use of org.apache.shiro.session.Session in project shiro by apache.
the class DefaultSessionManager method doCreateSession.
protected Session doCreateSession(SessionContext context) {
Session s = newSessionInstance(context);
if (log.isTraceEnabled()) {
log.trace("Creating session for host {}", s.getHost());
}
create(s);
return s;
}
use of org.apache.shiro.session.Session in project shiro by apache.
the class DefaultSessionManagerTest method testSessionListenerExpiredNotification.
@Test
public void testSessionListenerExpiredNotification() {
final boolean[] expired = new boolean[1];
SessionListener listener = new SessionListenerAdapter() {
public void onExpiration(Session session) {
expired[0] = true;
}
};
sm.getSessionListeners().add(listener);
sm.setGlobalSessionTimeout(100);
Session session = sm.start(null);
sleep(150);
try {
sm.checkValid(new DefaultSessionKey(session.getId()));
fail("check should have thrown an exception.");
} catch (InvalidSessionException expected) {
// do nothing - expected.
}
assertTrue(expired[0]);
}
use of org.apache.shiro.session.Session in project shiro by apache.
the class DefaultSessionManagerTest method testSessionDeleteOnExpiration.
@Test
public void testSessionDeleteOnExpiration() {
sm.setGlobalSessionTimeout(100);
SessionDAO sessionDAO = createMock(SessionDAO.class);
sm.setSessionDAO(sessionDAO);
String sessionId1 = UUID.randomUUID().toString();
final SimpleSession session1 = new SimpleSession();
session1.setId(sessionId1);
final Session[] activeSession = new SimpleSession[] { session1 };
sm.setSessionFactory(new SessionFactory() {
public Session createSession(SessionContext initData) {
return activeSession[0];
}
});
expect(sessionDAO.create(eq(session1))).andReturn(sessionId1);
sessionDAO.update(eq(session1));
expectLastCall().anyTimes();
replay(sessionDAO);
Session session = sm.start(null);
assertNotNull(session);
verify(sessionDAO);
reset(sessionDAO);
expect(sessionDAO.readSession(sessionId1)).andReturn(session1).anyTimes();
sessionDAO.update(eq(session1));
replay(sessionDAO);
sm.setTimeout(new DefaultSessionKey(sessionId1), 1);
verify(sessionDAO);
reset(sessionDAO);
sleep(20);
expect(sessionDAO.readSession(sessionId1)).andReturn(session1);
// update's the stop timestamp
sessionDAO.update(eq(session1));
sessionDAO.delete(session1);
replay(sessionDAO);
// Try to access the same session, but it should throw an UnknownSessionException due to timeout:
try {
sm.getTimeout(new DefaultSessionKey(sessionId1));
fail("Session with id [" + sessionId1 + "] should have expired due to timeout.");
} catch (ExpiredSessionException expected) {
// expected
}
// verify that the delete call was actually made on the DAO
verify(sessionDAO);
}
use of org.apache.shiro.session.Session in project shiro by apache.
the class DelegatingSubjectTest method testSessionStopThenStart.
@Test
public void testSessionStopThenStart() {
String key = "testKey";
String value = "testValue";
DefaultSecurityManager sm = new DefaultSecurityManager();
DelegatingSubject subject = new DelegatingSubject(sm);
Session session = subject.getSession();
session.setAttribute(key, value);
assertTrue(session.getAttribute(key).equals(value));
Serializable firstSessionId = session.getId();
assertNotNull(firstSessionId);
session.stop();
session = subject.getSession();
assertNotNull(session);
assertNull(session.getAttribute(key));
Serializable secondSessionId = session.getId();
assertNotNull(secondSessionId);
assertFalse(firstSessionId.equals(secondSessionId));
subject.logout();
sm.destroy();
}
use of org.apache.shiro.session.Session in project shiro by apache.
the class DefaultSecurityManagerTest method testDefaultConfig.
@Test
public void testDefaultConfig() {
Subject subject = SecurityUtils.getSubject();
AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
subject.login(token);
assertTrue(subject.isAuthenticated());
assertTrue("guest".equals(subject.getPrincipal()));
assertTrue(subject.hasRole("guest"));
Session session = subject.getSession();
session.setAttribute("key", "value");
assertEquals(session.getAttribute("key"), "value");
subject.logout();
assertNull(subject.getSession(false));
assertNull(subject.getPrincipal());
assertNull(subject.getPrincipals());
}
Aggregations