aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/main/java/org/traccar/api/resource/SessionResource.java6
-rw-r--r--src/main/java/org/traccar/api/security/SecurityRequestFilter.java7
-rw-r--r--src/main/java/org/traccar/api/security/UserPrincipal.java11
3 files changed, 19 insertions, 5 deletions
diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java
index 3e80e0020..0435f4f92 100644
--- a/src/main/java/org/traccar/api/resource/SessionResource.java
+++ b/src/main/java/org/traccar/api/resource/SessionResource.java
@@ -17,6 +17,7 @@ package org.traccar.api.resource;
import org.traccar.api.BaseResource;
import org.traccar.api.security.CodeRequiredException;
+import org.traccar.api.security.LoginResult;
import org.traccar.api.security.LoginService;
import org.traccar.api.signature.TokenManager;
import org.traccar.database.OpenIdProvider;
@@ -61,6 +62,7 @@ import java.net.URI;
public class SessionResource extends BaseResource {
public static final String USER_ID_KEY = "userId";
+ public static final String EXPIRATION_KEY = "expiration";
public static final String USER_COOKIE_KEY = "user";
public static final String PASS_COOKIE_KEY = "password";
@@ -82,9 +84,11 @@ public class SessionResource extends BaseResource {
public User get(@QueryParam("token") String token) throws StorageException, IOException, GeneralSecurityException {
if (token != null) {
- User user = loginService.login(token).getUser();
+ LoginResult loginResult = loginService.login(token);
+ User user = loginResult.getUser();
if (user != null) {
request.getSession().setAttribute(USER_ID_KEY, user.getId());
+ request.getSession().setAttribute(EXPIRATION_KEY, loginResult.getExpiration());
LogAction.login(user.getId(), WebHelper.retrieveRemoteAddress(request));
return user;
}
diff --git a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
index e308024da..c33a80015 100644
--- a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
+++ b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
@@ -38,6 +38,7 @@ import java.io.IOException;
import java.lang.reflect.Method;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
+import java.util.Date;
public class SecurityRequestFilter implements ContainerRequestFilter {
@@ -92,7 +93,8 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
User user = loginResult.getUser();
if (user != null) {
statisticsManager.registerRequest(user.getId());
- securityContext = new UserSecurityContext(new UserPrincipal(user.getId()));
+ securityContext = new UserSecurityContext(
+ new UserPrincipal(user.getId(), loginResult.getExpiration()));
}
} catch (StorageException | GeneralSecurityException | IOException e) {
throw new WebApplicationException(e);
@@ -101,12 +103,13 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
} else if (request.getSession() != null) {
Long userId = (Long) request.getSession().getAttribute(SessionResource.USER_ID_KEY);
+ Date expiration = (Date) request.getSession().getAttribute(SessionResource.EXPIRATION_KEY);
if (userId != null) {
User user = injector.getInstance(PermissionsService.class).getUser(userId);
if (user != null) {
user.checkDisabled();
statisticsManager.registerRequest(userId);
- securityContext = new UserSecurityContext(new UserPrincipal(userId));
+ securityContext = new UserSecurityContext(new UserPrincipal(userId, expiration));
}
}
diff --git a/src/main/java/org/traccar/api/security/UserPrincipal.java b/src/main/java/org/traccar/api/security/UserPrincipal.java
index 18b84a0e1..83bd06fe9 100644
--- a/src/main/java/org/traccar/api/security/UserPrincipal.java
+++ b/src/main/java/org/traccar/api/security/UserPrincipal.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2015 - 2020 Anton Tananaev (anton@traccar.org)
+ * Copyright 2015 - 2023 Anton Tananaev (anton@traccar.org)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -16,19 +16,26 @@
package org.traccar.api.security;
import java.security.Principal;
+import java.util.Date;
public class UserPrincipal implements Principal {
private final long userId;
+ private final Date expiration;
- public UserPrincipal(long userId) {
+ public UserPrincipal(long userId, Date expiration) {
this.userId = userId;
+ this.expiration = expiration;
}
public Long getUserId() {
return userId;
}
+ public Date getExpiration() {
+ return expiration;
+ }
+
@Override
public String getName() {
return null;