Http session list and invalidation added

code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PermissionBean.java

@@ -35,6 +35,7 @@ import fi.insomnia.bortal.model.User;
 		UserPermission.S_WRITE_ROLES,
 		UserPermission.S_READ_ROLES,
 		UserPermission.S_ANYUSER,
+		UserPermission.S_MANAGE_HTTP_SESSION,
 
 		MapPermission.S_VIEW,
 		MapPermission.S_MANAGE_MAPS,

code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SessionMgmtBean.java

+package fi.insomnia.bortal.beans;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import javax.annotation.security.DeclareRoles;
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.LocalBean;
+import javax.ejb.Singleton;
+import javax.servlet.http.HttpSession;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import fi.insomnia.bortal.enums.apps.UserPermission;
+
+/**
+ * Session Bean implementation class SesionMgmtBeanLocal
+ */
+@Singleton
+@LocalBean
+@DeclareRoles({ UserPermission.S_MANAGE_HTTP_SESSION })
+public class SessionMgmtBean implements SessionMgmtBeanLocal {
+
+	/**
+	 * Default constructor.
+	 */
+	public SessionMgmtBean() {
+		// TODO Auto-generated constructor stub
+	}
+
+	private final Map<String, String> sessionUsers = Collections.synchronizedMap(new HashMap<String, String>());
+	private final Set<HttpSession> sessions = Collections.synchronizedSet(new HashSet<HttpSession>());
+
+	private static final Logger logger = LoggerFactory.getLogger(SessionMgmtBean.class);
+
+	@Override
+	public void updateSessionUser(String sessionId, String user)
+	{
+
+		if (!sessionUsers.containsKey(sessionId))
+		{
+			sessionUsers.put(sessionId, user);
+		}
+	}
+
+	@Override
+	public void sessionCreated(HttpSession session) {
+		sessions.add(session);
+	}
+
+	@Override
+	public void sessionDestroyed(HttpSession session) {
+		sessionUsers.remove(session.getId());
+		sessions.remove(session);
+	}
+
+	@Override
+	@RolesAllowed(UserPermission.S_MANAGE_HTTP_SESSION)
+	public Set<HttpSession> getSessions()
+	{
+		return Collections.unmodifiableSet(sessions);
+	}
+
+	@Override
+	public String getUsername(String sessionId) {
+		return sessionUsers.get(sessionId);
+	}
+
+}

code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionMgmtBeanLocal.java

+package fi.insomnia.bortal.beans;
+
+import java.util.Set;
+
+import javax.ejb.Local;
+import javax.servlet.http.HttpSession;
+
+@Local
+public interface SessionMgmtBeanLocal {
+
+	void sessionCreated(HttpSession session);
+
+	void sessionDestroyed(HttpSession session);
+
+	/**
+	 * 
+	 * @return Unmodifiable list of http sessions
+	 */
+
+	Set<HttpSession> getSessions();
+
+	void updateSessionUser(String sessionId, String user);
+
+	String getUsername(String sessionId);
+
+}

code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/UserPermission.java

@@ -14,8 +14,7 @@ public enum UserPermission implements IAppPermission {
 	VIEW_ACCOUNTEVENTS("Show other users account events"),
 	MODIFY_ACCOUNTEVENTS("Modify Account events"),
 	ANYUSER("All users have this anyways"),
-
-	;
+	MANAGE_HTTP_SESSION("Manage http sessions"), ;
 
 	public static final String S_VIEW_ALL = "USER/VIEW_ALL";
 	public static final String S_MODIFY = "USER/MODIFY";
@@ -28,6 +27,7 @@ public enum UserPermission implements IAppPermission {
 	public static final String S_VIEW_ACCOUNTEVENTS = "USER/VIEW_ACCOUNTEVENTS";
 	public static final String S_MODIFY_ACCOUNTEVENTS = "USER/MODIFY_ACCOUNTEVENTS";
 	public static final String S_ANYUSER = "USER/ANYUSER";
+	public static final String S_MANAGE_HTTP_SESSION = "USER/MANAGE_HTTP_SESSION";
 
 	private String description;
 	private String fullName;

code/LanBortalWeb/WebContent/auth/userSessionList.xhtml

+<!DOCTYPE html 
+     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets"
+	xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core"
+	xmlns:c="http://java.sun.com/jsp/jstl/core"
+>
+<h:body>
+	<ui:composition template="/layout/#{sessionHandler.layout}/template.xhtml">
+		<f:metadata>
+			<f:event type="preRenderView" listener="#{userSessionView.initView}" />
+		</f:metadata>
+		<ui:define name="content">
+
+			<h:form>
+				<h:dataTable value="#{userSessionView.sessions}" var="sess">
+					<h:column>
+						<f:facet name="header">
+							<h:outputText value="#{i18n['httpsession.id']}" />
+						</f:facet>
+						<h:outputText value="#{sess.id}" />
+					</h:column>
+					<h:column>
+						<f:facet name="header">
+							<h:outputText value="#{i18n['httpsession.user']}" />
+						</f:facet>
+						<h:outputText value="#{sess.id}" converter="#{sessionToUsernameConverter}" />
+					</h:column>
+					<h:column>
+						<f:facet name="header">
+							<h:outputText value="#{i18n['httpsession.creationTime']}" />
+						</f:facet>
+						<h:outputText value="#{sess.creationTime}" />
+					</h:column>
+					<h:column>
+						<f:facet name="header">
+							<h:outputText value="#{i18n['httpsession.lastAccessedTime']}" />
+						</f:facet>
+						<h:outputText value="#{sess.lastAccessedTime}" />
+					</h:column>
+					<h:column>
+						<f:facet name="header">
+							<h:outputText value="#{i18n['httpsession.sessionHasExisted']}" />
+						</f:facet>
+						<h:outputText value="#{sess.lastAccessedTime - sess.creationTime}" />
+					</h:column>
+					<h:column>
+						<f:facet name="header">
+							<h:outputText value="#{i18n['httpsession.maxInactiveInterval']}" />
+						</f:facet>
+						<h:outputText value="#{sess.maxInactiveInterval}" />
+					</h:column>
+					<h:column>
+						<f:facet name="header">
+							<h:outputText value="#{i18n['httpsession.isSessionNew']}" />
+						</f:facet>
+						<h:outputText value="#{sess.new}" />
+					</h:column>
+					<h:column>
+						<h:commandButton action="#{userSessionView.invalidateSession}" value="#{i18n['httpsession.invalidate']}" />
+					</h:column>
+					
+				</h:dataTable>
+			</h:form>
+		</ui:define>
+
+	</ui:composition>
+</h:body>
+</html>
\ No newline at end of file

code/LanBortalWeb/src/fi/insomnia/bortal/HostnameFilter.java

@@ -2,6 +2,7 @@ package fi.insomnia.bortal;
 
 import java.io.IOException;
 
+import javax.ejb.EJB;
 import javax.faces.context.FacesContext;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -16,6 +17,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import fi.insomnia.bortal.beans.EventBeanLocal;
+import fi.insomnia.bortal.beans.SessionMgmtBeanLocal;
 import fi.insomnia.bortal.clientutils.BortalLocalContextHolder;
 import fi.insomnia.bortal.model.User;
 
@@ -28,6 +30,9 @@ public class HostnameFilter implements Filter {
 			.getLogger(HostnameFilter.class);
 	private boolean developmentMode = false;
 
+	@EJB
+	private SessionMgmtBeanLocal sessionmgmt;
+
 	/**
 	 * Default constructor.
 	 */
@@ -85,6 +90,9 @@ public class HostnameFilter implements Filter {
 					logger.warn("Error logging in as anonymous... ignoring.. ",
 							t);
 				}
+			} else if (!httpRequest.getUserPrincipal().getName().equals(User.ANONYMOUS_LOGINNAME))
+			{
+				sessionmgmt.updateSessionUser(httpRequest.getSession().getId(), httpRequest.getUserPrincipal().getName());
 			}
 
 		}
@@ -110,8 +118,7 @@ public class HostnameFilter implements Filter {
 		if (stage.trim().equalsIgnoreCase("Development")) {
 			developmentMode = true;
 		}
-		
-		
+
 	}
 
 	public static String getCurrentHostname(HttpSession sess) {
@@ -125,5 +132,4 @@ public class HostnameFilter implements Filter {
 		return ret;
 	}
 
-
 }

code/LanBortalWeb/src/fi/insomnia/bortal/resources/i18n.properties

@@ -104,5 +104,15 @@ page.poll.answer.pagegroup=poll
 
 page.poll.answered.pagegroup=poll
 
-#Bill number
-# Validationmessages
+httpsession.id=ID
+httpsession.creationTime=Luotu
+httpsession.lastAccessedTime=Viimeksi nhty
+httpsession.sessionHasExisted=Ollut elossa (s)
+httpsession.maxInactiveInterval=Aikakatkaisu (s)
+httpsession.isSessionNew=Uusi sessio
+httpsession.invalidate=Mitti
+httpsession.user=Tunnus
+httpsession.invalidateSuccessfull=Sessio onnistuneesti mittity
+user.unauthenticated=Kirjautumaton
+
+

code/LanBortalWeb/src/fi/insomnia/bortal/servlet/BortalHttpSessionListener.java

+package fi.insomnia.bortal.servlet;
+
+import javax.ejb.EJB;
+import javax.servlet.annotation.WebListener;
+import javax.servlet.http.HttpSessionEvent;
+import javax.servlet.http.HttpSessionListener;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import fi.insomnia.bortal.beans.SessionMgmtBeanLocal;
+
+@WebListener
+public class BortalHttpSessionListener implements HttpSessionListener {
+
+	@EJB
+	private SessionMgmtBeanLocal sessbean;
+	private static final Logger logger = LoggerFactory.getLogger(BortalHttpSessionListener.class);
+
+	@Override
+	public void sessionCreated(HttpSessionEvent se) {
+		logger.info("SessionCreated (web) se");
+		sessbean.sessionCreated(se.getSession());
+
+	}
+
+	@Override
+	public void sessionDestroyed(HttpSessionEvent se) {
+		logger.info("Session destroyed (web) se");
+		sessbean.sessionDestroyed(se.getSession());
+	}
+
+}

code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/user/UserSessionView.java

+package fi.insomnia.bortal.web.cdiview.user;
+
+import java.util.ArrayList;
+
+import javax.ejb.EJB;
+import javax.enterprise.context.ConversationScoped;
+import javax.faces.model.ListDataModel;
+import javax.inject.Named;
+import javax.servlet.http.HttpSession;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import fi.insomnia.bortal.beans.SessionMgmtBeanLocal;
+import fi.insomnia.bortal.enums.apps.UserPermission;
+import fi.insomnia.bortal.web.cdiview.GenericCDIView;
+
+@Named
+@ConversationScoped
+public class UserSessionView extends GenericCDIView {
+
+	private static final long serialVersionUID = -5305969666679378884L;
+	@EJB
+	private SessionMgmtBeanLocal sessionMgmt;
+	private ListDataModel<HttpSession> sessions;
+
+	private HttpSession session;
+	private static final Logger logger = LoggerFactory.getLogger(UserSessionView.class);
+
+	public void initView()
+	{
+		if (super.requirePermissions(UserPermission.MANAGE_HTTP_SESSION) && sessions == null)
+		{
+			sessions = new ListDataModel<HttpSession>(new ArrayList<HttpSession>(sessionMgmt.getSessions()));
+			super.beginConversation();
+		}
+	}
+
+	public ListDataModel<HttpSession> getSessions() {
+		return sessions;
+	}
+
+	public void setSessions(ListDataModel<HttpSession> sessions) {
+		this.sessions = sessions;
+	}
+
+	public HttpSession getSession() {
+		return session;
+	}
+
+	public void setSession(HttpSession session) {
+		this.session = session;
+	}
+
+	public String invalidateSession()
+	{
+		sessions.getRowData().invalidate();
+		sessions = null;
+		super.addFaceMessage("httpsession.invalidateSuccessfull");
+		return null;
+	}
+
+}

code/LanBortalWeb/src/fi/insomnia/bortal/web/converter/SessionToUsernameConverter.java

+package fi.insomnia.bortal.web.converter;
+
+import javax.ejb.EJB;
+import javax.faces.component.UIComponent;
+import javax.faces.context.FacesContext;
+import javax.faces.convert.Converter;
+import javax.inject.Named;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import fi.insomnia.bortal.beans.SessionMgmtBeanLocal;
+import fi.insomnia.bortal.utilities.I18n;
+
+@Named()
+public class SessionToUsernameConverter implements Converter {
+
+	@EJB
+	private SessionMgmtBeanLocal sessbean;
+
+	private static final Logger logger = LoggerFactory.getLogger(SessionToUsernameConverter.class);
+
+	@Override
+	public Object getAsObject(FacesContext context, UIComponent component, String value) {
+		return null;
+	}
+
+	@Override
+	public String getAsString(FacesContext context, UIComponent component, Object value) {
+		String ret = "";
+		if (value != null)
+		{
+			ret = sessbean.getUsername(value.toString());
+		}
+		if (ret == null || ret.isEmpty())
+		{
+			ret = I18n.get("user.unauthenticated");
+		}
+		return ret;
+	}
+}