Examples with Session org.apache.shiro.session.Session used on opensource projects

Example 36 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DefaultSessionManagerTest method testSessionListenerStartNotification.

@Test
public void testSessionListenerStartNotification() {
    final boolean[] started = new boolean[1];
    SessionListener listener = new SessionListenerAdapter() {

        public void onStart(Session session) {
            started[0] = true;
        }
    };
    sm.getSessionListeners().add(listener);
    sm.start(null);
    assertTrue(started[0]);
}

Example 37 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DelegatingSubject method login.

public void login(AuthenticationToken token) throws AuthenticationException {
    clearRunAsIdentitiesInternal();
    Subject subject = securityManager.login(this, token);
    PrincipalCollection principals;
    String host = null;
    if (subject instanceof DelegatingSubject) {
        DelegatingSubject delegating = (DelegatingSubject) subject;
        // we have to do this in case there are assumed identities - we don't want to lose the 'real' principals:
        principals = delegating.principals;
        host = delegating.host;
    } else {
        principals = subject.getPrincipals();
    }
    if (principals == null || principals.isEmpty()) {
        String msg = "Principals returned from securityManager.login( token ) returned a null or " + "empty value.  This value must be non null and populated with one or more elements.";
        throw new IllegalStateException(msg);
    }
    this.principals = principals;
    this.authenticated = true;
    if (token instanceof HostAuthenticationToken) {
        host = ((HostAuthenticationToken) token).getHost();
    }
    if (host != null) {
        this.host = host;
    }
    Session session = subject.getSession(false);
    if (session != null) {
        this.session = decorate(session);
    } else {
        this.session = null;
    }
}

Example 38 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DelegatingSubject method pushIdentity.

private void pushIdentity(PrincipalCollection principals) throws NullPointerException {
    if (isEmpty(principals)) {
        String msg = "Specified Subject principals cannot be null or empty for 'run as' functionality.";
        throw new NullPointerException(msg);
    }
    List<PrincipalCollection> stack = getRunAsPrincipalsStack();
    if (stack == null) {
        stack = new CopyOnWriteArrayList<PrincipalCollection>();
    }
    stack.add(0, principals);
    Session session = getSession();
    session.setAttribute(RUN_AS_PRINCIPALS_SESSION_KEY, stack);
}

Example 39 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DelegatingSubject method getSession.

public Session getSession(boolean create) {
    if (log.isTraceEnabled()) {
        log.trace("attempting to get session; create = " + create + "; session is null = " + (this.session == null) + "; session has id = " + (this.session != null && session.getId() != null));
    }
    if (this.session == null && create) {
        // added in 1.2:
        if (!isSessionCreationEnabled()) {
            String msg = "Session creation has been disabled for the current subject.  This exception indicates " + "that there is either a programming error (using a session when it should never be " + "used) or that Shiro's configuration needs to be adjusted to allow Sessions to be created " + "for the current Subject.  See the " + DisabledSessionException.class.getName() + " JavaDoc " + "for more.";
            throw new DisabledSessionException(msg);
        }
        log.trace("Starting session for host {}", getHost());
        SessionContext sessionContext = createSessionContext();
        Session session = this.securityManager.start(sessionContext);
        this.session = decorate(session);
    }
    return this.session;
}

Example 40 with Session

use of org.apache.shiro.session.Session in project shiro by apache.

the class DefaultWebSecurityManagerTest method testSessionTimeout.

@Test
public void testSessionTimeout() {
    shiroSessionModeInit();
    long globalTimeout = 100;
    ((AbstractSessionManager) sm.getSessionManager()).setGlobalSessionTimeout(globalTimeout);
    HttpServletRequest mockRequest = createNiceMock(HttpServletRequest.class);
    HttpServletResponse mockResponse = createNiceMock(HttpServletResponse.class);
    expect(mockRequest.getCookies()).andReturn(null);
    expect(mockRequest.getContextPath()).andReturn("/");
    replay(mockRequest);
    Subject subject = newSubject(mockRequest, mockResponse);
    Session session = subject.getSession();
    assertEquals(session.getTimeout(), globalTimeout);
    session.setTimeout(125);
    assertEquals(session.getTimeout(), 125);
    sleep(200);
    try {
        session.getTimeout();
        fail("Session should have expired.");
    } catch (ExpiredSessionException expected) {
    }
}