Permalink
Browse files

[breaking] sessions - Clearing restx principal cache when logging out…

…, thus allowing to refresh principal roles on his next authentication.

This fixes #260
  • Loading branch information...
fcamblor committed Aug 21, 2017
1 parent 316c3f4 commit 46f8b580694dd8996e6c6fe090d20253adcf265c
Showing with 11 additions and 1 deletion.
  1. +11 −1 restx-security-basic/src/main/java/restx/security/SessionInvalider.java
@@ -1,14 +1,24 @@
package restx.security;
import com.google.common.base.Optional;
import restx.factory.Component;
@Component
public class SessionInvalider {
public SessionInvalider() {
private RestxSession.Definition restxSessionDefinition;
public SessionInvalider(RestxSession.Definition restxSessionDefinition) {
this.restxSessionDefinition = restxSessionDefinition;
}
public void invalidateSession(){
// Invalidating principal cache (on next login, principal roles will be refreshed)
Optional<? extends RestxPrincipal> principal = RestxSession.current().getPrincipal();
if (principal.isPresent()) {
restxSessionDefinition.getEntry(RestxPrincipal.SESSION_DEF_KEY).get().invalidateCacheFor(principal.get().getName());
}
// Clearing principal
RestxSession.current().clearPrincipal();
RestxSession.current().define(String.class, Session.SESSION_DEF_KEY, null);

0 comments on commit 46f8b58

Please sign in to comment.