Example 1 with SimpleRedirectSessionInformationExpiredStrategy
use of org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy in project spring-security by spring-projects.
the class ConcurrentSessionFilterTests method detectsExpiredSessions.
@Test
public void detectsExpiredSessions() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpSession session = new MockHttpSession();
request.setSession(session);
MockHttpServletResponse response = new MockHttpServletResponse();
SessionRegistry registry = new SessionRegistryImpl();
registry.registerNewSession(session.getId(), "principal");
registry.getSessionInformation(session.getId()).expireNow();
// Setup our test fixture and registry to want this session to be expired
SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy("/expired.jsp");
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredSessionStrategy);
filter.setLogoutHandlers(new LogoutHandler[] { new SecurityContextLogoutHandler() });
filter.afterPropertiesSet();
FilterChain fc = mock(FilterChain.class);
filter.doFilter(request, response, fc);
// Expect that the filter chain will not be invoked, as we redirect to expiredUrl
verifyZeroInteractions(fc);
assertThat(response.getRedirectedUrl()).isEqualTo("/expired.jsp");
}
Also used :
SecurityContextLogoutHandler(org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler)
SimpleRedirectSessionInformationExpiredStrategy(org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy)
SessionRegistry(org.springframework.security.core.session.SessionRegistry)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
SessionRegistryImpl(org.springframework.security.core.session.SessionRegistryImpl)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
FilterChain(jakarta.servlet.FilterChain)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 2 with SimpleRedirectSessionInformationExpiredStrategy
use of org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy in project spring-security by spring-projects.
the class ConcurrentSessionFilterTests method lastRequestTimeUpdatesCorrectly.
@Test
public void lastRequestTimeUpdatesCorrectly() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpSession session = new MockHttpSession();
request.setSession(session);
MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain fc = mock(FilterChain.class);
// Setup our test fixture
SessionRegistry registry = new SessionRegistryImpl();
registry.registerNewSession(session.getId(), "principal");
SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy("/expired.jsp");
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredSessionStrategy);
Date lastRequest = registry.getSessionInformation(session.getId()).getLastRequest();
Thread.sleep(1000);
filter.doFilter(request, response, fc);
verify(fc).doFilter(request, response);
assertThat(registry.getSessionInformation(session.getId()).getLastRequest().after(lastRequest)).isTrue();
}
Also used :
SimpleRedirectSessionInformationExpiredStrategy(org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy)
SessionRegistry(org.springframework.security.core.session.SessionRegistry)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
SessionRegistryImpl(org.springframework.security.core.session.SessionRegistryImpl)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
FilterChain(jakarta.servlet.FilterChain)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Date(java.util.Date)
Test(org.junit.jupiter.api.Test)
Aggregations
FilterChain (jakarta.servlet.FilterChain)2
Test (org.junit.jupiter.api.Test)2
MockFilterChain (org.springframework.mock.web.MockFilterChain)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2
MockHttpSession (org.springframework.mock.web.MockHttpSession)2
SessionRegistry (org.springframework.security.core.session.SessionRegistry)2
SessionRegistryImpl (org.springframework.security.core.session.SessionRegistryImpl)2
ConcurrentSessionFilter (org.springframework.security.web.session.ConcurrentSessionFilter)2
SimpleRedirectSessionInformationExpiredStrategy (org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy)2
Date (java.util.Date)1
SecurityContextLogoutHandler (org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler)1
