Search in sources :

Example 31 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class AbstractValidatingSessionManagerTest method testValidateSessions.

/**
 * Tests that both SessionListeners are called and that invalid sessions are deleted by default.
 * Verifies <a href="https://issues.apache.org/jira/browse/SHIRO-199">SHIRO-199</a>.
 */
@Test
public void testValidateSessions() {
    final SimpleSession validSession = new SimpleSession();
    validSession.setId(1);
    final SimpleSession invalidSession = new SimpleSession();
    // set to a time in the past:
    Calendar cal = Calendar.getInstance();
    Long expiredTimeout = AbstractSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT + 1;
    cal.add(Calendar.MILLISECOND, -(expiredTimeout.intValue()));
    Date past = cal.getTime();
    invalidSession.setStartTimestamp(past);
    invalidSession.setLastAccessTime(past);
    invalidSession.setId(2);
    final AtomicInteger expirationCount = new AtomicInteger();
    SessionListener sessionListener = new SessionListenerAdapter() {

        @Override
        public void onExpiration(Session session) {
            expirationCount.incrementAndGet();
        }
    };
    AbstractValidatingSessionManager sessionManager = new AbstractValidatingSessionManager() {

        @Override
        protected Session retrieveSession(SessionKey key) throws UnknownSessionException {
            throw new UnsupportedOperationException("Should not be called in this test.");
        }

        @Override
        protected Session doCreateSession(SessionContext initData) throws AuthorizationException {
            throw new UnsupportedOperationException("Should not be called in this test.");
        }

        @Override
        protected Collection<Session> getActiveSessions() {
            Collection<Session> sessions = new ArrayList<Session>(2);
            sessions.add(validSession);
            sessions.add(invalidSession);
            return sessions;
        }
    };
    sessionManager.setSessionListeners(Arrays.asList(sessionListener));
    sessionManager.validateSessions();
    assertEquals(1, expirationCount.intValue());
}
Also used : SessionListenerAdapter(org.apache.shiro.session.SessionListenerAdapter) Calendar(java.util.Calendar) ArrayList(java.util.ArrayList) Date(java.util.Date) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) SessionListener(org.apache.shiro.session.SessionListener) Session(org.apache.shiro.session.Session) Test(org.junit.Test)

Example 32 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DefaultSessionManagerTest method testSessionListenerStopNotification.

@Test
public void testSessionListenerStopNotification() {
    final boolean[] stopped = new boolean[1];
    SessionListener listener = new SessionListenerAdapter() {

        public void onStop(Session session) {
            stopped[0] = true;
        }
    };
    sm.getSessionListeners().add(listener);
    Session session = sm.start(null);
    sm.stop(new DefaultSessionKey(session.getId()));
    assertTrue(stopped[0]);
}
Also used : SessionListenerAdapter(org.apache.shiro.session.SessionListenerAdapter) SessionListener(org.apache.shiro.session.SessionListener) Session(org.apache.shiro.session.Session) Test(org.junit.Test)

Example 33 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DefaultSessionManagerTest method testSessionListenerStopNotificationWithReadAttribute.

// asserts fix for SHIRO-388:
// Ensures that a session attribute can be accessed in the listener without
// causing a stack overflow exception.
@Test
public void testSessionListenerStopNotificationWithReadAttribute() {
    final boolean[] stopped = new boolean[1];
    final String[] value = new String[1];
    SessionListener listener = new SessionListenerAdapter() {

        public void onStop(Session session) {
            stopped[0] = true;
            value[0] = (String) session.getAttribute("foo");
        }
    };
    sm.getSessionListeners().add(listener);
    Session session = sm.start(null);
    session.setAttribute("foo", "bar");
    sm.stop(new DefaultSessionKey(session.getId()));
    assertTrue(stopped[0]);
    assertEquals("bar", value[0]);
}
Also used : SessionListenerAdapter(org.apache.shiro.session.SessionListenerAdapter) SessionListener(org.apache.shiro.session.SessionListener) Session(org.apache.shiro.session.Session) Test(org.junit.Test)

Example 34 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DefaultSessionManagerTest method testGlobalTimeout.

@Test
public void testGlobalTimeout() {
    long timeout = 1000;
    sm.setGlobalSessionTimeout(timeout);
    Session session = sm.start(null);
    assertNotNull(session);
    assertNotNull(session.getId());
    assertEquals(session.getTimeout(), timeout);
}
Also used : Session(org.apache.shiro.session.Session) Test(org.junit.Test)

Example 35 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DefaultSessionManagerTest method testEnablingOfCustomSessionValidationScheduler.

/**
 * Tests a bug introduced by SHIRO-443, where a custom sessionValidationScheduler would not be started.
 */
@Test
public void testEnablingOfCustomSessionValidationScheduler() {
    // using the default impl of sessionValidationScheduler, as the but effects any scheduler we set directly via
    // sessionManager.setSessionValidationScheduler(), commonly used in INI configuration.
    ExecutorServiceSessionValidationScheduler sessionValidationScheduler = new ExecutorServiceSessionValidationScheduler();
    DefaultSessionManager sessionManager = new DefaultSessionManager();
    sessionManager.setSessionValidationScheduler(sessionValidationScheduler);
    // starting a session will trigger the starting of the validator
    try {
        Session session = sessionManager.start(null);
        // now sessionValidationScheduler should be enabled
        assertTrue("sessionValidationScheduler was not enabled", sessionValidationScheduler.isEnabled());
    } finally {
        // cleanup after test
        sessionManager.destroy();
    }
}
Also used : Session(org.apache.shiro.session.Session) Test(org.junit.Test)

Aggregations

Session (org.apache.shiro.session.Session)93 Subject (org.apache.shiro.subject.Subject)34 Test (org.junit.Test)21 Serializable (java.io.Serializable)11 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)8 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)6 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)6 SecurityManager (org.apache.shiro.mgt.SecurityManager)5 SessionListener (org.apache.shiro.session.SessionListener)5 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)5 User (com.hfut.entity.User)4 Subject (ddf.security.Subject)4 ApiOperation (io.swagger.annotations.ApiOperation)4 Date (java.util.Date)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 AuthenticationException (org.apache.shiro.authc.AuthenticationException)4 InvalidSessionException (org.apache.shiro.session.InvalidSessionException)4 SessionListenerAdapter (org.apache.shiro.session.SessionListenerAdapter)4 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3