Log a warning if session cannot be invalidated

kitodo · Apr 22, 2024 · 2f37583 · 2f37583
1 parent c49e67d
commit 2f37583
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 5 deletions.
diff --git a/Kitodo/src/main/java/org/kitodo/production/helper/Helper.java b/Kitodo/src/main/java/org/kitodo/production/helper/Helper.java
@@ -550,4 +550,23 @@ public static String generateRandomString(int length) {
         }
         return sb.toString();
     }
+
+    /**
+     * Returns an object description for error messages. It consists of the
+     * class name and optionally the {@code toString()}, if {@code toString()}
+     * is overloaded.
+     * 
+     * @param object
+     *            object to be described
+     * @return object description
+     */
+    public static String getObjectDescription(Object object) {
+        if (Objects.isNull(object)) {
+            return "null";
+        }
+        String fullClassName = object.getClass().getName();
+        String objectToString = object.toString();
+        return objectToString.startsWith(fullClassName.concat("@")) ? fullClassName
+                : fullClassName + '(' + objectToString + ')';
+    }
 }
diff --git a/Kitodo/src/main/java/org/kitodo/production/security/CustomLogoutSuccessHandler.java b/Kitodo/src/main/java/org/kitodo/production/security/CustomLogoutSuccessHandler.java
@@ -12,11 +12,15 @@
 package org.kitodo.production.security;
 
 import java.io.IOException;
+import java.text.MessageFormat;
 import java.util.Objects;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.kitodo.production.helper.Helper;
 import org.kitodo.production.services.ServiceManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -31,6 +35,7 @@
  */
 public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {
 
+    private static final Logger logger = LogManager.getLogger(CustomLogoutSuccessHandler.class);
     private final String onSuccessUrl;
     private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
 
@@ -41,12 +46,21 @@ public CustomLogoutSuccessHandler(String onSuccessUrl) {
     @Override
     public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
             throws IOException {
-        if (Objects.nonNull(authentication) && Objects.nonNull(authentication.getDetails())) {
-            Object principal = authentication.getPrincipal();
-            if (principal instanceof UserDetails) {
-                UserDetails user = (UserDetails) principal;
-                ServiceManager.getSessionService().expireSessionsOfUser(user);
+        if (Objects.nonNull(authentication)) {
+            if (Objects.nonNull(authentication.getDetails())) {
+                Object principal = authentication.getPrincipal();
+                if (principal instanceof UserDetails) {
+                    UserDetails user = (UserDetails) principal;
+                    ServiceManager.getSessionService().expireSessionsOfUser(user);
+                } else {
+                    logger.warn(MessageFormat.format("Cannot expire session: {0} !instanceof UserDetails",
+                        Helper.getObjectDescription(principal)));
+                }
+            } else {
+                logger.warn("Cannot expire session: authentication.getDetails() is null");
             }
+        } else {
+            logger.warn("Cannot expire session: authentication is null");
         }
         redirectStrategy.sendRedirect(request, response, onSuccessUrl);
     }

diff --git a/Kitodo/src/main/java/org/kitodo/production/services/security/SessionService.java b/Kitodo/src/main/java/org/kitodo/production/services/security/SessionService.java
@@ -11,6 +11,7 @@
 
 package org.kitodo.production.services.security;
 
+import java.text.MessageFormat;
 import java.time.ZoneId;
 import java.util.ArrayList;
 import java.util.List;
@@ -19,6 +20,9 @@
 import javax.servlet.http.HttpSessionEvent;
 import javax.servlet.http.HttpSessionListener;
 
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.kitodo.production.helper.Helper;
 import org.kitodo.production.metadata.MetadataLock;
 import org.kitodo.production.security.SecurityConfig;
 import org.kitodo.production.security.SecuritySession;
@@ -30,6 +34,7 @@
 
 public class SessionService implements HttpSessionListener {
 
+    private static final Logger logger = LogManager.getLogger(SessionService.class);
     private static volatile SessionService instance = null;
     private final SessionRegistry sessionRegistry;
 
@@ -52,7 +57,13 @@ public void sessionDestroyed(HttpSessionEvent se) {
             Object principal = securityContext.getAuthentication().getPrincipal();
             if (principal instanceof SecurityUserDetails) {
                 expireSessionsOfUser((SecurityUserDetails) principal);
+            } else {
+                logger.warn(MessageFormat.format("Cannot expire session: {0} !instanceof SecurityUserDetails",
+                    Helper.getObjectDescription(principal)));
             }
+        } else {
+            logger.warn(MessageFormat.format("Cannot expire session: {0} !instanceof SecurityContextImpl",
+                Helper.getObjectDescription(securityContextObject)));
         }
     }