Login restrictions

Looking at this sample https://github.com/cuba-platform/sample-login-restrictions , I see how to deal with login instances. But I can’t see how to disallow access to an “user” if there is yet an instance of this user, I want to throw a message on screen like “Sorry, this user is yet logged in. Do you want to abort his session, or cancel?”

I think this one has same idea.

https://www.cuba-platform.com/discuss/t/is-it-possible-to-restrict-user-access-by-time-range/83/2

https://www.cuba-platform.com/discuss/t/avoid-same-user-login-in-same-time-rest/4969

1 Like

Yes, your second post is what I’m looking for. Thanks :+1:

Hi,
We’ve added this case to a sample project: https://github.com/cuba-platform/sample-login-restrictions (changeset: https://github.com/cuba-platform/sample-login-restrictions/commit/c1d53bcb879c77b59a9bc74f511596c2573f613c)

if the user is yet logged in, the system shows a dialog window where you can abort existing session. In order to achieve this:

  • Create UserAccessChecker bean. Bean provides the ability to check user sessions on the existence session for the user and aborts user session if the click ‘Abort’ in a message dialog.
@Component("loginrestrictions_UserSessionExistsAccessChecker")
public class UserSessionExistsAccessChecker implements UserAccessChecker, Ordered {
    @Inject
    protected UserSessionsAPI userSessions;

    @Override
    public void check(Credentials credentials, AuthenticationDetails authenticationDetails) throws LoginException {
        if (credentials instanceof AbstractClientCredentials) {
            AbstractClientCredentials clientCredentials = (AbstractClientCredentials) credentials;
            if (clientCredentials.getParams() != null && Boolean.TRUE.equals(clientCredentials.getParams().get("abortSession"))) {
                userSessions.getUserSessionsStream()
                        .filter(s -> !s.isSystem() && Objects.equals(s.getUser().getLogin(), clientCredentials.getUserIdentifier()))
                        .findAny()
                        .ifPresent(s -> userSessions.killSession(s.getId()));
            }
            if (checkExistsUser(clientCredentials.getUserIdentifier()))
                throw new UserSessionExistsException(clientCredentials.getUserIdentifier());
        }
    }

    protected boolean checkExistsUser(String login) {
        return userSessions.getUserSessionsStream()
                .anyMatch(s -> !s.isSystem() && Objects.equals(s.getUser().getLogin(), login));
    }

    @Override
    public int getOrder() {
        return HIGHEST_PLATFORM_PRECEDENCE;
    }
}
  • Extend LoginWindow. LoginWindow shows a dialog if the user session already exists and tries to authenticate again.
public class ExtAppLoginWindow extends AppLoginWindow {
    @Override
    protected void doLogin(Credentials credentials) throws LoginException {
        String password = null;
        try {
            if (credentials instanceof LoginPasswordCredentials) {
                password = ((LoginPasswordCredentials) credentials).getPassword();
            }
            super.doLogin(credentials);
        } catch (UserSessionExistsException e) {
            if (credentials instanceof LoginPasswordCredentials) {
                String originalPassword = password;
                showOptionDialog(messages.getMainMessage("dialogs.Confirmation"), messages.getMainMessage("abortSession"),
                        Frame.MessageType.CONFIRMATION, new Action[]{
                                new DialogAction(DialogAction.Type.YES).withHandler(event ->
                                    retryLogin((LoginPasswordCredentials) credentials, originalPassword)
                                ),
                                new DialogAction(DialogAction.Type.NO, Action.Status.PRIMARY)
                        });
            }
        }
    }

    protected void retryLogin(LoginPasswordCredentials loginPasswordCredentials, String originalPassword) {
        try {
            Map<String, Object> params = loginPasswordCredentials.getParams();
            Map<String, Object> newParams = new HashMap<>();
            newParams.put("abortSession", Boolean.TRUE);
            if (params != null) {
                newParams.putAll(params);
            }
            loginPasswordCredentials.setParams(newParams);
            loginPasswordCredentials.setPassword(originalPassword);

            super.doLogin(loginPasswordCredentials);

        } catch (LoginException e1) {
            showLoginException(e1.getMessage());
        }
    }
}
2 Likes