Version 2.0 (the "License");
  5.  * you may not use this file except in compliance with the License.
  6.  * You may obtain a copy of the License at
  7.  *
  8.  *   http://www.apache.org/licenses/LICENSE-2.0
  9.  *
  10.  * Unless required by applicable law or agreed to in writing, software
  11.  * distributed under the License is distributed on an "AS IS" BASIS,
  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13.  * See the License for the specific language governing permissions and
  14.  * limitations under the License.
  15.  *
  16.  *  $Id$
  17.  *  $HeadURL$
  18. */
  19. package com.hack23.cia.web.impl.ui.application.web.listener;

  21. import java.util.ArrayList;
  22. import java.util.Collection;

  24. import javax.servlet.http.HttpSession;

  26. import org.slf4j.Logger;
  27. import org.slf4j.LoggerFactory;
  28. import org.springframework.beans.factory.annotation.Autowired;
  29. import org.springframework.context.ApplicationListener;
  30. import org.springframework.security.authentication.AnonymousAuthenticationToken;
  31. import org.springframework.security.core.authority.SimpleGrantedAuthority;
  32. import org.springframework.security.core.context.SecurityContextHolder;
  33. import org.springframework.security.web.session.HttpSessionDestroyedEvent;
  34. import org.springframework.stereotype.Service;

  36. import com.hack23.cia.service.api.ApplicationManager;
  37. import com.hack23.cia.service.api.action.application.DestroyApplicationSessionRequest;

  39. /**
  40.  * The Class HttpSessionDestroyedEventListener.
  41.  *
  42.  * @see HttpSessionDestroyedEventEvent
  43.  */
  44. @Service
  45. public final class HttpSessionDestroyedEventListener implements ApplicationListener<HttpSessionDestroyedEvent> {

  47.     /** The Constant KEY. */
  48.     private static final String KEY = "HttpSessionDestroyedEventListener";

  50.     /** The Constant LOG_MSG_SESSION_DESTROYED_SESSION_ID. */
  51.     private static final String LOG_MSG_SESSION_DESTROYED_SESSION_ID = "Session destroyed SESSION_ID :{}";

  53.     /** The Constant LOGGER. */
  54.     private static final Logger LOGGER = LoggerFactory.getLogger(HttpSessionDestroyedEventListener.class);

  56.     /** The Constant PRINCIPAL. */
  57.     private static final String PRINCIPAL = "AnonymousUser";

  59.     /** The Constant ROLE_ANONYMOUS. */
  60.     private static final String ROLE_ANONYMOUS = "ROLE_ANONYMOUS";

  62.     /** The application manager. */
  63.     @Autowired
  64.     private ApplicationManager applicationManager;

  66.     /**
  67.      * Instantiates a new http session destroyed event listener.
  68.      */
  69.     public HttpSessionDestroyedEventListener() {
  70.         super();
  71.     }

  73.     @Override
  74.     public void onApplicationEvent(final HttpSessionDestroyedEvent event) {
  75.         final HttpSession httpSession = event.getSession();
  76.         final Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
  77.         authorities.add(new SimpleGrantedAuthority(ROLE_ANONYMOUS));
  78.         final DestroyApplicationSessionRequest destroyApplicationSessionRequest = new DestroyApplicationSessionRequest();
  79.         destroyApplicationSessionRequest.setSessionId(httpSession.getId());

  81.         SecurityContextHolder.getContext()
  82.                 .setAuthentication(new AnonymousAuthenticationToken(KEY, PRINCIPAL, authorities));
  83.         applicationManager.service(destroyApplicationSessionRequest);
  84.         SecurityContextHolder.getContext().setAuthentication(null);

  86.         LOGGER.info(LOG_MSG_SESSION_DESTROYED_SESSION_ID, httpSession.getId());
  87.     }

  89. }
Created with JaCoCo 0.8.12.202403310830