[breaking] sessions - Clearing restx principal cache when logging out…

…, thus allowing to refresh principal roles on his next authentication. This fixes #260
restx · Aug 21, 2017 · 46f8b58 · 46f8b58
1 parent 316c3f4
commit 46f8b58
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/restx-security-basic/src/main/java/restx/security/SessionInvalider.java b/restx-security-basic/src/main/java/restx/security/SessionInvalider.java
@@ -1,14 +1,24 @@
 package restx.security;
 
+import com.google.common.base.Optional;
 import restx.factory.Component;
 
 @Component
 public class SessionInvalider {
 
-    public SessionInvalider() {
+    private RestxSession.Definition restxSessionDefinition;
+
+    public SessionInvalider(RestxSession.Definition restxSessionDefinition) {
+        this.restxSessionDefinition = restxSessionDefinition;
     }
 
     public void invalidateSession(){
+        // Invalidating principal cache (on next login, principal roles will be refreshed)
+        Optional<? extends RestxPrincipal> principal = RestxSession.current().getPrincipal();
+        if (principal.isPresent()) {
+            restxSessionDefinition.getEntry(RestxPrincipal.SESSION_DEF_KEY).get().invalidateCacheFor(principal.get().getName());
+        }
+
         // Clearing principal
         RestxSession.current().clearPrincipal();
         RestxSession.current().define(String.class, Session.SESSION_DEF_KEY, null);