Search in sources :

Example 76 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DefaultSessionManager method doCreateSession.

protected Session doCreateSession(SessionContext context) {
    Session s = newSessionInstance(context);
    if (log.isTraceEnabled()) {
        log.trace("Creating session for host {}", s.getHost());
    }
    create(s);
    return s;
}
Also used : Session(org.apache.shiro.session.Session)

Example 77 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DefaultSessionManagerTest method testSessionListenerExpiredNotification.

@Test
public void testSessionListenerExpiredNotification() {
    final boolean[] expired = new boolean[1];
    SessionListener listener = new SessionListenerAdapter() {

        public void onExpiration(Session session) {
            expired[0] = true;
        }
    };
    sm.getSessionListeners().add(listener);
    sm.setGlobalSessionTimeout(100);
    Session session = sm.start(null);
    sleep(150);
    try {
        sm.checkValid(new DefaultSessionKey(session.getId()));
        fail("check should have thrown an exception.");
    } catch (InvalidSessionException expected) {
    // do nothing - expected.
    }
    assertTrue(expired[0]);
}
Also used : InvalidSessionException(org.apache.shiro.session.InvalidSessionException) SessionListenerAdapter(org.apache.shiro.session.SessionListenerAdapter) SessionListener(org.apache.shiro.session.SessionListener) Session(org.apache.shiro.session.Session) Test(org.junit.Test)

Example 78 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DefaultSessionManagerTest method testSessionDeleteOnExpiration.

@Test
public void testSessionDeleteOnExpiration() {
    sm.setGlobalSessionTimeout(100);
    SessionDAO sessionDAO = createMock(SessionDAO.class);
    sm.setSessionDAO(sessionDAO);
    String sessionId1 = UUID.randomUUID().toString();
    final SimpleSession session1 = new SimpleSession();
    session1.setId(sessionId1);
    final Session[] activeSession = new SimpleSession[] { session1 };
    sm.setSessionFactory(new SessionFactory() {

        public Session createSession(SessionContext initData) {
            return activeSession[0];
        }
    });
    expect(sessionDAO.create(eq(session1))).andReturn(sessionId1);
    sessionDAO.update(eq(session1));
    expectLastCall().anyTimes();
    replay(sessionDAO);
    Session session = sm.start(null);
    assertNotNull(session);
    verify(sessionDAO);
    reset(sessionDAO);
    expect(sessionDAO.readSession(sessionId1)).andReturn(session1).anyTimes();
    sessionDAO.update(eq(session1));
    replay(sessionDAO);
    sm.setTimeout(new DefaultSessionKey(sessionId1), 1);
    verify(sessionDAO);
    reset(sessionDAO);
    sleep(20);
    expect(sessionDAO.readSession(sessionId1)).andReturn(session1);
    // update's the stop timestamp
    sessionDAO.update(eq(session1));
    sessionDAO.delete(session1);
    replay(sessionDAO);
    // Try to access the same session, but it should throw an UnknownSessionException due to timeout:
    try {
        sm.getTimeout(new DefaultSessionKey(sessionId1));
        fail("Session with id [" + sessionId1 + "] should have expired due to timeout.");
    } catch (ExpiredSessionException expected) {
    // expected
    }
    // verify that the delete call was actually made on the DAO
    verify(sessionDAO);
}
Also used : SessionDAO(org.apache.shiro.session.mgt.eis.SessionDAO) ExpiredSessionException(org.apache.shiro.session.ExpiredSessionException) Session(org.apache.shiro.session.Session) Test(org.junit.Test)

Example 79 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DelegatingSubjectTest method testSessionStopThenStart.

@Test
public void testSessionStopThenStart() {
    String key = "testKey";
    String value = "testValue";
    DefaultSecurityManager sm = new DefaultSecurityManager();
    DelegatingSubject subject = new DelegatingSubject(sm);
    Session session = subject.getSession();
    session.setAttribute(key, value);
    assertTrue(session.getAttribute(key).equals(value));
    Serializable firstSessionId = session.getId();
    assertNotNull(firstSessionId);
    session.stop();
    session = subject.getSession();
    assertNotNull(session);
    assertNull(session.getAttribute(key));
    Serializable secondSessionId = session.getId();
    assertNotNull(secondSessionId);
    assertFalse(firstSessionId.equals(secondSessionId));
    subject.logout();
    sm.destroy();
}
Also used : DelegatingSubject(org.apache.shiro.subject.support.DelegatingSubject) Serializable(java.io.Serializable) DefaultSecurityManager(org.apache.shiro.mgt.DefaultSecurityManager) Session(org.apache.shiro.session.Session) Test(org.junit.Test)

Example 80 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DefaultSecurityManagerTest method testDefaultConfig.

@Test
public void testDefaultConfig() {
    Subject subject = SecurityUtils.getSubject();
    AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
    subject.login(token);
    assertTrue(subject.isAuthenticated());
    assertTrue("guest".equals(subject.getPrincipal()));
    assertTrue(subject.hasRole("guest"));
    Session session = subject.getSession();
    session.setAttribute("key", "value");
    assertEquals(session.getAttribute("key"), "value");
    subject.logout();
    assertNull(subject.getSession(false));
    assertNull(subject.getPrincipal());
    assertNull(subject.getPrincipals());
}
Also used : AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) Subject(org.apache.shiro.subject.Subject) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Session(org.apache.shiro.session.Session) Test(org.junit.Test)

Aggregations

Session (org.apache.shiro.session.Session)93 Subject (org.apache.shiro.subject.Subject)34 Test (org.junit.Test)21 Serializable (java.io.Serializable)11 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)8 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)6 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)6 SecurityManager (org.apache.shiro.mgt.SecurityManager)5 SessionListener (org.apache.shiro.session.SessionListener)5 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)5 User (com.hfut.entity.User)4 Subject (ddf.security.Subject)4 ApiOperation (io.swagger.annotations.ApiOperation)4 Date (java.util.Date)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 AuthenticationException (org.apache.shiro.authc.AuthenticationException)4 InvalidSessionException (org.apache.shiro.session.InvalidSessionException)4 SessionListenerAdapter (org.apache.shiro.session.SessionListenerAdapter)4 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3