Example 46 with HttpSession
use of jakarta.servlet.http.HttpSession in project tomcat by apache.
the class TestCrawlerSessionManagerValve method createRequestExpectations.
private Request createRequestExpectations(String ip, HttpSession session, boolean isBot, String hostname, String contextPath, String userAgent) {
Request request = EasyMock.createMock(Request.class);
EasyMock.expect(request.getRemoteAddr()).andReturn(ip);
EasyMock.expect(request.getHost()).andReturn(simpleHostWithName(hostname));
EasyMock.expect(request.getContext()).andReturn(simpleContextWithName(contextPath));
IExpectationSetters<HttpSession> setter = EasyMock.expect(request.getSession(false)).andReturn(null);
if (isBot) {
setter.andReturn(session);
}
EasyMock.expect(request.getHeaders("user-agent")).andAnswer(() -> Collections.enumeration(Arrays.asList(userAgent)));
return request;
}
Also used :
HttpSession(jakarta.servlet.http.HttpSession)
Request(org.apache.catalina.connector.Request)
Example 47 with HttpSession
use of jakarta.servlet.http.HttpSession in project tomcat by apache.
the class HTMLManagerServlet method invalidateSessions.
/**
* Invalidate specified sessions.
*
* @param cn Name of the application for which sessions are to be
* invalidated
* @param sessionIds the session ids of the sessions
* @param smClient StringManager for the client's locale
* @return number of invalidated sessions
*/
protected int invalidateSessions(ContextName cn, String[] sessionIds, StringManager smClient) {
if (null == sessionIds) {
return 0;
}
int nbAffectedSessions = 0;
for (String sessionId : sessionIds) {
HttpSession session = getSessionForNameAndId(cn, sessionId, smClient).getSession();
if (null == session) {
// Shouldn't happen, but let's play nice...
if (debug >= 1) {
log("Cannot invalidate null session " + sessionId);
}
continue;
}
try {
session.invalidate();
++nbAffectedSessions;
if (debug >= 1) {
log("Invalidating session id " + sessionId);
}
} catch (IllegalStateException ise) {
if (debug >= 1) {
log("Cannot invalidate already invalidated session id " + sessionId);
}
}
}
return nbAffectedSessions;
}
Also used :
HttpSession(jakarta.servlet.http.HttpSession)
Example 48 with HttpSession
use of jakarta.servlet.http.HttpSession in project tomcat by apache.
the class HTMLManagerServlet method removeSessionAttribute.
/**
* Removes an attribute from an HttpSession
* @param cn Name of the application hosting the session from which the
* attribute is to be removed
* @param sessionId the session id
* @param attributeName the attribute name
* @param smClient StringManager for the client's locale
* @return true if there was an attribute removed, false otherwise
*/
protected boolean removeSessionAttribute(ContextName cn, String sessionId, String attributeName, StringManager smClient) {
HttpSession session = getSessionForNameAndId(cn, sessionId, smClient).getSession();
if (null == session) {
// Shouldn't happen, but let's play nice...
if (debug >= 1) {
log("Cannot remove attribute '" + attributeName + "' for null session " + sessionId);
}
return false;
}
boolean wasPresent = (null != session.getAttribute(attributeName));
try {
session.removeAttribute(attributeName);
} catch (IllegalStateException ise) {
if (debug >= 1) {
log("Cannot remote attribute '" + attributeName + "' for invalidated session id " + sessionId);
}
}
return wasPresent;
}
Also used :
HttpSession(jakarta.servlet.http.HttpSession)
Example 49 with HttpSession
use of jakarta.servlet.http.HttpSession in project tomcat by apache.
the class SecurityUtil method execute.
/**
* Perform work as a particular <code>Subject</code>. Here the work
* will be granted to a <code>null</code> subject.
*
* @param method the method to apply the security restriction
* @param targetObject the <code>Servlet</code> on which the method will
* be called.
* @param targetArguments <code>Object</code> array contains the
* runtime parameters instance.
* @param principal the <code>Principal</code> to which the security
* privilege applies
* @throws Exception an execution error occurred
*/
private static void execute(final Method method, final Object targetObject, final Object[] targetArguments, Principal principal) throws Exception {
try {
Subject subject = null;
PrivilegedExceptionAction<Void> pea = () -> {
method.invoke(targetObject, targetArguments);
return null;
};
// The first argument is always the request object
if (targetArguments != null && targetArguments[0] instanceof HttpServletRequest) {
HttpServletRequest request = (HttpServletRequest) targetArguments[0];
boolean hasSubject = false;
HttpSession session = request.getSession(false);
if (session != null) {
subject = (Subject) session.getAttribute(Globals.SUBJECT_ATTR);
hasSubject = (subject != null);
}
if (subject == null) {
subject = new Subject();
if (principal != null) {
subject.getPrincipals().add(principal);
}
}
if (session != null && !hasSubject) {
session.setAttribute(Globals.SUBJECT_ATTR, subject);
}
}
Subject.doAsPrivileged(subject, pea, null);
} catch (PrivilegedActionException pe) {
Throwable e;
if (pe.getException() instanceof InvocationTargetException) {
e = pe.getException().getCause();
ExceptionUtils.handleThrowable(e);
} else {
e = pe;
}
if (log.isDebugEnabled()) {
log.debug(sm.getString("SecurityUtil.doAsPrivilege"), e);
}
if (e instanceof UnavailableException) {
throw (UnavailableException) e;
} else if (e instanceof ServletException) {
throw (ServletException) e;
} else if (e instanceof IOException) {
throw (IOException) e;
} else if (e instanceof RuntimeException) {
throw (RuntimeException) e;
} else {
throw new ServletException(e.getMessage(), e);
}
}
}
Also used :
PrivilegedActionException(java.security.PrivilegedActionException)
HttpSession(jakarta.servlet.http.HttpSession)
UnavailableException(jakarta.servlet.UnavailableException)
IOException(java.io.IOException)
Subject(javax.security.auth.Subject)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
ServletException(jakarta.servlet.ServletException)
Example 50 with HttpSession
use of jakarta.servlet.http.HttpSession in project atmosphere by Atmosphere.
the class SessionSupport method sessionDestroyed.
@Override
public void sessionDestroyed(HttpSessionEvent se) {
logger.trace("Session destroyed");
try {
HttpSession s = se.getSession();
BroadcasterFactory f = Universe.broadcasterFactory();
if (f != null) {
for (Broadcaster b : f.lookupAll()) {
for (AtmosphereResource r : b.getAtmosphereResources()) {
if (r.session(false) != null && r.session().getId().equals(s.getId())) {
AtmosphereResourceImpl.class.cast(r).session(null);
}
}
}
}
} catch (Throwable t) {
logger.warn("", t);
}
}
Also used :
HttpSession(jakarta.servlet.http.HttpSession)
Aggregations
HttpSession (jakarta.servlet.http.HttpSession)101
Test (org.junit.jupiter.api.Test)39
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)17
MvcResult (org.springframework.test.web.servlet.MvcResult)16
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)13
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)12
MockHttpSession (org.springframework.mock.web.MockHttpSession)12
Map (java.util.Map)11
MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)11
MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)9
SecurityContext (org.springframework.security.core.context.SecurityContext)7
PathPatternsParameterizedTest (org.springframework.web.servlet.handler.PathPatternsParameterizedTest)7
Authentication (org.springframework.security.core.Authentication)6
Cookie (jakarta.servlet.http.Cookie)5
Request (org.apache.catalina.connector.Request)5
OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)5
SessionFixationProtectionStrategy (org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy)5
IOException (java.io.IOException)4
PrintWriter (java.io.PrintWriter)4
Response (org.apache.catalina.connector.Response)4
