1 package org
.argeo
.security
.jcr
;
3 import javax
.jcr
.Session
;
5 import org
.apache
.commons
.logging
.Log
;
6 import org
.apache
.commons
.logging
.LogFactory
;
7 import org
.argeo
.jcr
.ThreadBoundJcrSessionFactory
;
8 import org
.springframework
.security
.Authentication
;
9 import org
.springframework
.security
.context
.SecurityContextHolder
;
10 import org
.springframework
.security
.userdetails
.UserDetails
;
12 public class SecureThreadBoundSession
extends ThreadBoundJcrSessionFactory
{
13 private final static Log log
= LogFactory
14 .getLog(SecureThreadBoundSession
.class);
17 protected Session
preCall(Session session
) {
18 Authentication authentication
= SecurityContextHolder
.getContext()
20 if (authentication
!= null) {
21 String userID
= session
.getUserID();
22 UserDetails userDetails
= (UserDetails
) authentication
.getDetails();
23 if (userDetails
!= null) {
24 String currentUserName
= userDetails
.getUsername();
25 if (!userID
.equals(currentUserName
)) {
26 log
.warn("Current session has user ID " + userID
27 + " while logged is user is " + currentUserName
28 + "(authentication=" + authentication
+ ")"
34 return super.preCall(session
);