Looking at this sample GitHub - cuba-platform/sample-login-restrictions: Customizing the user login procedure , I see how to deal with login instances. But I can’t see how to disallow access to an “user” if there is yet an instance of this user, I want to throw a message on screen like “Sorry, this user is yet logged in. Do you want to abort his session, or cancel?”
I think this one has same idea.
1 Like
Yes, your second post is what I’m looking for. Thanks
Hi,
We’ve added this case to a sample project: GitHub - cuba-platform/sample-login-restrictions: Customizing the user login procedure (changeset: One session by user · cuba-platform/sample-login-restrictions@c1d53bc · GitHub)
if the user is yet logged in, the system shows a dialog window where you can abort existing session. In order to achieve this:
- Create
UserAccessChecker
bean. Bean provides the ability to check user sessions on the existence session for the user and aborts user session if the click ‘Abort’ in a message dialog.
@Component("loginrestrictions_UserSessionExistsAccessChecker")
public class UserSessionExistsAccessChecker implements UserAccessChecker, Ordered {
@Inject
protected UserSessionsAPI userSessions;
@Override
public void check(Credentials credentials, AuthenticationDetails authenticationDetails) throws LoginException {
if (credentials instanceof AbstractClientCredentials) {
AbstractClientCredentials clientCredentials = (AbstractClientCredentials) credentials;
if (clientCredentials.getParams() != null && Boolean.TRUE.equals(clientCredentials.getParams().get("abortSession"))) {
userSessions.getUserSessionsStream()
.filter(s -> !s.isSystem() && Objects.equals(s.getUser().getLogin(), clientCredentials.getUserIdentifier()))
.findAny()
.ifPresent(s -> userSessions.killSession(s.getId()));
}
if (checkExistsUser(clientCredentials.getUserIdentifier()))
throw new UserSessionExistsException(clientCredentials.getUserIdentifier());
}
}
protected boolean checkExistsUser(String login) {
return userSessions.getUserSessionsStream()
.anyMatch(s -> !s.isSystem() && Objects.equals(s.getUser().getLogin(), login));
}
@Override
public int getOrder() {
return HIGHEST_PLATFORM_PRECEDENCE;
}
}
- Extend
LoginWindow
.LoginWindow
shows a dialog if the user session already exists and tries to authenticate again.
public class ExtAppLoginWindow extends AppLoginWindow {
@Override
protected void doLogin(Credentials credentials) throws LoginException {
String password = null;
try {
if (credentials instanceof LoginPasswordCredentials) {
password = ((LoginPasswordCredentials) credentials).getPassword();
}
super.doLogin(credentials);
} catch (UserSessionExistsException e) {
if (credentials instanceof LoginPasswordCredentials) {
String originalPassword = password;
showOptionDialog(messages.getMainMessage("dialogs.Confirmation"), messages.getMainMessage("abortSession"),
Frame.MessageType.CONFIRMATION, new Action[]{
new DialogAction(DialogAction.Type.YES).withHandler(event ->
retryLogin((LoginPasswordCredentials) credentials, originalPassword)
),
new DialogAction(DialogAction.Type.NO, Action.Status.PRIMARY)
});
}
}
}
protected void retryLogin(LoginPasswordCredentials loginPasswordCredentials, String originalPassword) {
try {
Map<String, Object> params = loginPasswordCredentials.getParams();
Map<String, Object> newParams = new HashMap<>();
newParams.put("abortSession", Boolean.TRUE);
if (params != null) {
newParams.putAll(params);
}
loginPasswordCredentials.setParams(newParams);
loginPasswordCredentials.setPassword(originalPassword);
super.doLogin(loginPasswordCredentials);
} catch (LoginException e1) {
showLoginException(e1.getMessage());
}
}
}
2 Likes