sessions - Introduced new SessionInvalider component providing an ext…

…ension point to custom behaviours during logout

restx-security-basic/src/main/java/restx/security/SessionInvalider.java

@@ -0,0 +1,16 @@
package restx.security;

import restx.factory.Component;

@Component
public class SessionInvalider {

    public SessionInvalider() {
    }

    public void invalidateSession(){
        // Clearing principal
        RestxSession.current().clearPrincipal();
        RestxSession.current().define(String.class, Session.SESSION_DEF_KEY, null);
    }
}

restx-security-basic/src/main/java/restx/security/SessionResource.java

@@ -19,10 +19,12 @@

    private final BasicPrincipalAuthenticator authenticator;
    private final UUIDGenerator uuidGenerator;
    private SessionInvalider sessionInvalider;

    public SessionResource(BasicPrincipalAuthenticator authenticator, UUIDGenerator uuidGenerator) {
    public SessionResource(BasicPrincipalAuthenticator authenticator, UUIDGenerator uuidGenerator, SessionInvalider sessionInvalider) {
        this.authenticator = authenticator;
        this.uuidGenerator = uuidGenerator;
        this.sessionInvalider = sessionInvalider;
    }


@@ -69,8 +71,7 @@ public Session currentSession() {
    @PermitAll
    @DELETE("/sessions/{sessionKey}")
    public Status logout(String sessionKey) {
        RestxSession.current().clearPrincipal();
        RestxSession.current().define(String.class, Session.SESSION_DEF_KEY, null);
        sessionInvalider.invalidateSession();
        return Status.of("logout");
    }
}