Invalidate users when there're modifications in the users or in the roles
Hello,
We have an application with the users and their roles stored in a database that can be managed through the application itself.
What we want to achieve is deactivate the users whenever occurs a modification in the roles or in the users. We want to do that the best we can (for instance, to invalidate only the deleted user, not to invalidate the user who is making the changes, and so on)
My approach has been to include the concurrentSessionFilter with a sessionRegistry for it and a concurrentSessionControlStrategy (for the time being with -1 in maximumSessions) that has the same sessionRegistry. The latter is used by a sessionManagementFilter later in the filter chain.
Well, the main point is that I have a sessionRegistry which can be used to access the registered users, in order to expire their sessions.
For doing that, I've created a class with the sessionRegistry autowired (this class is called by an aspect, but this is not relevant right now)
My question is (apologize for the excesive context)...
...is the sessionRegistry threadSafe or do I have to take some precautions to access it?
This is my code, can you tell me if there's something wrong?
Code:@Component public class ManageExpirationImpl implements ManageExpiration { private final Logger logger = Logger.getLogger(ManageExpirationImpl.class); @Autowired SessionRegistry sessionRegistry; //A simple sample public void deactivateAllUsers() { synchronized (sessionRegistry) { //Is this necessary? for (Object principal : sessionRegistry.getAllPrincipals()) { for (SessionInformation session : sessionRegistry.getAllSessions(principal, false)) { session.expireNow(); } } } }
Reply With Quote