SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted.

This commit is contained in:
Luke Taylor
2011-07-14 16:29:43 +01:00
parent ac3d8b25f2
commit a1c714cff4
8 changed files with 101 additions and 33 deletions

View File

@@ -121,7 +121,6 @@ public class SessionManagementFilterTests {
SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
SessionManagementFilter filter = new SessionManagementFilter(repo);
filter.setSessionAuthenticationStrategy(strategy);
filter.setRedirectStrategy(new DefaultRedirectStrategy());
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestedSessionId("xxx");
request.setRequestedSessionIdValid(false);
@@ -134,7 +133,9 @@ public class SessionManagementFilterTests {
request = new MockHttpServletRequest();
request.setRequestedSessionId("xxx");
request.setRequestedSessionIdValid(false);
filter.setInvalidSessionUrl("/timedOut");
SimpleRedirectInvalidSessionStrategy iss = new SimpleRedirectInvalidSessionStrategy("/timedOut");
iss.setCreateNewSession(true);
filter.setInvalidSessionStrategy(iss);
FilterChain fc = mock(FilterChain.class);
filter.doFilter(request, response, fc);
verifyZeroInteractions(fc);