[Major] Refactored SessionHandler by moving to module agent

web-rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java → agent/src/main/java/li/strolch/runtime/sessions/DefaultStrolchSessionHandler.java

@@ -13,15 +13,14 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package li.strolch.rest;
+package li.strolch.runtime.sessions;
 
 import static java.util.function.Function.identity;
 import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_GET_SESSION;
 import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_INVALIDATE_SESSION;
 
 import java.text.MessageFormat;
 import java.time.ZonedDateTime;
-import java.time.temporal.ChronoUnit;
 import java.util.*;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.Future;
@@ -38,7 +37,6 @@
 import li.strolch.privilege.model.PrivilegeContext;
 import li.strolch.privilege.model.SimpleRestrictable;
 import li.strolch.privilege.model.Usage;
-import li.strolch.rest.model.UserSession;
 import li.strolch.runtime.configuration.ComponentConfiguration;
 import li.strolch.runtime.privilege.PrivilegeHandler;
 import li.strolch.utils.dbc.DBC;
@@ -321,8 +319,8 @@ public Certificate validateChallenge(String username, String challenge, String s
 	}
 
 	private void checkSessionsForTimeout() {
-		ZonedDateTime maxKeepAliveTime = ZonedDateTime.now().minus(this.maxKeepAliveMinutes, ChronoUnit.MINUTES);
-		ZonedDateTime timeOutTime = ZonedDateTime.now().minus(this.sessionTtlMinutes, ChronoUnit.MINUTES);
+		ZonedDateTime maxKeepAliveTime = ZonedDateTime.now().minusMinutes(this.maxKeepAliveMinutes);
+		ZonedDateTime timeOutTime = ZonedDateTime.now().minusMinutes(this.sessionTtlMinutes);
 
 		Map<String, Certificate> certificateMap = getCertificateMapCopy();
 		for (Certificate certificate : certificateMap.values()) {

web-rest/src/main/java/li/strolch/rest/StrolchSessionHandler.java → agent/src/main/java/li/strolch/runtime/sessions/StrolchSessionHandler.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package li.strolch.rest;
+package li.strolch.runtime.sessions;
 
 import java.util.List;
 import java.util.Locale;
@@ -24,7 +24,6 @@
 import li.strolch.privilege.model.Certificate;
 import li.strolch.privilege.model.PrivilegeContext;
 import li.strolch.privilege.model.Usage;
-import li.strolch.rest.model.UserSession;
 
 /**
  * The {@link StrolchSessionHandler} implements session management. It authenticates, validates and invalidates session

web-rest/src/main/java/li/strolch/rest/model/UserSession.java → agent/src/main/java/li/strolch/runtime/sessions/UserSession.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package li.strolch.rest.model;
+package li.strolch.runtime.sessions;
 
 import java.time.ZonedDateTime;
 import java.util.Locale;

service/src/main/java/li/strolch/service/privilege/users/PrivilegeRemoveUserCommand.java

@@ -7,6 +7,7 @@
 import li.strolch.model.audit.Audit;
 import li.strolch.persistence.api.StrolchTransaction;
 import li.strolch.privilege.handler.PrivilegeHandler;
+import li.strolch.runtime.sessions.StrolchSessionHandler;
 import li.strolch.service.api.Command;
 import li.strolch.utils.dbc.DBC;
 
@@ -37,6 +38,8 @@ public void doCommand() {
 		if (privilegeHandler.isPersistOnUserDataChanged())
 			privilegeHandler.persist(tx().getCertificate());
 
+		getComponent(StrolchSessionHandler.class).invalidate(tx().getCertificate());
+
 		Audit audit = tx().auditFrom(AccessType.DELETE, PRIVILEGE, USER, this.username);
 		tx().getAuditTrail().add(tx(), audit);
 	}

web-rest/src/main/java/li/strolch/rest/RestfulStrolchComponent.java

@@ -25,6 +25,7 @@
 import li.strolch.rest.filters.HttpCacheResponseFilter;
 import li.strolch.runtime.configuration.ComponentConfiguration;
 import li.strolch.runtime.privilege.PrivilegeHandler;
+import li.strolch.runtime.sessions.StrolchSessionHandler;
 import li.strolch.service.api.ServiceHandler;
 import li.strolch.utils.dbc.DBC;
 

web-rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java

@@ -41,7 +41,7 @@
 import li.strolch.privilege.model.PrivilegeContext;
 import li.strolch.privilege.model.Usage;
 import li.strolch.rest.RestfulStrolchComponent;
-import li.strolch.rest.StrolchSessionHandler;
+import li.strolch.runtime.sessions.StrolchSessionHandler;
 import li.strolch.rest.helper.ResponseUtil;
 import li.strolch.runtime.privilege.PrivilegeHandler;
 import li.strolch.utils.helper.ExceptionHelper;

web-rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java

@@ -33,7 +33,7 @@
 import li.strolch.privilege.model.UserState;
 import li.strolch.rest.RestfulStrolchComponent;
 import li.strolch.rest.StrolchRestfulConstants;
-import li.strolch.rest.StrolchSessionHandler;
+import li.strolch.runtime.sessions.StrolchSessionHandler;
 import li.strolch.rest.model.QueryData;
 import li.strolch.search.SearchResult;
 import li.strolch.search.ValueSearch;

web-rest/src/main/java/li/strolch/rest/endpoint/UserSessionsService.java

@@ -37,10 +37,10 @@
 import li.strolch.privilege.model.Certificate;
 import li.strolch.rest.RestfulStrolchComponent;
 import li.strolch.rest.StrolchRestfulConstants;
-import li.strolch.rest.StrolchSessionHandler;
+import li.strolch.runtime.sessions.StrolchSessionHandler;
 import li.strolch.rest.helper.ResponseUtil;
 import li.strolch.rest.model.QueryData;
-import li.strolch.rest.model.UserSession;
+import li.strolch.runtime.sessions.UserSession;
 import li.strolch.search.SearchResult;
 import li.strolch.search.ValueSearch;
 import org.slf4j.Logger;

web-rest/src/main/java/li/strolch/rest/filters/AuthenticationRequestFilter.java

@@ -15,34 +15,32 @@
  */
 package li.strolch.rest.filters;
 
-import static li.strolch.rest.StrolchRestfulConstants.*;
-import static li.strolch.utils.helper.StringHelper.*;
-
 import jakarta.annotation.Priority;
 import jakarta.servlet.http.HttpServletRequest;
-
 import jakarta.ws.rs.Priorities;
 import jakarta.ws.rs.container.ContainerRequestContext;
 import jakarta.ws.rs.container.ContainerRequestFilter;
 import jakarta.ws.rs.core.*;
 import jakarta.ws.rs.ext.Provider;
-
-import java.nio.charset.StandardCharsets;
-import java.util.Base64;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
 import li.strolch.exception.StrolchAccessDeniedException;
 import li.strolch.exception.StrolchNotAuthenticatedException;
 import li.strolch.privilege.model.Certificate;
 import li.strolch.privilege.model.Usage;
 import li.strolch.rest.RestfulStrolchComponent;
 import li.strolch.rest.StrolchRestfulConstants;
-import li.strolch.rest.StrolchSessionHandler;
+import li.strolch.runtime.sessions.StrolchSessionHandler;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import static li.strolch.rest.StrolchRestfulConstants.*;
+import static li.strolch.utils.helper.StringHelper.*;
+
 /**
  * This authentication request filter secures any requests to a Strolch server, by verifying that the request contains
  * either the cookie {@link StrolchRestfulConstants#STROLCH_AUTHORIZATION} containing the authorization token, or the
@@ -212,7 +210,7 @@ protected Certificate validateCookie(ContainerRequestContext requestContext, Str
 			logger.error(
 					"No Authorization header or cookie on request to URL " + requestContext.getUriInfo().getPath());
 			requestContext.abortWith(
-					Response.status(Response.Status.FORBIDDEN).header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
+					Response.status(Response.Status.UNAUTHORIZED).header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
 							.entity("Missing Authorization!").build());
 			return null;
 		}

web-rest/src/test/resources/withPrivilegeRuntime/config/StrolchConfiguration.xml

@@ -39,8 +39,8 @@
 		</Component>
 		<Component>
 			<name>SessionHandler</name>
-			<api>li.strolch.rest.StrolchSessionHandler</api>
-			<impl>li.strolch.rest.DefaultStrolchSessionHandler</impl>
+			<api>li.strolch.runtime.sessions.StrolchSessionHandler</api>
+			<impl>li.strolch.runtime.sessions.DefaultStrolchSessionHandler</impl>
 			<Properties>
 				<session.ttl.minutes>1</session.ttl.minutes>
 			</Properties>

websocket/src/main/java/li/strolch/websocket/WebSocketClient.java

@@ -23,7 +23,7 @@
 import li.strolch.exception.StrolchNotAuthenticatedException;
 import li.strolch.model.Tags;
 import li.strolch.privilege.model.Certificate;
-import li.strolch.rest.StrolchSessionHandler;
+import li.strolch.runtime.sessions.StrolchSessionHandler;
 import li.strolch.utils.helper.ExceptionHelper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;