Calling a Middleware bean or service from HttpSessionListener

cklee · December 30, 2023, 2:42am

I am monitoring the user sessions for licensing purposes and I have session tracking in a bean in the middle tier layer. However, to detect if a session has expired (either user left the browser idle too long or the browser crash/closed), I used a HttpSessionListener in the web tier. When I tried to call the service from the sessionDestroyed() method, it throws: No security context bound to the current thread

@Override
public void sessionDestroyed(HttpSessionEvent hse) {
    System.out.println("Session destroyed: " + hse.getSession().getId());
    LicenseService licenseService = AppBeans.get(LicenseService.NAME);
    licenseService.releaseAllLicenseVaadin(hse.getSession().getId());
}

I read that we need to call a Spring bean instead. But the session tracking bean is running in the middle-tier. Besides the session timeout, I also track the UserLoggedOutEvent which is in the middle-tier right ? And I can’t use a global bean as there will one in the web and one in the core module, but I need to keep license count state (need a singleton bean).

Is there a way for a web bean to call a core bean without using a service ?

ckwan · January 3, 2024, 3:11pm

try to use

UserSession systemSession;
        try {
            systemSession = trustedClientService.getSystemSession(webAuthConfig.getTrustedClientPassword());
        } catch (LoginException e) {
            log.error("Unable to obtain system session", e);
        }
        AppContext.withSecurityContext(new SecurityContext(systemSession), () -> {

            LicenseService licenseService = AppBeans.get(LicenseService.NAME);
            licenseService.releaseAllLicenseVaadin(hse.getSession().getId());
        });