Examples with SessionRegistryImpl org.springframework.security.core.session.SessionRegistryImpl used on opensource projects

Search in sources :

Example 1 with SessionRegistryImpl

use of org.springframework.security.core.session.SessionRegistryImpl in project spring-security by spring-projects.

the class SessionManagementConfigurer method getSessionRegistry.

private SessionRegistry getSessionRegistry(H http) {
    if (this.sessionRegistry == null) {
        this.sessionRegistry = getBeanOrNull(SessionRegistry.class);
    }
    if (this.sessionRegistry == null) {
        SessionRegistryImpl sessionRegistry = new SessionRegistryImpl();
        registerDelegateApplicationListener(http, sessionRegistry);
        this.sessionRegistry = sessionRegistry;
    }
    return this.sessionRegistry;
}
Also used : SessionRegistry(org.springframework.security.core.session.SessionRegistry) SessionRegistryImpl(org.springframework.security.core.session.SessionRegistryImpl)

Example 2 with SessionRegistryImpl

use of org.springframework.security.core.session.SessionRegistryImpl in project spring-security by spring-projects.

the class ConcurrentSessionFilterTests method returnsExpectedMessageWhenNoExpiredUrlSet.

// As above, but with no expiredUrl set.
@Test
public void returnsExpectedMessageWhenNoExpiredUrlSet() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpSession session = new MockHttpSession();
    request.setSession(session);
    MockHttpServletResponse response = new MockHttpServletResponse();
    SessionRegistry registry = new SessionRegistryImpl();
    registry.registerNewSession(session.getId(), "principal");
    registry.getSessionInformation(session.getId()).expireNow();
    ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
    FilterChain fc = mock(FilterChain.class);
    filter.doFilter(request, response, fc);
    verifyZeroInteractions(fc);
    assertThat(response.getContentAsString()).isEqualTo("This session has been expired (possibly due to multiple concurrent logins being " + "attempted as the same user).");
}
Also used : SessionRegistry(org.springframework.security.core.session.SessionRegistry) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SessionRegistryImpl(org.springframework.security.core.session.SessionRegistryImpl) MockFilterChain(org.springframework.mock.web.MockFilterChain) FilterChain(jakarta.servlet.FilterChain) MockHttpSession(org.springframework.mock.web.MockHttpSession) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 3 with SessionRegistryImpl

use of org.springframework.security.core.session.SessionRegistryImpl in project spring-security by spring-projects.

the class ConcurrentSessionFilterTests method detectsExpiredSessions.

@Test
public void detectsExpiredSessions() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpSession session = new MockHttpSession();
    request.setSession(session);
    MockHttpServletResponse response = new MockHttpServletResponse();
    SessionRegistry registry = new SessionRegistryImpl();
    registry.registerNewSession(session.getId(), "principal");
    registry.getSessionInformation(session.getId()).expireNow();
    // Setup our test fixture and registry to want this session to be expired
    SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy("/expired.jsp");
    ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredSessionStrategy);
    filter.setLogoutHandlers(new LogoutHandler[] { new SecurityContextLogoutHandler() });
    filter.afterPropertiesSet();
    FilterChain fc = mock(FilterChain.class);
    filter.doFilter(request, response, fc);
    // Expect that the filter chain will not be invoked, as we redirect to expiredUrl
    verifyZeroInteractions(fc);
    assertThat(response.getRedirectedUrl()).isEqualTo("/expired.jsp");
}
Also used : SecurityContextLogoutHandler(org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler) SimpleRedirectSessionInformationExpiredStrategy(org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy) SessionRegistry(org.springframework.security.core.session.SessionRegistry) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SessionRegistryImpl(org.springframework.security.core.session.SessionRegistryImpl) MockFilterChain(org.springframework.mock.web.MockFilterChain) FilterChain(jakarta.servlet.FilterChain) MockHttpSession(org.springframework.mock.web.MockHttpSession) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 4 with SessionRegistryImpl

use of org.springframework.security.core.session.SessionRegistryImpl in project spring-security by spring-projects.

the class ConcurrentSessionFilterTests method setLogoutHandlersWhenEmptyThenThrowsException.

@Test
public void setLogoutHandlersWhenEmptyThenThrowsException() {
    ConcurrentSessionFilter filter = new ConcurrentSessionFilter(new SessionRegistryImpl());
    assertThatIllegalArgumentException().isThrownBy(() -> filter.setLogoutHandlers(new LogoutHandler[0]));
}
Also used : SessionRegistryImpl(org.springframework.security.core.session.SessionRegistryImpl) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) SecurityContextLogoutHandler(org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) Test(org.junit.jupiter.api.Test)

Example 5 with SessionRegistryImpl

use of org.springframework.security.core.session.SessionRegistryImpl in project spring-security by spring-projects.

the class ConcurrentSessionFilterTests method lastRequestTimeUpdatesCorrectly.

@Test
public void lastRequestTimeUpdatesCorrectly() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpSession session = new MockHttpSession();
    request.setSession(session);
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain fc = mock(FilterChain.class);
    // Setup our test fixture
    SessionRegistry registry = new SessionRegistryImpl();
    registry.registerNewSession(session.getId(), "principal");
    SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy("/expired.jsp");
    ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredSessionStrategy);
    Date lastRequest = registry.getSessionInformation(session.getId()).getLastRequest();
    Thread.sleep(1000);
    filter.doFilter(request, response, fc);
    verify(fc).doFilter(request, response);
    assertThat(registry.getSessionInformation(session.getId()).getLastRequest().after(lastRequest)).isTrue();
}
Also used : SimpleRedirectSessionInformationExpiredStrategy(org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy) SessionRegistry(org.springframework.security.core.session.SessionRegistry) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SessionRegistryImpl(org.springframework.security.core.session.SessionRegistryImpl) MockFilterChain(org.springframework.mock.web.MockFilterChain) FilterChain(jakarta.servlet.FilterChain) MockHttpSession(org.springframework.mock.web.MockHttpSession) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Date(java.util.Date) Test(org.junit.jupiter.api.Test)

Aggregations

SessionRegistryImpl (org.springframework.security.core.session.SessionRegistryImpl)6 Test (org.junit.jupiter.api.Test)5 ConcurrentSessionFilter (org.springframework.security.web.session.ConcurrentSessionFilter)5 SessionRegistry (org.springframework.security.core.session.SessionRegistry)4 FilterChain (jakarta.servlet.FilterChain)3 MockFilterChain (org.springframework.mock.web.MockFilterChain)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 MockHttpSession (org.springframework.mock.web.MockHttpSession)3 SecurityContextLogoutHandler (org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler)2 SimpleRedirectSessionInformationExpiredStrategy (org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy)2 Date (java.util.Date)1 List (java.util.List)1 LogoutHandler (org.springframework.security.web.authentication.logout.LogoutHandler)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial