Example 16 with SessionManager
use of io.undertow.server.session.SessionManager in project undertow by undertow-io.
the class InMemorySessionTestCase method inMemorySessionTimeoutExpirationTest.
// https://issues.redhat.com/browse/UNDERTOW-1419
@Test
public void inMemorySessionTimeoutExpirationTest() throws IOException, InterruptedException {
final int maxInactiveIntervalInSeconds = 1;
final int accessorThreadSleepInMilliseconds = 200;
TestHttpClient client = new TestHttpClient();
client.setCookieStore(new BasicCookieStore());
try {
final SessionCookieConfig sessionConfig = new SessionCookieConfig();
final SessionAttachmentHandler handler = new SessionAttachmentHandler(new InMemorySessionManager(""), sessionConfig);
handler.setNext(new HttpHandler() {
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
final SessionManager manager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
Session session = manager.getSession(exchange, sessionConfig);
if (session == null) {
// set 1 second timeout for this session expiration
manager.setDefaultSessionTimeout(maxInactiveIntervalInSeconds);
session = manager.createSession(exchange, sessionConfig);
session.setAttribute(COUNT, 0);
// let's call getAttribute() some times to be sure that the session timeout is no longer bumped
// by the method invocation
Runnable r = new Runnable() {
public void run() {
Session innerThreadSession = manager.getSession(exchange, sessionConfig);
int iterations = ((maxInactiveIntervalInSeconds * 1000) / accessorThreadSleepInMilliseconds);
for (int i = 0; i <= iterations; i++) {
try {
Thread.sleep(accessorThreadSleepInMilliseconds);
} catch (InterruptedException e) {
System.out.println(String.format("Unexpected error during Thread.sleep(): %s", e.getMessage()));
}
if (innerThreadSession != null) {
try {
System.out.println(String.format("Session is still valid. Attribute is: %s", innerThreadSession.getAttribute(COUNT).toString()));
if (i == iterations) {
System.out.println("Session should not still be valid!");
}
} catch (IllegalStateException e) {
if ((e instanceof IllegalStateException) && e.getMessage().startsWith("UT000010")) {
System.out.println(String.format("This is expected as session is not valid anymore: %s", e.getMessage()));
} else {
System.out.println(String.format("Unexpected exception while calling session.getAttribute(): %s", e.getMessage()));
}
}
}
}
}
};
Thread thread = new Thread(r);
thread.start();
}
// here the server is accessing one session attribute, so we're sure that the bumped timeout
// issue is being replicated and we can test for regression
Integer count = (Integer) session.getAttribute(COUNT);
exchange.getResponseHeaders().add(new HttpString(COUNT), count.toString());
session.setAttribute(COUNT, ++count);
}
});
DefaultServer.setRootHandler(handler);
HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL() + "/notamatchingpath");
HttpResponse result = client.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
HttpClientUtils.readResponse(result);
Header[] header = result.getHeaders(COUNT);
Assert.assertEquals("0", header[0].getValue());
Thread.sleep(2 * 1000L);
// after 2 seconds from the last call, the session expiration timeout hasn't been bumped anymore,
// so now "COUNT" should be still set to 0 (zero)
get = new HttpGet(DefaultServer.getDefaultServerURL() + "/notamatchingpath");
result = client.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
HttpClientUtils.readResponse(result);
header = result.getHeaders(COUNT);
Assert.assertEquals("0", header[0].getValue());
} finally {
client.getConnectionManager().shutdown();
}
}
Also used :
HttpHandler(io.undertow.server.HttpHandler)
SessionManager(io.undertow.server.session.SessionManager)
InMemorySessionManager(io.undertow.server.session.InMemorySessionManager)
HttpGet(org.apache.http.client.methods.HttpGet)
HttpResponse(org.apache.http.HttpResponse)
IOException(java.io.IOException)
TestHttpClient(io.undertow.testutils.TestHttpClient)
HttpServerExchange(io.undertow.server.HttpServerExchange)
SessionAttachmentHandler(io.undertow.server.session.SessionAttachmentHandler)
BasicCookieStore(org.apache.http.impl.client.BasicCookieStore)
Header(org.apache.http.Header)
SessionCookieConfig(io.undertow.server.session.SessionCookieConfig)
InMemorySessionManager(io.undertow.server.session.InMemorySessionManager)
Session(io.undertow.server.session.Session)
HttpString(io.undertow.util.HttpString)
Test(org.junit.Test)
Example 17 with SessionManager
use of io.undertow.server.session.SessionManager in project undertow by undertow-io.
the class InMemorySessionTestCase method inMemoryMaxSessionsTest.
@Test
public void inMemoryMaxSessionsTest() throws IOException {
TestHttpClient client1 = new TestHttpClient();
client1.setCookieStore(new BasicCookieStore());
TestHttpClient client2 = new TestHttpClient();
client2.setCookieStore(new BasicCookieStore());
try {
final SessionCookieConfig sessionConfig = new SessionCookieConfig();
final SessionAttachmentHandler handler = new SessionAttachmentHandler(new InMemorySessionManager("", 1, true), sessionConfig);
handler.setNext(new HttpHandler() {
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
final SessionManager manager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
Session session = manager.getSession(exchange, sessionConfig);
if (session == null) {
session = manager.createSession(exchange, sessionConfig);
session.setAttribute(COUNT, 0);
}
Integer count = (Integer) session.getAttribute(COUNT);
exchange.getResponseHeaders().add(new HttpString(COUNT), count.toString());
session.setAttribute(COUNT, ++count);
}
});
DefaultServer.setRootHandler(handler);
HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL() + "/notamatchingpath");
HttpResponse result = client1.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
HttpClientUtils.readResponse(result);
Header[] header = result.getHeaders(COUNT);
Assert.assertEquals("0", header[0].getValue());
get = new HttpGet(DefaultServer.getDefaultServerURL() + "/notamatchingpath");
result = client1.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
HttpClientUtils.readResponse(result);
header = result.getHeaders(COUNT);
Assert.assertEquals("1", header[0].getValue());
get = new HttpGet(DefaultServer.getDefaultServerURL() + "/notamatchingpath");
result = client2.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
HttpClientUtils.readResponse(result);
header = result.getHeaders(COUNT);
Assert.assertEquals("0", header[0].getValue());
get = new HttpGet(DefaultServer.getDefaultServerURL() + "/notamatchingpath");
result = client1.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
HttpClientUtils.readResponse(result);
header = result.getHeaders(COUNT);
Assert.assertEquals("0", header[0].getValue());
} finally {
client1.getConnectionManager().shutdown();
client2.getConnectionManager().shutdown();
}
}
Also used :
HttpHandler(io.undertow.server.HttpHandler)
SessionManager(io.undertow.server.session.SessionManager)
InMemorySessionManager(io.undertow.server.session.InMemorySessionManager)
HttpGet(org.apache.http.client.methods.HttpGet)
HttpResponse(org.apache.http.HttpResponse)
IOException(java.io.IOException)
TestHttpClient(io.undertow.testutils.TestHttpClient)
HttpServerExchange(io.undertow.server.HttpServerExchange)
SessionAttachmentHandler(io.undertow.server.session.SessionAttachmentHandler)
BasicCookieStore(org.apache.http.impl.client.BasicCookieStore)
Header(org.apache.http.Header)
SessionCookieConfig(io.undertow.server.session.SessionCookieConfig)
InMemorySessionManager(io.undertow.server.session.InMemorySessionManager)
Session(io.undertow.server.session.Session)
HttpString(io.undertow.util.HttpString)
Test(org.junit.Test)
Example 18 with SessionManager
use of io.undertow.server.session.SessionManager in project undertow by undertow-io.
the class ServletContextImpl method getSession.
public HttpSessionImpl getSession(final ServletContextImpl originalServletContext, final HttpServerExchange exchange, boolean create) {
SessionConfig c = originalServletContext.getSessionConfig();
HttpSessionImpl httpSession = exchange.getAttachment(sessionAttachmentKey);
if (httpSession != null && httpSession.isInvalid()) {
exchange.removeAttachment(sessionAttachmentKey);
httpSession = null;
}
if (httpSession == null) {
final SessionManager sessionManager = deployment.getSessionManager();
Session session = sessionManager.getSession(exchange, c);
if (session != null) {
httpSession = SecurityActions.forSession(session, this, false);
exchange.putAttachment(sessionAttachmentKey, httpSession);
} else if (create) {
String existing = c.findSessionId(exchange);
Boolean isRequestedSessionIdSaved = exchange.getAttachment(HttpServletRequestImpl.REQUESTED_SESSION_ID_SET);
if (isRequestedSessionIdSaved == null || !isRequestedSessionIdSaved) {
exchange.putAttachment(HttpServletRequestImpl.REQUESTED_SESSION_ID_SET, Boolean.TRUE);
exchange.putAttachment(HttpServletRequestImpl.REQUESTED_SESSION_ID, existing);
}
if (originalServletContext != this) {
// this is a cross context request
// we need to make sure there is a top level session
final HttpSessionImpl topLevel = originalServletContext.getSession(originalServletContext, exchange, true);
// override the session id to just return the same ID as the top level session
c = new SessionConfig() {
@Override
public void setSessionId(HttpServerExchange exchange, String sessionId) {
// noop
}
@Override
public void clearSession(HttpServerExchange exchange, String sessionId) {
// noop
}
@Override
public String findSessionId(HttpServerExchange exchange) {
return topLevel.getId();
}
@Override
public SessionCookieSource sessionCookieSource(HttpServerExchange exchange) {
return SessionCookieSource.NONE;
}
@Override
public String rewriteUrl(String originalUrl, String sessionId) {
return null;
}
};
// first we check if there is a session with this id already
// this can happen with a shared session manager
session = sessionManager.getSession(exchange, c);
if (session != null) {
httpSession = SecurityActions.forSession(session, this, false);
exchange.putAttachment(sessionAttachmentKey, httpSession);
}
} else if (existing != null) {
if (getDeploymentInfo().isCheckOtherSessionManagers()) {
boolean found = false;
for (String deploymentName : deployment.getServletContainer().listDeployments()) {
DeploymentManager deployment = this.deployment.getServletContainer().getDeployment(deploymentName);
if (deployment != null) {
if (deployment.getDeployment().getSessionManager().getSession(existing) != null) {
found = true;
break;
}
}
}
if (!found) {
c.clearSession(exchange, existing);
}
} else {
c.clearSession(exchange, existing);
}
}
if (httpSession == null) {
final Session newSession = sessionManager.createSession(exchange, c);
httpSession = SecurityActions.forSession(newSession, this, true);
exchange.putAttachment(sessionAttachmentKey, httpSession);
}
}
}
return httpSession;
}
Also used :
HttpServerExchange(io.undertow.server.HttpServerExchange)
DeploymentManager(io.undertow.servlet.api.DeploymentManager)
SessionManager(io.undertow.server.session.SessionManager)
SslSessionConfig(io.undertow.server.session.SslSessionConfig)
PathParameterSessionConfig(io.undertow.server.session.PathParameterSessionConfig)
SessionConfig(io.undertow.server.session.SessionConfig)
Session(io.undertow.server.session.Session)
Example 19 with SessionManager
use of io.undertow.server.session.SessionManager in project undertow by undertow-io.
the class SSLSessionTestCase method testSslSession.
@Test
public void testSslSession() throws IOException {
TestHttpClient client = new TestHttpClient();
try {
InMemorySessionManager sessionManager = new InMemorySessionManager("");
final SslSessionConfig sessionConfig = new SslSessionConfig(sessionManager);
final SessionAttachmentHandler handler = new SessionAttachmentHandler(sessionManager, sessionConfig).setNext(new HttpHandler() {
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
final SessionManager manager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
Session session = manager.getSession(exchange, sessionConfig);
if (session == null) {
session = manager.createSession(exchange, sessionConfig);
session.setAttribute(COUNT, 0);
}
Integer count = (Integer) session.getAttribute(COUNT);
exchange.getResponseHeaders().add(new HttpString(COUNT), count.toString());
session.setAttribute(COUNT, ++count);
}
});
DefaultServer.startSSLServer();
client.setSSLContext(DefaultServer.getClientSSLContext());
DefaultServer.setRootHandler(handler);
HttpGet get = new HttpGet(DefaultServer.getDefaultServerSSLAddress() + "/notamatchingpath");
HttpResponse result = client.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
HttpClientUtils.readResponse(result);
Header[] header = result.getHeaders(COUNT);
Assert.assertEquals("0", header[0].getValue());
get = new HttpGet(DefaultServer.getDefaultServerSSLAddress() + "/notamatchingpath");
result = client.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
HttpClientUtils.readResponse(result);
header = result.getHeaders(COUNT);
Assert.assertEquals("1", header[0].getValue());
get = new HttpGet(DefaultServer.getDefaultServerSSLAddress() + "/notamatchingpath");
result = client.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
HttpClientUtils.readResponse(result);
header = result.getHeaders(COUNT);
Assert.assertEquals("2", header[0].getValue());
Assert.assertEquals(0, client.getCookieStore().getCookies().size());
} finally {
DefaultServer.stopSSLServer();
client.getConnectionManager().shutdown();
}
}
Also used :
HttpHandler(io.undertow.server.HttpHandler)
SessionManager(io.undertow.server.session.SessionManager)
InMemorySessionManager(io.undertow.server.session.InMemorySessionManager)
HttpGet(org.apache.http.client.methods.HttpGet)
HttpResponse(org.apache.http.HttpResponse)
IOException(java.io.IOException)
TestHttpClient(io.undertow.testutils.TestHttpClient)
HttpServerExchange(io.undertow.server.HttpServerExchange)
SessionAttachmentHandler(io.undertow.server.session.SessionAttachmentHandler)
SslSessionConfig(io.undertow.server.session.SslSessionConfig)
Header(org.apache.http.Header)
InMemorySessionManager(io.undertow.server.session.InMemorySessionManager)
Session(io.undertow.server.session.Session)
HttpString(io.undertow.util.HttpString)
Test(org.junit.Test)
Example 20 with SessionManager
use of io.undertow.server.session.SessionManager in project undertow by undertow-io.
the class CrossContextServletSharedSessionTestCase method createDeployment.
private static void createDeployment(final String name, final ServletContainer container, final PathHandler path, InMemorySessionManager sessionManager) throws ServletException {
ServletInfo s = new ServletInfo("servlet", SessionServlet.class).addMapping("/servlet");
ServletInfo forward = new ServletInfo("forward", ForwardServlet.class).addMapping("/forward");
ServletInfo include = new ServletInfo("include", IncludeServlet.class).addMapping("/include");
ServletInfo includeAdd = new ServletInfo("includeadd", IncludeAddServlet.class).addMapping("/includeadd");
ServletInfo forwardAdd = new ServletInfo("forwardadd", ForwardAddServlet.class).addMapping("/forwardadd");
ServletInfo accessTimeServlet = new ServletInfo("accesstimeservlet", LastAccessTimeSessionServlet.class).addMapping("/accesstimeservlet");
DeploymentInfo builder = new DeploymentInfo().setClassLoader(SimpleServletTestCase.class.getClassLoader()).setContextPath("/" + name).setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName(name + ".war").setSessionManagerFactory(new SessionManagerFactory() {
@Override
public SessionManager createSessionManager(Deployment deployment) {
return sessionManager;
}
}).setServletSessionConfig(new ServletSessionConfig().setPath("/")).addServlets(s, forward, include, forwardAdd, includeAdd, accessTimeServlet);
DeploymentManager manager = container.addDeployment(builder);
manager.deploy();
path.addPrefixPath(builder.getContextPath(), manager.start());
}
Also used :
DeploymentManager(io.undertow.servlet.api.DeploymentManager)
InMemorySessionManager(io.undertow.server.session.InMemorySessionManager)
SessionManager(io.undertow.server.session.SessionManager)
Deployment(io.undertow.servlet.api.Deployment)
ServletSessionConfig(io.undertow.servlet.api.ServletSessionConfig)
SimpleServletTestCase(io.undertow.servlet.test.SimpleServletTestCase)
ServletInfo(io.undertow.servlet.api.ServletInfo)
SessionManagerFactory(io.undertow.servlet.api.SessionManagerFactory)
DeploymentInfo(io.undertow.servlet.api.DeploymentInfo)
Aggregations
SessionManager (io.undertow.server.session.SessionManager)23
Session (io.undertow.server.session.Session)19
Test (org.junit.Test)9
HttpServerExchange (io.undertow.server.HttpServerExchange)8
AuthenticatedSession (io.undertow.security.api.AuthenticatedSessionManager.AuthenticatedSession)7
InMemorySessionManager (io.undertow.server.session.InMemorySessionManager)7
HttpHandler (io.undertow.server.HttpHandler)6
SessionAttachmentHandler (io.undertow.server.session.SessionAttachmentHandler)6
SessionConfig (io.undertow.server.session.SessionConfig)6
BatchContext (org.wildfly.clustering.ee.BatchContext)6
HttpString (io.undertow.util.HttpString)5
IOException (java.io.IOException)5
SessionCookieConfig (io.undertow.server.session.SessionCookieConfig)4
DeploymentManager (io.undertow.servlet.api.DeploymentManager)4
TestHttpClient (io.undertow.testutils.TestHttpClient)4
Header (org.apache.http.Header)4
HttpResponse (org.apache.http.HttpResponse)4
HttpGet (org.apache.http.client.methods.HttpGet)4
DeploymentInfo (io.undertow.servlet.api.DeploymentInfo)3
BasicCookieStore (org.apache.http.impl.client.BasicCookieStore)3
