currentSession saved on HttpServletRequest attribute

Previously, if the following happened:

* New Session Created
* Exception thrown
* Exception processed by error handler within Servlet
* Error Handler used a session

The result would be two sessions were created. This means the
data from the first session was also lost. This happend
because ERROR dispatch is a separate Filter invocation where
the request is no longer wrapped.

This commit ensures that currentSession is saved on a
HttpServletRequest attribute so that the ERROR dispatch sees
that a session was already created.

Fixes: gh-229
This commit is contained in:
Rob Winch
2015-07-27 16:52:33 -05:00
parent 8929e85fb1
commit 3d93f2cf56
2 changed files with 49 additions and 7 deletions

View File

@@ -67,6 +67,8 @@ public class SessionRepositoryFilterTests {
@Mock
private HttpSessionStrategy strategy;
private Map<String, ExpiringSession> sessions;
private SessionRepository<ExpiringSession> sessionRepository;
private SessionRepositoryFilter<ExpiringSession> filter;
@@ -79,7 +81,8 @@ public class SessionRepositoryFilterTests {
@Before
public void setup() throws Exception {
sessionRepository = new MapSessionRepository();
sessions = new HashMap<String, ExpiringSession>();
sessionRepository = new MapSessionRepository(sessions);
filter = new SessionRepositoryFilter<ExpiringSession>(sessionRepository);
setupRequest();
}
@@ -558,6 +561,28 @@ public class SessionRepositoryFilterTests {
});
}
// gh-229
@Test
public void doFilterGetSessionGetSessionOnError() throws Exception {
doFilter(new DoInFilter() {
@Override
public void doFilter(HttpServletRequest wrappedRequest) {
wrappedRequest.getSession().setAttribute("a", "b");
}
});
// reuse the same request similar to processing an ERROR dispatch
doFilter(new DoInFilter() {
@Override
public void doFilter(HttpServletRequest wrappedRequest) {
assertThat(wrappedRequest.getSession(false)).isNotNull();
}
});
assertThat(this.sessions.size()).isEqualTo(1);
}
@Test
public void doFilterCookieSecuritySettings() throws Exception {
request.setSecure(true);