diff options
3 files changed, 19 insertions, 5 deletions
diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java index 3e80e0020..0435f4f92 100644 --- a/src/main/java/org/traccar/api/resource/SessionResource.java +++ b/src/main/java/org/traccar/api/resource/SessionResource.java @@ -17,6 +17,7 @@ package org.traccar.api.resource; import org.traccar.api.BaseResource; import org.traccar.api.security.CodeRequiredException; +import org.traccar.api.security.LoginResult; import org.traccar.api.security.LoginService; import org.traccar.api.signature.TokenManager; import org.traccar.database.OpenIdProvider; @@ -61,6 +62,7 @@ import java.net.URI; public class SessionResource extends BaseResource { public static final String USER_ID_KEY = "userId"; + public static final String EXPIRATION_KEY = "expiration"; public static final String USER_COOKIE_KEY = "user"; public static final String PASS_COOKIE_KEY = "password"; @@ -82,9 +84,11 @@ public class SessionResource extends BaseResource { public User get(@QueryParam("token") String token) throws StorageException, IOException, GeneralSecurityException { if (token != null) { - User user = loginService.login(token).getUser(); + LoginResult loginResult = loginService.login(token); + User user = loginResult.getUser(); if (user != null) { request.getSession().setAttribute(USER_ID_KEY, user.getId()); + request.getSession().setAttribute(EXPIRATION_KEY, loginResult.getExpiration()); LogAction.login(user.getId(), WebHelper.retrieveRemoteAddress(request)); return user; } diff --git a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java index e308024da..c33a80015 100644 --- a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java +++ b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java @@ -38,6 +38,7 @@ import java.io.IOException; import java.lang.reflect.Method; import java.nio.charset.StandardCharsets; import java.security.GeneralSecurityException; +import java.util.Date; public class SecurityRequestFilter implements ContainerRequestFilter { @@ -92,7 +93,8 @@ public class SecurityRequestFilter implements ContainerRequestFilter { User user = loginResult.getUser(); if (user != null) { statisticsManager.registerRequest(user.getId()); - securityContext = new UserSecurityContext(new UserPrincipal(user.getId())); + securityContext = new UserSecurityContext( + new UserPrincipal(user.getId(), loginResult.getExpiration())); } } catch (StorageException | GeneralSecurityException | IOException e) { throw new WebApplicationException(e); @@ -101,12 +103,13 @@ public class SecurityRequestFilter implements ContainerRequestFilter { } else if (request.getSession() != null) { Long userId = (Long) request.getSession().getAttribute(SessionResource.USER_ID_KEY); + Date expiration = (Date) request.getSession().getAttribute(SessionResource.EXPIRATION_KEY); if (userId != null) { User user = injector.getInstance(PermissionsService.class).getUser(userId); if (user != null) { user.checkDisabled(); statisticsManager.registerRequest(userId); - securityContext = new UserSecurityContext(new UserPrincipal(userId)); + securityContext = new UserSecurityContext(new UserPrincipal(userId, expiration)); } } diff --git a/src/main/java/org/traccar/api/security/UserPrincipal.java b/src/main/java/org/traccar/api/security/UserPrincipal.java index 18b84a0e1..83bd06fe9 100644 --- a/src/main/java/org/traccar/api/security/UserPrincipal.java +++ b/src/main/java/org/traccar/api/security/UserPrincipal.java @@ -1,5 +1,5 @@ /* - * Copyright 2015 - 2020 Anton Tananaev (anton@traccar.org) + * Copyright 2015 - 2023 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,19 +16,26 @@ package org.traccar.api.security; import java.security.Principal; +import java.util.Date; public class UserPrincipal implements Principal { private final long userId; + private final Date expiration; - public UserPrincipal(long userId) { + public UserPrincipal(long userId, Date expiration) { this.userId = userId; + this.expiration = expiration; } public Long getUserId() { return userId; } + public Date getExpiration() { + return expiration; + } + @Override public String getName() { return null; |