Expire as many sessions as exceed maximum allowed

Fixes: gh-7166
This commit is contained in:
Eleftheria Stein
2019-08-13 17:09:04 -04:00
committed by Rob Winch
parent 71444ff5dc
commit 4bc231872f
2 changed files with 31 additions and 15 deletions

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2013 the original author or authors.
* Copyright 2002-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -134,6 +134,25 @@ public class ConcurrentSessionControlAuthenticationStrategyTests {
assertThat(sessionInformation.isExpired()).isTrue();
}
@Test
public void onAuthenticationWhenMaxSessionsExceededByTwoThenTwoSessionsExpired() {
SessionInformation oldestSessionInfo = new SessionInformation(
authentication.getPrincipal(), "unique1", new Date(1374766134214L));
SessionInformation secondOldestSessionInfo = new SessionInformation(
authentication.getPrincipal(), "unique2", new Date(1374766134215L));
when(sessionRegistry.getAllSessions(any(), anyBoolean())).thenReturn(
Arrays.<SessionInformation> asList(oldestSessionInfo,
secondOldestSessionInfo,
sessionInformation));
strategy.setMaximumSessions(2);
strategy.onAuthentication(authentication, request, response);
assertThat(oldestSessionInfo.isExpired()).isTrue();
assertThat(secondOldestSessionInfo.isExpired()).isTrue();
assertThat(sessionInformation.isExpired()).isFalse();
}
@Test(expected = IllegalArgumentException.class)
public void setMessageSourceNull() {
strategy.setMessageSource(null);