Search in sources :

Example 1 with ConcurrentSessionFilter

use of org.springframework.security.web.session.ConcurrentSessionFilter in project spring-security by spring-projects.

the class ConcurrentSessionFilterTests method doFilterWhenOverrideThenCustomRedirectStrategyUsed.

@Test
public void doFilterWhenOverrideThenCustomRedirectStrategyUsed() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpSession session = new MockHttpSession();
    request.setSession(session);
    MockHttpServletResponse response = new MockHttpServletResponse();
    RedirectStrategy redirect = mock(RedirectStrategy.class);
    SessionRegistry registry = mock(SessionRegistry.class);
    SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000));
    information.expireNow();
    when(registry.getSessionInformation(anyString())).thenReturn(information);
    final String expiredUrl = "/expired";
    ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl + "will-be-overrridden") {

        /* (non-Javadoc)
					 * @see org.springframework.security.web.session.ConcurrentSessionFilter#determineExpiredUrl(javax.servlet.http.HttpServletRequest, org.springframework.security.core.session.SessionInformation)
					 */
        @Override
        protected String determineExpiredUrl(HttpServletRequest request, SessionInformation info) {
            return expiredUrl;
        }
    };
    filter.setRedirectStrategy(redirect);
    filter.doFilter(request, response, new MockFilterChain());
    verify(redirect).sendRedirect(request, response, expiredUrl);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SessionInformation(org.springframework.security.core.session.SessionInformation) SessionRegistry(org.springframework.security.core.session.SessionRegistry) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpSession(org.springframework.mock.web.MockHttpSession) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) Matchers.anyString(org.mockito.Matchers.anyString) RedirectStrategy(org.springframework.security.web.RedirectStrategy) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Date(java.util.Date) Test(org.junit.Test)

Example 2 with ConcurrentSessionFilter

use of org.springframework.security.web.session.ConcurrentSessionFilter in project spring-security by spring-projects.

the class ConcurrentSessionFilterTests method doFilterWhenCustomRedirectStrategyThenCustomRedirectStrategyUsed.

@Test
public void doFilterWhenCustomRedirectStrategyThenCustomRedirectStrategyUsed() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpSession session = new MockHttpSession();
    request.setSession(session);
    MockHttpServletResponse response = new MockHttpServletResponse();
    RedirectStrategy redirect = mock(RedirectStrategy.class);
    SessionRegistry registry = mock(SessionRegistry.class);
    SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000));
    information.expireNow();
    when(registry.getSessionInformation(anyString())).thenReturn(information);
    String expiredUrl = "/expired";
    ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl);
    filter.setRedirectStrategy(redirect);
    filter.doFilter(request, response, new MockFilterChain());
    verify(redirect).sendRedirect(request, response, expiredUrl);
}
Also used : SessionInformation(org.springframework.security.core.session.SessionInformation) SessionRegistry(org.springframework.security.core.session.SessionRegistry) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpSession(org.springframework.mock.web.MockHttpSession) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) Matchers.anyString(org.mockito.Matchers.anyString) RedirectStrategy(org.springframework.security.web.RedirectStrategy) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Date(java.util.Date) Test(org.junit.Test)

Example 3 with ConcurrentSessionFilter

use of org.springframework.security.web.session.ConcurrentSessionFilter in project spring-security by spring-projects.

the class ConcurrentSessionFilterTests method doFilterWhenCustomLogoutHandlersThenHandlersUsed.

@Test
public void doFilterWhenCustomLogoutHandlersThenHandlersUsed() throws Exception {
    LogoutHandler handler = mock(LogoutHandler.class);
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpSession session = new MockHttpSession();
    request.setSession(session);
    MockHttpServletResponse response = new MockHttpServletResponse();
    SessionRegistry registry = mock(SessionRegistry.class);
    SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000));
    information.expireNow();
    when(registry.getSessionInformation(anyString())).thenReturn(information);
    ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
    filter.setLogoutHandlers(new LogoutHandler[] { handler });
    filter.doFilter(request, response, new MockFilterChain());
    verify(handler).logout(eq(request), eq(response), any(Authentication.class));
}
Also used : SessionInformation(org.springframework.security.core.session.SessionInformation) SessionRegistry(org.springframework.security.core.session.SessionRegistry) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) MockHttpSession(org.springframework.mock.web.MockHttpSession) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) SecurityContextLogoutHandler(org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Date(java.util.Date) Test(org.junit.Test)

Example 4 with ConcurrentSessionFilter

use of org.springframework.security.web.session.ConcurrentSessionFilter in project spring-security by spring-projects.

the class ConcurrentSessionFilterTests method returnsExpectedMessageWhenNoExpiredUrlSet.

// As above, but with no expiredUrl set.
@Test
public void returnsExpectedMessageWhenNoExpiredUrlSet() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpSession session = new MockHttpSession();
    request.setSession(session);
    MockHttpServletResponse response = new MockHttpServletResponse();
    SessionRegistry registry = new SessionRegistryImpl();
    registry.registerNewSession(session.getId(), "principal");
    registry.getSessionInformation(session.getId()).expireNow();
    ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
    FilterChain fc = mock(FilterChain.class);
    filter.doFilter(request, response, fc);
    verifyZeroInteractions(fc);
    assertThat(response.getContentAsString()).isEqualTo("This session has been expired (possibly due to multiple concurrent logins being " + "attempted as the same user).");
}
Also used : SessionRegistry(org.springframework.security.core.session.SessionRegistry) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SessionRegistryImpl(org.springframework.security.core.session.SessionRegistryImpl) FilterChain(javax.servlet.FilterChain) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpSession(org.springframework.mock.web.MockHttpSession) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 5 with ConcurrentSessionFilter

use of org.springframework.security.web.session.ConcurrentSessionFilter in project spring-security by spring-projects.

the class ConcurrentSessionFilterTests method doFilterWhenNoSessionThenChainIsContinued.

@Test
public void doFilterWhenNoSessionThenChainIsContinued() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    RedirectStrategy redirect = mock(RedirectStrategy.class);
    SessionRegistry registry = mock(SessionRegistry.class);
    SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000));
    information.expireNow();
    when(registry.getSessionInformation(anyString())).thenReturn(information);
    String expiredUrl = "/expired";
    ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl);
    filter.setRedirectStrategy(redirect);
    MockFilterChain chain = new MockFilterChain();
    filter.doFilter(request, response, chain);
    assertThat(chain.getRequest()).isNotNull();
}
Also used : SessionInformation(org.springframework.security.core.session.SessionInformation) SessionRegistry(org.springframework.security.core.session.SessionRegistry) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) Matchers.anyString(org.mockito.Matchers.anyString) RedirectStrategy(org.springframework.security.web.RedirectStrategy) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Date(java.util.Date) Test(org.junit.Test)

Aggregations

ConcurrentSessionFilter (org.springframework.security.web.session.ConcurrentSessionFilter)13 Test (org.junit.Test)11 SessionRegistry (org.springframework.security.core.session.SessionRegistry)10 MockFilterChain (org.springframework.mock.web.MockFilterChain)9 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)9 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)9 MockHttpSession (org.springframework.mock.web.MockHttpSession)8 Date (java.util.Date)6 SessionInformation (org.springframework.security.core.session.SessionInformation)5 SessionRegistryImpl (org.springframework.security.core.session.SessionRegistryImpl)5 Matchers.anyString (org.mockito.Matchers.anyString)4 RedirectStrategy (org.springframework.security.web.RedirectStrategy)4 FilterChain (javax.servlet.FilterChain)3 SimpleRedirectSessionInformationExpiredStrategy (org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy)3 SecurityContextLogoutHandler (org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 AuthenticationTrustResolver (org.springframework.security.authentication.AuthenticationTrustResolver)1 Authentication (org.springframework.security.core.Authentication)1 AuthenticationFailureHandler (org.springframework.security.web.authentication.AuthenticationFailureHandler)1 SimpleUrlAuthenticationFailureHandler (org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)1