jdbc sessions

core/src/main/java/jeeves/config/springutil/LogoutUserSessionHandler.java

@@ -50,6 +50,7 @@ public void logout(HttpServletRequest request,
                 UserSession userSession = (UserSession) tmp;
                 userSession.clear();
             }
+            httpSession.invalidate();
         }
 
     }

core/src/main/java/jeeves/server/UserSession.java

@@ -23,6 +23,9 @@
 
 package jeeves.server;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import org.fao.geonet.domain.LDAPUser;
 import org.fao.geonet.domain.Profile;
 import org.fao.geonet.domain.User;
@@ -37,17 +40,19 @@
 
 import javax.servlet.http.HttpSession;
 
+import java.io.Serializable;
 import java.util.Hashtable;
 
 //=============================================================================
 
 /**
  * Abstraction layer from the user session.
  */
-public class UserSession {
+public class UserSession implements Serializable  {
+
+    @JsonProperty
     private Hashtable<String, Object> htProperties = new Hashtable<String, Object>(10, .75f);
 
-    private HttpSession sHttpSession;
 
     //--------------------------------------------------------------------------
     //---
@@ -64,19 +69,6 @@ public UserSession() {
     //---
     //--------------------------------------------------------------------------
 
-    /**
-     * @return the sHttpSession
-     */
-    public HttpSession getsHttpSession() {
-        return sHttpSession;
-    }
-
-    /**
-     * @param sHttpSession the sHttpSession to set
-     */
-    public void setsHttpSession(HttpSession sHttpSession) {
-        this.sHttpSession = sHttpSession;
-    }
 
     /**
      * Sets a generic property.
@@ -109,9 +101,6 @@ public void removeProperty(String name) {
     public void clear() {
         htProperties.clear();
         SecurityContextHolder.clearContext();
-        if (sHttpSession != null) {
-            sHttpSession.invalidate();
-        }
     }
 
     //--------------------------------------------------------------------------
@@ -124,12 +113,14 @@ public void loginAs(User user) {
         SecurityContextHolder.setContext(secContext);
     }
 
+    @JsonIgnore
     public boolean isAuthenticated() {
         return !(auth() instanceof AnonymousAuthenticationToken);
     }
 
     //--------------------------------------------------------------------------
 
+    @JsonIgnore
     public String getUserId() {
         User userDetails = getPrincipal();
         if (userDetails == null) {
@@ -139,6 +130,7 @@ public String getUserId() {
         }
     }
 
+    @JsonIgnore
     public String getUsername() {
         User userDetails = getPrincipal();
         if (userDetails == null) {
@@ -148,6 +140,7 @@ public String getUsername() {
         }
     }
 
+    @JsonIgnore
     public String getName() {
         User userDetails = getPrincipal();
         if (userDetails == null) {
@@ -157,6 +150,7 @@ public String getName() {
         }
     }
 
+    @JsonIgnore
     public String getSurname() {
         User userDetails = getPrincipal();
         if (userDetails == null) {
@@ -166,6 +160,7 @@ public String getSurname() {
         }
     }
 
+    @JsonIgnore
     public Profile getProfile() {
         User userDetails = getPrincipal();
         if (userDetails == null) {
@@ -175,6 +170,7 @@ public Profile getProfile() {
         }
     }
 
+    @JsonIgnore
     public String getEmailAddr() {
         User userDetails = getPrincipal();
         if (userDetails == null) {
@@ -184,6 +180,7 @@ public String getEmailAddr() {
         }
     }
 
+    @JsonIgnore
     public String getOrganisation() {
         User userDetails = getPrincipal();
         if (userDetails == null) {
@@ -193,6 +190,7 @@ public String getOrganisation() {
         }
     }
 
+    @JsonIgnore
     public int getUserIdAsInt() {
         String id = getUserId();
         return id == null ? -1 : Integer.parseInt(getUserId());
@@ -212,6 +210,7 @@ private Authentication auth() {
         }
     }
 
+    @JsonIgnore
     public User getPrincipal() {
         Authentication auth = auth();
         if (auth != null) {

core/src/main/java/jeeves/server/sources/http/JeevesServlet.java

@@ -149,7 +149,7 @@ private void execute(HttpServletRequest req, HttpServletResponse res) throws IOE
             session = new UserSession();
 
             httpSession.setAttribute(USER_SESSION_ATTRIBUTE_KEY, session);
-            session.setsHttpSession(httpSession);
+          //  session.setsHttpSession(httpSession);
 
             if (Log.isDebugEnabled(Log.REQUEST)) {
                 Log.debug(Log.REQUEST, "Session created for client : " + ip);

core/src/main/java/org/fao/geonet/kernel/SelectionManager.java

@@ -25,6 +25,7 @@
 
 import co.elastic.clients.elasticsearch.core.SearchResponse;
 import co.elastic.clients.elasticsearch.core.search.Hit;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import jeeves.server.UserSession;
@@ -40,6 +41,7 @@
 import org.fao.geonet.utils.Log;
 import org.jdom.Element;
 
+import java.io.Serializable;
 import java.util.*;
 import java.util.stream.Collectors;
 
@@ -50,7 +52,7 @@
 /**
  * Manage objects selection for a user session.
  */
-public class SelectionManager {
+public class SelectionManager implements Serializable {
 
     public static final String SELECTION_METADATA = "metadata";
     public static final String SELECTION_BUCKET = "bucket";
@@ -72,6 +74,7 @@ private SelectionManager() {
     }
 
 
+    @JsonIgnore
     public Map<String, Integer> getSelectionsAndSize() {
         return selections.entrySet().stream().collect(Collectors.toMap(
             e -> e.getKey(),

core/src/test/java/org/fao/geonet/AbstractCoreIntegrationTest.java

@@ -288,7 +288,7 @@ public MockHttpSession loginAs(User user) {
         UserSession userSession = new UserSession();
         userSession.loginAs(user);
         session.setAttribute(Jeeves.Elem.SESSION, userSession);
-        userSession.setsHttpSession(session);
+        //userSession.setsHttpSession(session);
 
         return session;
     }
@@ -303,8 +303,8 @@ public MockHttpSession loginAsAnonymous() {
 
         UserSession userSession = new UserSession();
         session.setAttribute(Jeeves.Elem.SESSION, userSession);
-        userSession.setsHttpSession(session);
-
+//        userSession.setsHttpSession(session);
+//
         return session;
     }
 

domain/src/main/java/org/fao/geonet/domain/User.java

@@ -25,6 +25,7 @@
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 
+import com.fasterxml.jackson.annotation.JsonProperty;
 import org.apache.commons.lang.StringUtils;
 import org.fao.geonet.entitylistener.UserEntityListenerManager;
 import org.fao.geonet.domain.converter.BooleanToYNConverter;
@@ -59,17 +60,31 @@ public class User extends GeonetEntity implements UserDetails {
     public static final String NODE_APPLICATION_CONTEXT_KEY = "jeevesNodeApplicationContext_";
     static final String ID_SEQ_NAME = "user_id_seq";
     private static final long serialVersionUID = 2589607276443866650L;
+
+    @JsonProperty("id")
     private int _id;
+
+    @JsonProperty("username")
     private String _username;
+    @JsonProperty("surname")
     private String _surname;
+    @JsonProperty("name")
     private String _name;
+    @JsonProperty("email")
     private Set<String> _email = new HashSet<>();
+    @JsonProperty("addresss")
     private Set<Address> _addresses = new LinkedHashSet<>();
+    @JsonProperty("organisation")
     private String _organisation;
+    @JsonProperty("kind")
     private String _kind;
+    @JsonProperty("profile")
     private Profile _profile = Profile.RegisteredUser;
+    @JsonProperty("security")
     private UserSecurity _security = new UserSecurity();
+    @JsonProperty("lastLoginDate")
     private String _lastLoginDate;
+    @JsonProperty("isEnabled")
     private Boolean _isEnabled;
 
     public static String getRandomPassword() {
@@ -187,6 +202,7 @@ public User setName(@Nullable String name) {
      * @return the main email address of the user.
      */
     @Transient
+    @JsonIgnore
     public String getEmail() {
         if (_email != null) {
             for (String email : _email) {
@@ -249,6 +265,7 @@ protected User setAddresses(Set<Address> addresses) {
      * @return the first address in the list of the addresses.
      */
     @Transient
+    @JsonIgnore
     public
     @Nonnull
     Address getPrimaryAddress() {
@@ -375,6 +392,7 @@ public User setLastLoginDate(@Nullable String lastLoginDate) {
         return this;
     }
 
+    @JsonIgnore
     @Transient
     @Override
     public Collection<GrantedAuthority> getAuthorities() {
@@ -393,18 +411,21 @@ public Collection<GrantedAuthority> getAuthorities() {
     }
 
     @Transient
+    @JsonIgnore
     @Override
     public boolean isAccountNonExpired() {
         return true;
     }
 
     @Transient
+    @JsonIgnore
     @Override
     public boolean isAccountNonLocked() {
         return true;
     }
 
     @Override
+    @JsonIgnore
     @Transient
     public boolean isCredentialsNonExpired() {
         return true;

domain/src/main/java/org/fao/geonet/domain/UserSecurity.java

@@ -45,6 +45,7 @@
 @Embeddable
 public class UserSecurity extends GeonetEntity implements Serializable {
     private char[] _password;
+    @JsonIgnore
     private Set<UserSecurityNotification> _securityNotifications = new HashSet<UserSecurityNotification>();
     private String _authType;
     private String _nodeId;
@@ -121,6 +122,7 @@ protected UserSecurity setSecurityNotificationsString(final String securityNotif
      * @return the mutable set if security notifications.
      */
     @Transient
+    @JsonIgnore
     public Set<UserSecurityNotification> getSecurityNotifications() {
         return _securityNotifications;
     }

services/src/main/java/org/fao/geonet/api/AllRequestsInterceptor.java

@@ -86,7 +86,7 @@ private void createSessionForAllButNotCrawlers(HttpServletRequest request) {
                 session = new UserSession();
 
                 httpSession.setAttribute(Jeeves.Elem.SESSION, session);
-                session.setsHttpSession(httpSession);
+              //  session.setsHttpSession(httpSession);
 
                 if (Log.isDebugEnabled(Log.REQUEST)) {
                     Log.debug(Log.REQUEST, "Session created for client : " + request.getRemoteAddr());

services/src/main/java/org/fao/geonet/services/main/GenericController.java

@@ -106,7 +106,7 @@ public void dispatch(@PathVariable String portal,
                 session = new UserSession();
 
                 httpSession.setAttribute(USER_SESSION_ATTRIBUTE_KEY, session);
-                session.setsHttpSession(httpSession);
+               // session.setsHttpSession(httpSession);
 
                 if (Log.isDebugEnabled(Log.REQUEST))
                     Log.debug(Log.REQUEST, "Session created for client : " + ip);

web/pom.xml

@@ -53,6 +53,13 @@
 
   <!-- FIXME set common dependencies to the root pom.xml  -->
   <dependencies>
+
+    <dependency>
+      <groupId>org.springframework.session</groupId>
+      <artifactId>spring-session-jdbc</artifactId>
+      <version>2.7.4</version>
+    </dependency>
+
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-api</artifactId>