[breaking] sessions - Clearing restx principal cache when logging out…

…, thus allowing to refresh principal roles on his next authentication. This fixes #260
restx · Aug 21, 2017 · 46f8b580694dd8996e6c6fe090d20253adcf265c · 46f8b58
1 parent 316c3f4
commit 46f8b580694dd8996e6c6fe090d20253adcf265c
Unified Split

Showing with 11 additions and 1 deletion.

+11 −1 restx-security-basic/src/main/java/restx/security/SessionInvalider.java
diff --git a/restx-security-basic/src/main/java/restx/security/SessionInvalider.java b/restx-security-basic/src/main/java/restx/security/SessionInvalider.java
@@ -1,14 +1,24 @@
 package restx.security;

+import com.google.common.base.Optional;
 import restx.factory.Component;

 @Component
 public class SessionInvalider {

-    public SessionInvalider() {
+    private RestxSession.Definition restxSessionDefinition;
+
+    public SessionInvalider(RestxSession.Definition restxSessionDefinition) {
+        this.restxSessionDefinition = restxSessionDefinition;
    }

    public void invalidateSession(){
+        // Invalidating principal cache (on next login, principal roles will be refreshed)
+        Optional<? extends RestxPrincipal> principal = RestxSession.current().getPrincipal();
+        if (principal.isPresent()) {
+            restxSessionDefinition.getEntry(RestxPrincipal.SESSION_DEF_KEY).get().invalidateCacheFor(principal.get().getName());
+        }
+
        // Clearing principal
        RestxSession.current().clearPrincipal();
        RestxSession.current().define(String.class, Session.SESSION_DEF_KEY, null);