Examples with ExpiredSessionException org.apache.shiro.session.ExpiredSessionException used on opensource projects

Example 1 with ExpiredSessionException

use of org.apache.shiro.session.ExpiredSessionException in project shiro by apache.

the class AbstractValidatingSessionManager method validateSessions.

/**
 * @see ValidatingSessionManager#validateSessions()
 */
public void validateSessions() {
    if (log.isInfoEnabled()) {
        log.info("Validating all active sessions...");
    }
    int invalidCount = 0;
    Collection<Session> activeSessions = getActiveSessions();
    if (activeSessions != null && !activeSessions.isEmpty()) {
        for (Session s : activeSessions) {
            try {
                // simulate a lookup key to satisfy the method signature.
                // this could probably stand to be cleaned up in future versions:
                SessionKey key = new DefaultSessionKey(s.getId());
                validate(s, key);
            } catch (InvalidSessionException e) {
                if (log.isDebugEnabled()) {
                    boolean expired = (e instanceof ExpiredSessionException);
                    String msg = "Invalidated session with id [" + s.getId() + "]" + (expired ? " (expired)" : " (stopped)");
                    log.debug(msg);
                }
                invalidCount++;
            }
        }
    }
    if (log.isInfoEnabled()) {
        String msg = "Finished session validation.";
        if (invalidCount > 0) {
            msg += "  [" + invalidCount + "] sessions were stopped.";
        } else {
            msg += "  No sessions were stopped.";
        }
        log.info(msg);
    }
}

Example 2 with ExpiredSessionException

use of org.apache.shiro.session.ExpiredSessionException in project shiro by apache.

the class DefaultSecurityManagerTest method testAutoCreateSessionAfterInvalidation.

/**
 * Test that validates functionality for issue
 * <a href="https://issues.apache.org/jira/browse/JSEC-46">JSEC-46</a>
 */
@Test
public void testAutoCreateSessionAfterInvalidation() {
    Subject subject = SecurityUtils.getSubject();
    Session session = subject.getSession();
    Serializable origSessionId = session.getId();
    String key = "foo";
    String value1 = "bar";
    session.setAttribute(key, value1);
    assertEquals(value1, session.getAttribute(key));
    // now test auto creation:
    session.setTimeout(50);
    try {
        Thread.sleep(150);
    } catch (InterruptedException e) {
    // ignored
    }
    try {
        session.setTimeout(AbstractValidatingSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT);
        fail("Session should have expired.");
    } catch (ExpiredSessionException expected) {
    }
}

Example 3 with ExpiredSessionException

use of org.apache.shiro.session.ExpiredSessionException in project shiro by apache.

the class DelegatingSessionTest method testTimeout.

@Test
public void testTimeout() {
    Serializable origId = session.getId();
    assertEquals(session.getTimeout(), AbstractSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT);
    session.touch();
    session.setTimeout(100);
    assertEquals(100, session.getTimeout());
    sleep(150);
    try {
        session.getTimeout();
        fail("Session should have expired.");
    } catch (ExpiredSessionException expected) {
    }
}

Example 4 with ExpiredSessionException

use of org.apache.shiro.session.ExpiredSessionException in project shiro by apache.

the class DefaultWebSecurityManagerTest method testSessionTimeout.

@Test
public void testSessionTimeout() {
    shiroSessionModeInit();
    long globalTimeout = 100;
    ((AbstractSessionManager) sm.getSessionManager()).setGlobalSessionTimeout(globalTimeout);
    HttpServletRequest mockRequest = createNiceMock(HttpServletRequest.class);
    HttpServletResponse mockResponse = createNiceMock(HttpServletResponse.class);
    expect(mockRequest.getCookies()).andReturn(null);
    expect(mockRequest.getContextPath()).andReturn("/");
    replay(mockRequest);
    Subject subject = newSubject(mockRequest, mockResponse);
    Session session = subject.getSession();
    assertEquals(session.getTimeout(), globalTimeout);
    session.setTimeout(125);
    assertEquals(session.getTimeout(), 125);
    sleep(200);
    try {
        session.getTimeout();
        fail("Session should have expired.");
    } catch (ExpiredSessionException expected) {
    }
}

Example 5 with ExpiredSessionException

use of org.apache.shiro.session.ExpiredSessionException in project shiro by apache.

the class SimpleSession method validate.

public void validate() throws InvalidSessionException {
    // check for stopped:
    if (isStopped()) {
        // timestamp is set, so the session is considered stopped:
        String msg = "Session with id [" + getId() + "] has been " + "explicitly stopped.  No further interaction under this session is " + "allowed.";
        throw new StoppedSessionException(msg);
    }
    // check for expiration
    if (isTimedOut()) {
        expire();
        // throw an exception explaining details of why it expired:
        Date lastAccessTime = getLastAccessTime();
        long timeout = getTimeout();
        Serializable sessionId = getId();
        DateFormat df = DateFormat.getInstance();
        String msg = "Session with id [" + sessionId + "] has expired. " + "Last access time: " + df.format(lastAccessTime) + ".  Current time: " + df.format(new Date()) + ".  Session timeout is set to " + timeout / MILLIS_PER_SECOND + " seconds (" + timeout / MILLIS_PER_MINUTE + " minutes)";
        if (log.isTraceEnabled()) {
            log.trace(msg);
        }
        throw new ExpiredSessionException(msg);
    }
}