Example 41 with HttpSession
use of jakarta.servlet.http.HttpSession in project spring-framework by spring-projects.
the class HtmlUnitRequestBuilderTests method buildRequestSessionTrue.
@Test
public void buildRequestSessionTrue() throws Exception {
MockHttpServletRequest actualRequest = requestBuilder.buildRequest(servletContext);
HttpSession session = actualRequest.getSession(true);
assertThat(session).isNotNull();
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpSession(jakarta.servlet.http.HttpSession)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
Test(org.junit.jupiter.api.Test)
Example 42 with HttpSession
use of jakarta.servlet.http.HttpSession in project spring-framework by spring-projects.
the class HtmlUnitRequestBuilderTests method buildRequestSessionInvalidate.
@Test
public void buildRequestSessionInvalidate() throws Exception {
String sessionId = "session-id";
webRequest.setAdditionalHeader("Cookie", "JSESSIONID=" + sessionId);
MockHttpServletRequest actualRequest = requestBuilder.buildRequest(servletContext);
HttpSession sessionToRemove = actualRequest.getSession();
sessionToRemove.invalidate();
assertThat(sessions.containsKey(sessionToRemove.getId())).isFalse();
assertSingleSessionCookie("JSESSIONID=" + sessionToRemove.getId() + "; Expires=Thu, 01-Jan-1970 00:00:01 GMT; Path=/test; Domain=example.com");
webRequest.removeAdditionalHeader("Cookie");
requestBuilder = new HtmlUnitRequestBuilder(sessions, webClient, webRequest);
actualRequest = requestBuilder.buildRequest(servletContext);
assertThat(actualRequest.getSession().isNew()).isTrue();
assertThat(sessions.containsKey(sessionToRemove.getId())).isFalse();
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpSession(jakarta.servlet.http.HttpSession)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
Test(org.junit.jupiter.api.Test)
Example 43 with HttpSession
use of jakarta.servlet.http.HttpSession in project tomcat by apache.
the class Request method setUserPrincipal.
/**
* Set the Principal who has been authenticated for this Request. This
* value is also used to calculate the value to be returned by the
* <code>getRemoteUser()</code> method.
*
* @param principal The user Principal
*/
public void setUserPrincipal(final Principal principal) {
if (Globals.IS_SECURITY_ENABLED && principal != null) {
if (subject == null) {
final HttpSession session = getSession(false);
if (session == null) {
// Cache the subject in the request
subject = newSubject(principal);
} else {
// Cache the subject in the request and the session
subject = (Subject) session.getAttribute(Globals.SUBJECT_ATTR);
if (subject == null) {
subject = newSubject(principal);
session.setAttribute(Globals.SUBJECT_ATTR, subject);
} else {
subject.getPrincipals().add(principal);
}
}
} else {
subject.getPrincipals().add(principal);
}
}
userPrincipal = principal;
}
Also used :
HttpSession(jakarta.servlet.http.HttpSession)
Example 44 with HttpSession
use of jakarta.servlet.http.HttpSession in project tomcat by apache.
the class CrawlerSessionManagerValve method invoke.
@Override
public void invoke(Request request, Response response) throws IOException, ServletException {
boolean isBot = false;
String sessionId = null;
String clientIp = request.getRemoteAddr();
String clientIdentifier = getClientIdentifier(request.getHost(), request.getContext(), clientIp);
if (log.isDebugEnabled()) {
log.debug(request.hashCode() + ": ClientIdentifier=" + clientIdentifier + ", RequestedSessionId=" + request.getRequestedSessionId());
}
// If the incoming request has a valid session ID, no action is required
if (request.getSession(false) == null) {
// Is this a crawler - check the UA headers
Enumeration<String> uaHeaders = request.getHeaders("user-agent");
String uaHeader = null;
if (uaHeaders.hasMoreElements()) {
uaHeader = uaHeaders.nextElement();
}
// If more than one UA header - assume not a bot
if (uaHeader != null && !uaHeaders.hasMoreElements()) {
if (log.isDebugEnabled()) {
log.debug(request.hashCode() + ": UserAgent=" + uaHeader);
}
if (uaPattern.matcher(uaHeader).matches()) {
isBot = true;
if (log.isDebugEnabled()) {
log.debug(request.hashCode() + ": Bot found. UserAgent=" + uaHeader);
}
}
}
if (ipPattern != null && ipPattern.matcher(clientIp).matches()) {
isBot = true;
if (log.isDebugEnabled()) {
log.debug(request.hashCode() + ": Bot found. IP=" + clientIp);
}
}
// If this is a bot, is the session ID known?
if (isBot) {
sessionId = clientIdSessionId.get(clientIdentifier);
if (sessionId != null) {
request.setRequestedSessionId(sessionId);
if (log.isDebugEnabled()) {
log.debug(request.hashCode() + ": SessionID=" + sessionId);
}
}
}
}
getNext().invoke(request, response);
if (isBot) {
if (sessionId == null) {
// Has bot just created a session, if so make a note of it
HttpSession s = request.getSession(false);
if (s != null) {
clientIdSessionId.put(clientIdentifier, s.getId());
sessionIdClientId.put(s.getId(), clientIdentifier);
// #valueUnbound() will be called on session expiration
s.setAttribute(this.getClass().getName(), new CrawlerHttpSessionBindingListener(clientIdSessionId, clientIdentifier));
s.setMaxInactiveInterval(sessionInactiveInterval);
if (log.isDebugEnabled()) {
log.debug(request.hashCode() + ": New bot session. SessionID=" + s.getId());
}
}
} else {
if (log.isDebugEnabled()) {
log.debug(request.hashCode() + ": Bot session accessed. SessionID=" + sessionId);
}
}
}
}
Also used :
HttpSession(jakarta.servlet.http.HttpSession)
Example 45 with HttpSession
use of jakarta.servlet.http.HttpSession in project tomcat by apache.
the class TestCrawlerSessionManagerValve method createSessionExpectations.
private HttpSession createSessionExpectations(CrawlerSessionManagerValve valve, boolean isBot) {
HttpSession session = EasyMock.createMock(HttpSession.class);
if (isBot) {
EasyMock.expect(session.getId()).andReturn("id").times(2);
session.setAttribute(EasyMock.eq(valve.getClass().getName()), EasyMock.anyObject(HttpSessionBindingListener.class));
EasyMock.expectLastCall();
session.setMaxInactiveInterval(60);
EasyMock.expectLastCall();
}
return session;
}
Also used :
HttpSession(jakarta.servlet.http.HttpSession)
HttpSessionBindingListener(jakarta.servlet.http.HttpSessionBindingListener)
Aggregations
HttpSession (jakarta.servlet.http.HttpSession)101
Test (org.junit.jupiter.api.Test)39
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)17
MvcResult (org.springframework.test.web.servlet.MvcResult)16
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)13
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)12
MockHttpSession (org.springframework.mock.web.MockHttpSession)12
Map (java.util.Map)11
MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)11
MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)9
SecurityContext (org.springframework.security.core.context.SecurityContext)7
PathPatternsParameterizedTest (org.springframework.web.servlet.handler.PathPatternsParameterizedTest)7
Authentication (org.springframework.security.core.Authentication)6
Cookie (jakarta.servlet.http.Cookie)5
Request (org.apache.catalina.connector.Request)5
OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)5
SessionFixationProtectionStrategy (org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy)5
IOException (java.io.IOException)4
PrintWriter (java.io.PrintWriter)4
Response (org.apache.catalina.connector.Response)4
