Search in sources :

Example 6 with HttpSessionEvent

use of jakarta.servlet.http.HttpSessionEvent in project tomcat by apache.

the class StandardSession method expire.

/**
 * Perform the internal processing required to invalidate this session,
 * without triggering an exception if the session has already expired.
 *
 * @param notify Should we notify listeners about the demise of
 *  this session?
 */
public void expire(boolean notify) {
    // isValid is false
    if (!isValid) {
        return;
    }
    synchronized (this) {
        // entered as per bug 56339
        if (expiring || !isValid) {
            return;
        }
        if (manager == null) {
            return;
        }
        // Mark this session as "being expired"
        expiring = true;
        // Notify interested application event listeners
        // FIXME - Assumes we call listeners in reverse order
        Context context = manager.getContext();
        // listeners
        if (notify) {
            ClassLoader oldContextClassLoader = null;
            try {
                oldContextClassLoader = context.bind(Globals.IS_SECURITY_ENABLED, null);
                Object[] listeners = context.getApplicationLifecycleListeners();
                if (listeners != null && listeners.length > 0) {
                    HttpSessionEvent event = new HttpSessionEvent(getSession());
                    for (int i = 0; i < listeners.length; i++) {
                        int j = (listeners.length - 1) - i;
                        if (!(listeners[j] instanceof HttpSessionListener)) {
                            continue;
                        }
                        HttpSessionListener listener = (HttpSessionListener) listeners[j];
                        try {
                            context.fireContainerEvent("beforeSessionDestroyed", listener);
                            listener.sessionDestroyed(event);
                            context.fireContainerEvent("afterSessionDestroyed", listener);
                        } catch (Throwable t) {
                            ExceptionUtils.handleThrowable(t);
                            try {
                                context.fireContainerEvent("afterSessionDestroyed", listener);
                            } catch (Exception e) {
                            // Ignore
                            }
                            manager.getContext().getLogger().error(sm.getString("standardSession.sessionEvent"), t);
                        }
                    }
                }
            } finally {
                context.unbind(Globals.IS_SECURITY_ENABLED, oldContextClassLoader);
            }
        }
        if (activityCheck) {
            accessCount.set(0);
        }
        // Remove this session from our manager's active sessions
        manager.remove(this, true);
        // Notify interested session event listeners
        if (notify) {
            fireSessionEvent(Session.SESSION_DESTROYED_EVENT, null);
        }
        // Call the logout method
        if (principal instanceof TomcatPrincipal) {
            TomcatPrincipal gp = (TomcatPrincipal) principal;
            try {
                gp.logout();
            } catch (Exception e) {
                manager.getContext().getLogger().error(sm.getString("standardSession.logoutfail"), e);
            }
        }
        // We have completed expire of this session
        setValid(false);
        expiring = false;
        // Unbind any objects associated with this session
        String[] keys = keys();
        ClassLoader oldContextClassLoader = null;
        try {
            oldContextClassLoader = context.bind(Globals.IS_SECURITY_ENABLED, null);
            for (String key : keys) {
                removeAttributeInternal(key, notify);
            }
        } finally {
            context.unbind(Globals.IS_SECURITY_ENABLED, oldContextClassLoader);
        }
    }
}
Also used : Context(org.apache.catalina.Context) ServletContext(jakarta.servlet.ServletContext) HttpSessionListener(jakarta.servlet.http.HttpSessionListener) HttpSessionEvent(jakarta.servlet.http.HttpSessionEvent) IOException(java.io.IOException) NotSerializableException(java.io.NotSerializableException) ObjectStreamException(java.io.ObjectStreamException) WriteAbortedException(java.io.WriteAbortedException) TomcatPrincipal(org.apache.catalina.TomcatPrincipal)

Example 7 with HttpSessionEvent

use of jakarta.servlet.http.HttpSessionEvent in project spring-security by spring-projects.

the class HttpSessionEventPublisherTests method publishedEventIsReceivedbyListener.

/**
 * It's not that complicated so we'll just run it straight through here.
 */
@Test
public void publishedEventIsReceivedbyListener() {
    HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
    StaticWebApplicationContext context = new StaticWebApplicationContext();
    MockServletContext servletContext = new MockServletContext();
    servletContext.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, context);
    context.setServletContext(servletContext);
    context.registerSingleton("listener", MockApplicationListener.class, null);
    context.refresh();
    MockHttpSession session = new MockHttpSession(servletContext);
    MockApplicationListener listener = (MockApplicationListener) context.getBean("listener");
    HttpSessionEvent event = new HttpSessionEvent(session);
    publisher.sessionCreated(event);
    assertThat(listener.getCreatedEvent()).isNotNull();
    assertThat(listener.getDestroyedEvent()).isNull();
    assertThat(listener.getCreatedEvent().getSession()).isEqualTo(session);
    listener.setCreatedEvent(null);
    listener.setDestroyedEvent(null);
    publisher.sessionDestroyed(event);
    assertThat(listener.getDestroyedEvent()).isNotNull();
    assertThat(listener.getCreatedEvent()).isNull();
    assertThat(listener.getDestroyedEvent().getSession()).isEqualTo(session);
    publisher.sessionIdChanged(event, "oldSessionId");
    assertThat(listener.getSessionIdChangedEvent()).isNotNull();
    assertThat(listener.getSessionIdChangedEvent().getOldSessionId()).isEqualTo("oldSessionId");
    listener.setSessionIdChangedEvent(null);
}
Also used : HttpSessionEvent(jakarta.servlet.http.HttpSessionEvent) MockHttpSession(org.springframework.mock.web.MockHttpSession) StaticWebApplicationContext(org.springframework.web.context.support.StaticWebApplicationContext) MockServletContext(org.springframework.mock.web.MockServletContext) Test(org.junit.jupiter.api.Test)

Example 8 with HttpSessionEvent

use of jakarta.servlet.http.HttpSessionEvent in project spring-security by spring-projects.

the class HttpSessionEventPublisherTests method publishedEventIsReceivedbyListenerChildContext.

@Test
public void publishedEventIsReceivedbyListenerChildContext() {
    HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
    StaticWebApplicationContext context = new StaticWebApplicationContext();
    MockServletContext servletContext = new MockServletContext();
    servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", context);
    context.setServletContext(servletContext);
    context.registerSingleton("listener", MockApplicationListener.class, null);
    context.refresh();
    MockHttpSession session = new MockHttpSession(servletContext);
    MockApplicationListener listener = (MockApplicationListener) context.getBean("listener");
    HttpSessionEvent event = new HttpSessionEvent(session);
    publisher.sessionCreated(event);
    assertThat(listener.getCreatedEvent()).isNotNull();
    assertThat(listener.getDestroyedEvent()).isNull();
    assertThat(listener.getCreatedEvent().getSession()).isEqualTo(session);
    listener.setCreatedEvent(null);
    listener.setDestroyedEvent(null);
    publisher.sessionDestroyed(event);
    assertThat(listener.getDestroyedEvent()).isNotNull();
    assertThat(listener.getCreatedEvent()).isNull();
    assertThat(listener.getDestroyedEvent().getSession()).isEqualTo(session);
    publisher.sessionIdChanged(event, "oldSessionId");
    assertThat(listener.getSessionIdChangedEvent()).isNotNull();
    assertThat(listener.getSessionIdChangedEvent().getOldSessionId()).isEqualTo("oldSessionId");
    listener.setSessionIdChangedEvent(null);
}
Also used : HttpSessionEvent(jakarta.servlet.http.HttpSessionEvent) MockHttpSession(org.springframework.mock.web.MockHttpSession) StaticWebApplicationContext(org.springframework.web.context.support.StaticWebApplicationContext) MockServletContext(org.springframework.mock.web.MockServletContext) Test(org.junit.jupiter.api.Test)

Example 9 with HttpSessionEvent

use of jakarta.servlet.http.HttpSessionEvent in project spring-security by spring-projects.

the class HttpSessionEventPublisherTests method sessionDestroyedNullApplicationContext.

// SEC-2599
@Test
public void sessionDestroyedNullApplicationContext() {
    HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
    MockServletContext servletContext = new MockServletContext();
    MockHttpSession session = new MockHttpSession(servletContext);
    HttpSessionEvent event = new HttpSessionEvent(session);
    assertThatIllegalStateException().isThrownBy(() -> publisher.sessionDestroyed(event));
}
Also used : HttpSessionEvent(jakarta.servlet.http.HttpSessionEvent) MockHttpSession(org.springframework.mock.web.MockHttpSession) MockServletContext(org.springframework.mock.web.MockServletContext) Test(org.junit.jupiter.api.Test)

Aggregations

HttpSessionEvent (jakarta.servlet.http.HttpSessionEvent)9 Test (org.junit.jupiter.api.Test)5 MockHttpSession (org.springframework.mock.web.MockHttpSession)5 MockServletContext (org.springframework.mock.web.MockServletContext)5 ServletContext (jakarta.servlet.ServletContext)2 HttpSessionActivationListener (jakarta.servlet.http.HttpSessionActivationListener)2 HttpSessionListener (jakarta.servlet.http.HttpSessionListener)2 IOException (java.io.IOException)2 NotSerializableException (java.io.NotSerializableException)2 ObjectStreamException (java.io.ObjectStreamException)2 WriteAbortedException (java.io.WriteAbortedException)2 Context (org.apache.catalina.Context)2 StaticWebApplicationContext (org.springframework.web.context.support.StaticWebApplicationContext)2 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)1 TomcatPrincipal (org.apache.catalina.TomcatPrincipal)1