use of jakarta.servlet.http.HttpSessionEvent in project tomcat by apache.
the class StandardSession method expire.
/**
* Perform the internal processing required to invalidate this session,
* without triggering an exception if the session has already expired.
*
* @param notify Should we notify listeners about the demise of
* this session?
*/
public void expire(boolean notify) {
// isValid is false
if (!isValid) {
return;
}
synchronized (this) {
// entered as per bug 56339
if (expiring || !isValid) {
return;
}
if (manager == null) {
return;
}
// Mark this session as "being expired"
expiring = true;
// Notify interested application event listeners
// FIXME - Assumes we call listeners in reverse order
Context context = manager.getContext();
// listeners
if (notify) {
ClassLoader oldContextClassLoader = null;
try {
oldContextClassLoader = context.bind(Globals.IS_SECURITY_ENABLED, null);
Object[] listeners = context.getApplicationLifecycleListeners();
if (listeners != null && listeners.length > 0) {
HttpSessionEvent event = new HttpSessionEvent(getSession());
for (int i = 0; i < listeners.length; i++) {
int j = (listeners.length - 1) - i;
if (!(listeners[j] instanceof HttpSessionListener)) {
continue;
}
HttpSessionListener listener = (HttpSessionListener) listeners[j];
try {
context.fireContainerEvent("beforeSessionDestroyed", listener);
listener.sessionDestroyed(event);
context.fireContainerEvent("afterSessionDestroyed", listener);
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
try {
context.fireContainerEvent("afterSessionDestroyed", listener);
} catch (Exception e) {
// Ignore
}
manager.getContext().getLogger().error(sm.getString("standardSession.sessionEvent"), t);
}
}
}
} finally {
context.unbind(Globals.IS_SECURITY_ENABLED, oldContextClassLoader);
}
}
if (activityCheck) {
accessCount.set(0);
}
// Remove this session from our manager's active sessions
manager.remove(this, true);
// Notify interested session event listeners
if (notify) {
fireSessionEvent(Session.SESSION_DESTROYED_EVENT, null);
}
// Call the logout method
if (principal instanceof TomcatPrincipal) {
TomcatPrincipal gp = (TomcatPrincipal) principal;
try {
gp.logout();
} catch (Exception e) {
manager.getContext().getLogger().error(sm.getString("standardSession.logoutfail"), e);
}
}
// We have completed expire of this session
setValid(false);
expiring = false;
// Unbind any objects associated with this session
String[] keys = keys();
ClassLoader oldContextClassLoader = null;
try {
oldContextClassLoader = context.bind(Globals.IS_SECURITY_ENABLED, null);
for (String key : keys) {
removeAttributeInternal(key, notify);
}
} finally {
context.unbind(Globals.IS_SECURITY_ENABLED, oldContextClassLoader);
}
}
}
use of jakarta.servlet.http.HttpSessionEvent in project spring-security by spring-projects.
the class HttpSessionEventPublisherTests method publishedEventIsReceivedbyListener.
/**
* It's not that complicated so we'll just run it straight through here.
*/
@Test
public void publishedEventIsReceivedbyListener() {
HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
StaticWebApplicationContext context = new StaticWebApplicationContext();
MockServletContext servletContext = new MockServletContext();
servletContext.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, context);
context.setServletContext(servletContext);
context.registerSingleton("listener", MockApplicationListener.class, null);
context.refresh();
MockHttpSession session = new MockHttpSession(servletContext);
MockApplicationListener listener = (MockApplicationListener) context.getBean("listener");
HttpSessionEvent event = new HttpSessionEvent(session);
publisher.sessionCreated(event);
assertThat(listener.getCreatedEvent()).isNotNull();
assertThat(listener.getDestroyedEvent()).isNull();
assertThat(listener.getCreatedEvent().getSession()).isEqualTo(session);
listener.setCreatedEvent(null);
listener.setDestroyedEvent(null);
publisher.sessionDestroyed(event);
assertThat(listener.getDestroyedEvent()).isNotNull();
assertThat(listener.getCreatedEvent()).isNull();
assertThat(listener.getDestroyedEvent().getSession()).isEqualTo(session);
publisher.sessionIdChanged(event, "oldSessionId");
assertThat(listener.getSessionIdChangedEvent()).isNotNull();
assertThat(listener.getSessionIdChangedEvent().getOldSessionId()).isEqualTo("oldSessionId");
listener.setSessionIdChangedEvent(null);
}
use of jakarta.servlet.http.HttpSessionEvent in project spring-security by spring-projects.
the class HttpSessionEventPublisherTests method publishedEventIsReceivedbyListenerChildContext.
@Test
public void publishedEventIsReceivedbyListenerChildContext() {
HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
StaticWebApplicationContext context = new StaticWebApplicationContext();
MockServletContext servletContext = new MockServletContext();
servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", context);
context.setServletContext(servletContext);
context.registerSingleton("listener", MockApplicationListener.class, null);
context.refresh();
MockHttpSession session = new MockHttpSession(servletContext);
MockApplicationListener listener = (MockApplicationListener) context.getBean("listener");
HttpSessionEvent event = new HttpSessionEvent(session);
publisher.sessionCreated(event);
assertThat(listener.getCreatedEvent()).isNotNull();
assertThat(listener.getDestroyedEvent()).isNull();
assertThat(listener.getCreatedEvent().getSession()).isEqualTo(session);
listener.setCreatedEvent(null);
listener.setDestroyedEvent(null);
publisher.sessionDestroyed(event);
assertThat(listener.getDestroyedEvent()).isNotNull();
assertThat(listener.getCreatedEvent()).isNull();
assertThat(listener.getDestroyedEvent().getSession()).isEqualTo(session);
publisher.sessionIdChanged(event, "oldSessionId");
assertThat(listener.getSessionIdChangedEvent()).isNotNull();
assertThat(listener.getSessionIdChangedEvent().getOldSessionId()).isEqualTo("oldSessionId");
listener.setSessionIdChangedEvent(null);
}
use of jakarta.servlet.http.HttpSessionEvent in project spring-security by spring-projects.
the class HttpSessionEventPublisherTests method sessionDestroyedNullApplicationContext.
// SEC-2599
@Test
public void sessionDestroyedNullApplicationContext() {
HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
MockServletContext servletContext = new MockServletContext();
MockHttpSession session = new MockHttpSession(servletContext);
HttpSessionEvent event = new HttpSessionEvent(session);
assertThatIllegalStateException().isThrownBy(() -> publisher.sessionDestroyed(event));
}
Aggregations