Examples with SessionInformation - org.springframework.security.core.session.SessionInformation

Example 26 with SessionInformation

use of org.springframework.security.core.session.SessionInformation in project spring-security by spring-projects.

the class ConcurrentSessionFilter method doFilter.

private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpSession session = request.getSession(false);
    if (session != null) {
        SessionInformation info = this.sessionRegistry.getSessionInformation(session.getId());
        if (info != null) {
            if (info.isExpired()) {
                // Expired - abort processing
                this.logger.debug(LogMessage.of(() -> "Requested session ID " + request.getRequestedSessionId() + " has expired."));
                doLogout(request, response);
                this.sessionInformationExpiredStrategy.onExpiredSessionDetected(new SessionInformationExpiredEvent(info, request, response));
                return;
            }
            // Non-expired - update last request date/time
            this.sessionRegistry.refreshLastRequest(info.getSessionId());
        }
    }
    chain.doFilter(request, response);
}

Also used : SessionInformation(org.springframework.security.core.session.SessionInformation) HttpSession(jakarta.servlet.http.HttpSession)

Example 27 with SessionInformation

use of org.springframework.security.core.session.SessionInformation in project spring-security by spring-projects.

the class ConcurrentSessionFilterTests method doFilterWhenNoExpiredUrlThenResponseWritten.

@Test
public void doFilterWhenNoExpiredUrlThenResponseWritten() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpSession session = new MockHttpSession();
    request.setSession(session);
    MockHttpServletResponse response = new MockHttpServletResponse();
    SessionRegistry registry = mock(SessionRegistry.class);
    SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000));
    information.expireNow();
    given(registry.getSessionInformation(anyString())).willReturn(information);
    ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
    filter.doFilter(request, response, new MockFilterChain());
    assertThat(response.getContentAsString()).contains("This session has been expired (possibly due to multiple concurrent logins being attempted as the same user).");
}

Also used : SessionInformation(org.springframework.security.core.session.SessionInformation) SessionRegistry(org.springframework.security.core.session.SessionRegistry) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpSession(org.springframework.mock.web.MockHttpSession) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Date(java.util.Date) Test(org.junit.jupiter.api.Test)

Example 28 with SessionInformation

use of org.springframework.security.core.session.SessionInformation in project spring-security by spring-projects.

the class ConcurrentSessionControlAuthenticationStrategy method allowableSessionsExceeded.

/**
 * Allows subclasses to customise behaviour when too many sessions are detected.
 * @param sessions either <code>null</code> or all unexpired sessions associated with
 * the principal
 * @param allowableSessions the number of concurrent sessions the user is allowed to
 * have
 * @param registry an instance of the <code>SessionRegistry</code> for subclass use
 */
protected void allowableSessionsExceeded(List<SessionInformation> sessions, int allowableSessions, SessionRegistry registry) throws SessionAuthenticationException {
    if (this.exceptionIfMaximumExceeded || (sessions == null)) {
        throw new SessionAuthenticationException(this.messages.getMessage("ConcurrentSessionControlAuthenticationStrategy.exceededAllowed", new Object[] { allowableSessions }, "Maximum sessions of {0} for this principal exceeded"));
    }
    // Determine least recently used sessions, and mark them for invalidation
    sessions.sort(Comparator.comparing(SessionInformation::getLastRequest));
    int maximumSessionsExceededBy = sessions.size() - allowableSessions + 1;
    List<SessionInformation> sessionsToBeExpired = sessions.subList(0, maximumSessionsExceededBy);
    for (SessionInformation session : sessionsToBeExpired) {
        session.expireNow();
    }
}

Also used : SessionInformation(org.springframework.security.core.session.SessionInformation)

Example 29 with SessionInformation

use of org.springframework.security.core.session.SessionInformation in project theskeleton by codenergic.

the class UserRestControllerTest method testFindUserActiveSessions.

@Test
@WithMockUser("user123")
public void testFindUserActiveSessions() throws Exception {
    final SessionInformation sessionInformation = new SessionInformation("1", "1", new Date());
    when(userService.findUserActiveSessions("user123")).thenReturn(Collections.singletonList(sessionInformation));
    MockHttpServletRequestBuilder request = get("/api/users/user123/sessions").contentType(MediaType.APPLICATION_JSON);
    MockHttpServletResponse response = mockMvc.perform(request).andDo(document("user-sessions-list")).andReturn().getResponse();
    assertThat(response.getStatus()).isEqualTo(200);
    List<SessionInformation> expectedValue = Collections.singletonList(sessionInformation);
    assertThat(response.getContentAsString()).isEqualTo(objectMapper.writeValueAsString(expectedValue));
    verify(userService).findUserActiveSessions("user123");
}

Also used : SessionInformation(org.springframework.security.core.session.SessionInformation) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) Date(java.util.Date) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) WithMockUser(org.springframework.security.test.context.support.WithMockUser) Test(org.junit.Test) WebMvcTest(org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest)

Aggregations

SessionInformation (org.springframework.security.core.session.SessionInformation)29 Date (java.util.Date)12 Test (org.junit.jupiter.api.Test)8 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)8 Test (org.junit.Test)7 SessionRegistry (org.springframework.security.core.session.SessionRegistry)7 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)6 MockFilterChain (org.springframework.mock.web.MockFilterChain)5 MockHttpSession (org.springframework.mock.web.MockHttpSession)5 ConcurrentSessionFilter (org.springframework.security.web.session.ConcurrentSessionFilter)5 ArrayList (java.util.ArrayList)3 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)3 Authentication (org.springframework.security.core.Authentication)3 RedirectStrategy (org.springframework.security.web.RedirectStrategy)3 MapSession (org.springframework.session.MapSession)3 Session (org.springframework.session.Session)3 GuiProfiledPrincipal (com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal)2 PrismObject (com.evolveum.midpoint.prism.PrismObject)2 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)2 User (com.serotonin.m2m2.vo.User)2