Examples with Session org.apache.shiro.session.Session used on opensource projects

Example 26 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class CachingSessionDAO method createActiveSessionsCache.

/**
 * Creates a cache instance used to store active sessions.  Creation is done by first
 * {@link #getCacheManager() acquiring} the {@code CacheManager}.  If the cache manager is not null, the
 * cache returned is that resulting from the following call:
 * <pre>       String name = {@link #getActiveSessionsCacheName() getActiveSessionsCacheName()};
 * cacheManager.getCache(name);</pre>
 *
 * @return a cache instance used to store active sessions, or {@code null} if the {@code CacheManager} has
 *         not been set.
 */
protected Cache<Serializable, Session> createActiveSessionsCache() {
    Cache<Serializable, Session> cache = null;
    CacheManager mgr = getCacheManager();
    if (mgr != null) {
        String name = getActiveSessionsCacheName();
        cache = mgr.getCache(name);
    }
    return cache;
}

Example 27 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class CachingSessionDAO method uncache.

/**
 * Removes the specified Session from the cache.
 *
 * @param session the session to remove from the cache.
 */
protected void uncache(Session session) {
    if (session == null) {
        return;
    }
    Serializable id = session.getId();
    if (id == null) {
        return;
    }
    Cache<Serializable, Session> cache = getActiveSessionsCacheLazy();
    if (cache != null) {
        cache.remove(id);
    }
}

Example 28 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DefaultSecurityManagerTest method testAutoCreateSessionAfterInvalidation.

/**
 * Test that validates functionality for issue
 * <a href="https://issues.apache.org/jira/browse/JSEC-46">JSEC-46</a>
 */
@Test
public void testAutoCreateSessionAfterInvalidation() {
    Subject subject = SecurityUtils.getSubject();
    Session session = subject.getSession();
    Serializable origSessionId = session.getId();
    String key = "foo";
    String value1 = "bar";
    session.setAttribute(key, value1);
    assertEquals(value1, session.getAttribute(key));
    // now test auto creation:
    session.setTimeout(50);
    try {
        Thread.sleep(150);
    } catch (InterruptedException e) {
    // ignored
    }
    try {
        session.setTimeout(AbstractValidatingSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT);
        fail("Session should have expired.");
    } catch (ExpiredSessionException expected) {
    }
}

Example 29 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DefaultSecurityManagerTest method testSubjectReuseAfterLogout.

/**
 * Test that validates functionality for issue
 * <a href="https://issues.apache.org/jira/browse/JSEC-22">JSEC-22</a>
 */
@Test
public void testSubjectReuseAfterLogout() {
    Subject subject = SecurityUtils.getSubject();
    AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
    subject.login(token);
    assertTrue(subject.isAuthenticated());
    assertTrue("guest".equals(subject.getPrincipal()));
    assertTrue(subject.hasRole("guest"));
    Session session = subject.getSession();
    Serializable firstSessionId = session.getId();
    session.setAttribute("key", "value");
    assertEquals(session.getAttribute("key"), "value");
    subject.logout();
    assertNull(subject.getSession(false));
    assertNull(subject.getPrincipal());
    assertNull(subject.getPrincipals());
    subject.login(new UsernamePasswordToken("lonestarr", "vespa"));
    assertTrue(subject.isAuthenticated());
    assertTrue("lonestarr".equals(subject.getPrincipal()));
    assertTrue(subject.hasRole("goodguy"));
    assertNotNull(subject.getSession());
    assertFalse(firstSessionId.equals(subject.getSession().getId()));
    subject.logout();
    assertNull(subject.getSession(false));
    assertNull(subject.getPrincipal());
    assertNull(subject.getPrincipals());
}

Example 30 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class AbstractValidatingSessionManagerTest method testNoMemoryLeakOnInvalidSessions.

/**
 * Tests that no memory leak exists on invalid sessions: expired or stopped
 * Verifies <a href="https://issues.apache.org/jira/browse/SHIRO-399">SHIRO-399</a>.
 */
@Test
public void testNoMemoryLeakOnInvalidSessions() throws Exception {
    SessionListener sessionListener = new SessionListener() {

        public void onStart(Session session) {
            session.setAttribute("I love", "Romania");
        }

        public void onStop(Session session) {
            tryToCleanSession(session);
        }

        public void onExpiration(Session session) {
            tryToCleanSession(session);
        }

        private void tryToCleanSession(Session session) {
            Collection<Object> keys = session.getAttributeKeys();
            for (Object key : keys) {
                session.removeAttribute(key);
            }
        }
    };
    DefaultSessionManager sessionManager = new DefaultSessionManager();
    sessionManager.setSessionListeners(Arrays.asList(sessionListener));
    Session session = sessionManager.start(null);
    assertEquals(1, sessionManager.getActiveSessions().size());
    session.setTimeout(0L);
    // last access timestamp needs to be older than the current timestamp when validating, so ensure a delay:
    Thread.sleep(1);
    sessionManager.validateSessions();
    assertEquals(0, sessionManager.getActiveSessions().size());
}