diff --git a/src/integration-test/java/org/springframework/session/redis/RedisOperationsSessionRepositoryITests.java b/src/integration-test/java/org/springframework/session/redis/RedisOperationsSessionRepositoryITests.java index 057ee8e0..564287f6 100644 --- a/src/integration-test/java/org/springframework/session/redis/RedisOperationsSessionRepositoryITests.java +++ b/src/integration-test/java/org/springframework/session/redis/RedisOperationsSessionRepositoryITests.java @@ -30,98 +30,98 @@ import java.net.ServerSocket; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration public class RedisOperationsSessionRepositoryITests { - private RedisServer redisServer; + private RedisServer redisServer; - @Autowired - private SessionRepository repository; + @Autowired + private SessionRepository repository; - @Before - public void setup() throws IOException { - redisServer = new RedisServer(getPort()); - redisServer.start(); - } + @Before + public void setup() throws IOException { + redisServer = new RedisServer(getPort()); + redisServer.start(); + } - @After - public void shutdown() throws InterruptedException { - redisServer.stop(); - } + @After + public void shutdown() throws InterruptedException { + redisServer.stop(); + } - @Test - public void saves() { - Session toSave = repository.createSession(); - toSave.setAttribute("a", "b"); - Authentication toSaveToken = new UsernamePasswordAuthenticationToken("user","password", AuthorityUtils.createAuthorityList("ROLE_USER")); - SecurityContext toSaveContext = SecurityContextHolder.createEmptyContext(); - toSaveContext.setAuthentication(toSaveToken); - toSave.setAttribute("SPRING_SECURITY_CONTEXT", toSaveContext); + @Test + public void saves() { + Session toSave = repository.createSession(); + toSave.setAttribute("a", "b"); + Authentication toSaveToken = new UsernamePasswordAuthenticationToken("user","password", AuthorityUtils.createAuthorityList("ROLE_USER")); + SecurityContext toSaveContext = SecurityContextHolder.createEmptyContext(); + toSaveContext.setAuthentication(toSaveToken); + toSave.setAttribute("SPRING_SECURITY_CONTEXT", toSaveContext); - repository.save(toSave); + repository.save(toSave); - Session session = repository.getSession(toSave.getId()); + Session session = repository.getSession(toSave.getId()); - assertThat(session.getId()).isEqualTo(toSave.getId()); - assertThat(session.getAttributeNames()).isEqualTo(session.getAttributeNames()); - assertThat(session.getAttribute("a")).isEqualTo(toSave.getAttribute("a")); + assertThat(session.getId()).isEqualTo(toSave.getId()); + assertThat(session.getAttributeNames()).isEqualTo(session.getAttributeNames()); + assertThat(session.getAttribute("a")).isEqualTo(toSave.getAttribute("a")); - SecurityContext context = (SecurityContext) session.getAttribute("SPRING_SECURITY_CONTEXT"); + SecurityContext context = (SecurityContext) session.getAttribute("SPRING_SECURITY_CONTEXT"); - repository.delete(toSave.getId()); + repository.delete(toSave.getId()); - assertThat(repository.getSession(toSave.getId())).isNull(); - } + assertThat(repository.getSession(toSave.getId())).isNull(); + } - @Test - public void putAllOnSingleAttrDoesNotRemoveOld() { - Session toSave = repository.createSession(); - toSave.setAttribute("a", "b"); + @Test + public void putAllOnSingleAttrDoesNotRemoveOld() { + Session toSave = repository.createSession(); + toSave.setAttribute("a", "b"); - repository.save(toSave); - toSave = repository.getSession(toSave.getId()); + repository.save(toSave); + toSave = repository.getSession(toSave.getId()); - toSave.setAttribute("1", "2"); + toSave.setAttribute("1", "2"); - repository.save(toSave); - toSave = repository.getSession(toSave.getId()); + repository.save(toSave); + toSave = repository.getSession(toSave.getId()); - Session session = repository.getSession(toSave.getId()); - assertThat(session.getAttributeNames().size()).isEqualTo(2); - assertThat(session.getAttribute("a")).isEqualTo("b"); - assertThat(session.getAttribute("1")).isEqualTo("2"); - } + Session session = repository.getSession(toSave.getId()); + assertThat(session.getAttributeNames().size()).isEqualTo(2); + assertThat(session.getAttribute("a")).isEqualTo("b"); + assertThat(session.getAttribute("1")).isEqualTo("2"); + } - @Configuration - static class Config { - @Bean - public JedisConnectionFactory connectionFactory() throws Exception { - JedisConnectionFactory factory = new JedisConnectionFactory(); - factory.setPort(getPort()); - factory.setUsePool(false); - return factory; - } + @Configuration + static class Config { + @Bean + public JedisConnectionFactory connectionFactory() throws Exception { + JedisConnectionFactory factory = new JedisConnectionFactory(); + factory.setPort(getPort()); + factory.setUsePool(false); + return factory; + } - @Bean - public RedisTemplate redisTemplate(RedisConnectionFactory connectionFactory) { - RedisTemplate template = new RedisTemplate(); - template.setKeySerializer(new StringRedisSerializer()); - template.setHashKeySerializer(new StringRedisSerializer()); - template.setConnectionFactory(connectionFactory); - return template; - } + @Bean + public RedisTemplate redisTemplate(RedisConnectionFactory connectionFactory) { + RedisTemplate template = new RedisTemplate(); + template.setKeySerializer(new StringRedisSerializer()); + template.setHashKeySerializer(new StringRedisSerializer()); + template.setConnectionFactory(connectionFactory); + return template; + } - @Bean - public RedisOperationsSessionRepository sessionRepository(RedisTemplate redisTemplate) { - return new RedisOperationsSessionRepository(redisTemplate); - } - } + @Bean + public RedisOperationsSessionRepository sessionRepository(RedisTemplate redisTemplate) { + return new RedisOperationsSessionRepository(redisTemplate); + } + } - private static Integer availablePort; + private static Integer availablePort; - private static int getPort() throws IOException { - if(availablePort == null) { - ServerSocket socket = new ServerSocket(0); - availablePort = socket.getLocalPort(); - socket.close(); - } - return availablePort; - } + private static int getPort() throws IOException { + if(availablePort == null) { + ServerSocket socket = new ServerSocket(0); + availablePort = socket.getLocalPort(); + socket.close(); + } + return availablePort; + } } \ No newline at end of file diff --git a/src/main/java/org/springframework/session/redis/RedisOperationsSessionRepository.java b/src/main/java/org/springframework/session/redis/RedisOperationsSessionRepository.java index 05d09386..cc82b523 100644 --- a/src/main/java/org/springframework/session/redis/RedisOperationsSessionRepository.java +++ b/src/main/java/org/springframework/session/redis/RedisOperationsSessionRepository.java @@ -30,20 +30,20 @@ import java.util.concurrent.TimeUnit; * @author Rob Winch */ public class RedisOperationsSessionRepository implements SessionRepository { - private final String BOUNDED_HASH_KEY_PREFIX = "spring-security-sessions:"; - private final String CREATION_TIME_ATTR = "creationTime"; - private final String MAX_INACTIVE_ATTR = "maxInactiveInterval"; - private final String LAST_ACCESSED_ATTR = "lastAccessedTime"; - private final String SESSION_ATTR_PREFIX = "sessionAttr:"; + private final String BOUNDED_HASH_KEY_PREFIX = "spring-security-sessions:"; + private final String CREATION_TIME_ATTR = "creationTime"; + private final String MAX_INACTIVE_ATTR = "maxInactiveInterval"; + private final String LAST_ACCESSED_ATTR = "lastAccessedTime"; + private final String SESSION_ATTR_PREFIX = "sessionAttr:"; - private final RedisOperations redisTemplate; + private final RedisOperations redisTemplate; private Integer defaultMaxInactiveInterval; - public RedisOperationsSessionRepository(RedisOperations redisTemplate) { - this.redisTemplate = redisTemplate; - } + public RedisOperationsSessionRepository(RedisOperations redisTemplate) { + this.redisTemplate = redisTemplate; + } /** * Sets the maximum inactive interval in seconds between requests before newly created sessions will be @@ -56,130 +56,130 @@ public class RedisOperationsSessionRepository implements SessionRepository entries = getOperations(id).entries(); - if(entries.isEmpty()) { - return null; - } - MapSession loaded = new MapSession(); - loaded.setId(id); - for(Map.Entry entry : entries.entrySet()) { - String key = (String) entry.getKey(); - if(CREATION_TIME_ATTR.equals(key)) { - loaded.setCreationTime((Long) entry.getValue()); - } else if(MAX_INACTIVE_ATTR.equals(key)) { - loaded.setMaxInactiveInterval((Integer) entry.getValue()); - } else if(LAST_ACCESSED_ATTR.equals(key)) { - loaded.setLastAccessedTime((Long) entry.getValue()); - } else if(key.startsWith(SESSION_ATTR_PREFIX)) { - loaded.setAttribute(key.substring(SESSION_ATTR_PREFIX.length()), entry.getValue()); - } - } - return new RedisSession(loaded); - } + @Override + public Session getSession(String id) { + Map entries = getOperations(id).entries(); + if(entries.isEmpty()) { + return null; + } + MapSession loaded = new MapSession(); + loaded.setId(id); + for(Map.Entry entry : entries.entrySet()) { + String key = (String) entry.getKey(); + if(CREATION_TIME_ATTR.equals(key)) { + loaded.setCreationTime((Long) entry.getValue()); + } else if(MAX_INACTIVE_ATTR.equals(key)) { + loaded.setMaxInactiveInterval((Integer) entry.getValue()); + } else if(LAST_ACCESSED_ATTR.equals(key)) { + loaded.setLastAccessedTime((Long) entry.getValue()); + } else if(key.startsWith(SESSION_ATTR_PREFIX)) { + loaded.setAttribute(key.substring(SESSION_ATTR_PREFIX.length()), entry.getValue()); + } + } + return new RedisSession(loaded); + } - @Override - public void delete(String sessionId) { - String key = getKey(sessionId); - this.redisTemplate.delete(key); - } + @Override + public void delete(String sessionId) { + String key = getKey(sessionId); + this.redisTemplate.delete(key); + } - @Override - public RedisSession createSession() { + @Override + public RedisSession createSession() { RedisSession redisSession = new RedisSession(); if(defaultMaxInactiveInterval != null) { redisSession.setMaxInactiveInterval(defaultMaxInactiveInterval); } - return redisSession; - } + return redisSession; + } - private String getKey(String sessionId) { - return BOUNDED_HASH_KEY_PREFIX + sessionId; - } + private String getKey(String sessionId) { + return BOUNDED_HASH_KEY_PREFIX + sessionId; + } - private BoundHashOperations getOperations(String sessionId) { - String key = getKey(sessionId); - return this.redisTemplate.boundHashOps(key); - } + private BoundHashOperations getOperations(String sessionId) { + String key = getKey(sessionId); + return this.redisTemplate.boundHashOps(key); + } - class RedisSession implements Session { - private final MapSession cached; - private Map delta = new HashMap(); + class RedisSession implements Session { + private final MapSession cached; + private Map delta = new HashMap(); - private RedisSession() { - this(new MapSession()); - delta.put(CREATION_TIME_ATTR, getCreationTime()); - delta.put(MAX_INACTIVE_ATTR, getMaxInactiveInterval()); - delta.put(LAST_ACCESSED_ATTR, getLastAccessedTime()); - } + private RedisSession() { + this(new MapSession()); + delta.put(CREATION_TIME_ATTR, getCreationTime()); + delta.put(MAX_INACTIVE_ATTR, getMaxInactiveInterval()); + delta.put(LAST_ACCESSED_ATTR, getLastAccessedTime()); + } - private RedisSession(MapSession cached) { - this.cached = cached; - } + private RedisSession(MapSession cached) { + this.cached = cached; + } - @Override - public void setLastAccessedTime(long lastAccessedTime) { - cached.setLastAccessedTime(lastAccessedTime); - delta.put(LAST_ACCESSED_ATTR, getLastAccessedTime()); - } + @Override + public void setLastAccessedTime(long lastAccessedTime) { + cached.setLastAccessedTime(lastAccessedTime); + delta.put(LAST_ACCESSED_ATTR, getLastAccessedTime()); + } - @Override - public long getCreationTime() { - return cached.getCreationTime(); - } + @Override + public long getCreationTime() { + return cached.getCreationTime(); + } - @Override - public String getId() { - return cached.getId(); - } + @Override + public String getId() { + return cached.getId(); + } - @Override - public long getLastAccessedTime() { - return cached.getLastAccessedTime(); - } + @Override + public long getLastAccessedTime() { + return cached.getLastAccessedTime(); + } - @Override - public void setMaxInactiveInterval(int interval) { - cached.setMaxInactiveInterval(interval); - delta.put(MAX_INACTIVE_ATTR, getMaxInactiveInterval()); - } + @Override + public void setMaxInactiveInterval(int interval) { + cached.setMaxInactiveInterval(interval); + delta.put(MAX_INACTIVE_ATTR, getMaxInactiveInterval()); + } - @Override - public int getMaxInactiveInterval() { - return cached.getMaxInactiveInterval(); - } + @Override + public int getMaxInactiveInterval() { + return cached.getMaxInactiveInterval(); + } - @Override - public Object getAttribute(String attributeName) { - return cached.getAttribute(attributeName); - } + @Override + public Object getAttribute(String attributeName) { + return cached.getAttribute(attributeName); + } - @Override - public Set getAttributeNames() { - return cached.getAttributeNames(); - } + @Override + public Set getAttributeNames() { + return cached.getAttributeNames(); + } - @Override - public void setAttribute(String attributeName, Object attributeValue) { - cached.setAttribute(attributeName, attributeValue); - delta.put(SESSION_ATTR_PREFIX + attributeName, attributeValue); - } + @Override + public void setAttribute(String attributeName, Object attributeValue) { + cached.setAttribute(attributeName, attributeValue); + delta.put(SESSION_ATTR_PREFIX + attributeName, attributeValue); + } - @Override - public void removeAttribute(String attributeName) { - cached.removeAttribute(attributeName); - delta.put(SESSION_ATTR_PREFIX + attributeName, null); - } + @Override + public void removeAttribute(String attributeName) { + cached.removeAttribute(attributeName); + delta.put(SESSION_ATTR_PREFIX + attributeName, null); + } - private void saveDelta() { - getOperations(getId()).putAll(delta); - getOperations(getId()).expire(getMaxInactiveInterval(), TimeUnit.SECONDS); - delta.clear(); - } - } + private void saveDelta() { + getOperations(getId()).putAll(delta); + getOperations(getId()).expire(getMaxInactiveInterval(), TimeUnit.SECONDS); + delta.clear(); + } + } } diff --git a/src/test/java/org/springframework/session/MapSessionTests.java b/src/test/java/org/springframework/session/MapSessionTests.java index 175946f7..c24c5a54 100644 --- a/src/test/java/org/springframework/session/MapSessionTests.java +++ b/src/test/java/org/springframework/session/MapSessionTests.java @@ -9,98 +9,98 @@ import static org.fest.assertions.Assertions.assertThat; public class MapSessionTests { - private MapSession session; + private MapSession session; - @Before - public void setup() { - session = new MapSession(); - } + @Before + public void setup() { + session = new MapSession(); + } - @Test(expected = IllegalArgumentException.class) - public void constructorNullSession() { - new MapSession(null); - } + @Test(expected = IllegalArgumentException.class) + public void constructorNullSession() { + new MapSession(null); + } - /** - * Ensure conforms to the javadoc of {@link Session} - */ - @Test - public void setAttributeNullObjectRemoves() { - String attr = "attr"; - session.setAttribute(attr, new Object()); - session.setAttribute(attr, null); - assertThat(session.getAttributeNames()).isEmpty(); - } + /** + * Ensure conforms to the javadoc of {@link Session} + */ + @Test + public void setAttributeNullObjectRemoves() { + String attr = "attr"; + session.setAttribute(attr, new Object()); + session.setAttribute(attr, null); + assertThat(session.getAttributeNames()).isEmpty(); + } - @Test - public void equalsNonSessionFalse() { - assertThat(session.equals(new Object())).isFalse(); - } + @Test + public void equalsNonSessionFalse() { + assertThat(session.equals(new Object())).isFalse(); + } - @Test - public void equalsCustomSession() { - CustomSession other = new CustomSession(); - session.setId(other.getId()); - assertThat(session.equals(other)).isTrue(); - } + @Test + public void equalsCustomSession() { + CustomSession other = new CustomSession(); + session.setId(other.getId()); + assertThat(session.equals(other)).isTrue(); + } - @Test - public void hashCodeEqualsIdHashCode() { - session.setId("constantId"); - assertThat(session.hashCode()).isEqualTo(session.getId().hashCode()); - } + @Test + public void hashCodeEqualsIdHashCode() { + session.setId("constantId"); + assertThat(session.hashCode()).isEqualTo(session.getId().hashCode()); + } - static class CustomSession implements Session { + static class CustomSession implements Session { - @Override - public void setLastAccessedTime(long lastAccessedTime) { + @Override + public void setLastAccessedTime(long lastAccessedTime) { - } + } - @Override - public long getCreationTime() { - return 0; - } + @Override + public long getCreationTime() { + return 0; + } - @Override - public String getId() { - return "id"; - } + @Override + public String getId() { + return "id"; + } - @Override - public long getLastAccessedTime() { - return 0; - } + @Override + public long getLastAccessedTime() { + return 0; + } - @Override - public void setMaxInactiveInterval(int interval) { + @Override + public void setMaxInactiveInterval(int interval) { - } + } - @Override - public int getMaxInactiveInterval() { - return 0; - } + @Override + public int getMaxInactiveInterval() { + return 0; + } - @Override - public Object getAttribute(String attributeName) { - return null; - } + @Override + public Object getAttribute(String attributeName) { + return null; + } - @Override - public Set getAttributeNames() { - return null; - } + @Override + public Set getAttributeNames() { + return null; + } - @Override - public void setAttribute(String attributeName, Object attributeValue) { + @Override + public void setAttribute(String attributeName, Object attributeValue) { - } + } - @Override - public void removeAttribute(String attributeName) { + @Override + public void removeAttribute(String attributeName) { - } - } + } + } } \ No newline at end of file diff --git a/src/test/java/org/springframework/session/web/CookieHttpSessionStrategyTests.java b/src/test/java/org/springframework/session/web/CookieHttpSessionStrategyTests.java index c318242e..545d13a2 100644 --- a/src/test/java/org/springframework/session/web/CookieHttpSessionStrategyTests.java +++ b/src/test/java/org/springframework/session/web/CookieHttpSessionStrategyTests.java @@ -12,99 +12,99 @@ import org.springframework.session.Session; import javax.servlet.http.Cookie; public class CookieHttpSessionStrategyTests { - private MockHttpServletRequest request; - private MockHttpServletResponse response; + private MockHttpServletRequest request; + private MockHttpServletResponse response; - private CookieHttpSessionStrategy strategy; - private String cookieName; - private Session session; + private CookieHttpSessionStrategy strategy; + private String cookieName; + private Session session; - @Before - public void setup() throws Exception { - cookieName = "SESSION"; - session = new MapSession(); - request = new MockHttpServletRequest(); - response = new MockHttpServletResponse(); - strategy = new CookieHttpSessionStrategy(); - } + @Before + public void setup() throws Exception { + cookieName = "SESSION"; + session = new MapSession(); + request = new MockHttpServletRequest(); + response = new MockHttpServletResponse(); + strategy = new CookieHttpSessionStrategy(); + } - @Test - public void getRequestedSessionIdNull() throws Exception { - assertThat(strategy.getRequestedSessionId(request)).isNull(); - } + @Test + public void getRequestedSessionIdNull() throws Exception { + assertThat(strategy.getRequestedSessionId(request)).isNull(); + } - @Test - public void getRequestedSessionIdNotNull() throws Exception { - setSessionId(session.getId()); - assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId()); - } + @Test + public void getRequestedSessionIdNotNull() throws Exception { + setSessionId(session.getId()); + assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId()); + } - @Test - public void getRequestedSessionIdNotNullCustomCookieName() throws Exception { - setCookieName("CUSTOM"); - setSessionId(session.getId()); - assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId()); - } + @Test + public void getRequestedSessionIdNotNullCustomCookieName() throws Exception { + setCookieName("CUSTOM"); + setSessionId(session.getId()); + assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId()); + } - @Test - public void onNewSession() throws Exception { - strategy.onNewSession(session, request, response); - assertThat(getSessionId()).isEqualTo(session.getId()); - } + @Test + public void onNewSession() throws Exception { + strategy.onNewSession(session, request, response); + assertThat(getSessionId()).isEqualTo(session.getId()); + } - @Test - public void onNewSessionCookiePath() throws Exception { - request.setContextPath("/somethingunique"); - strategy.onNewSession(session, request, response); + @Test + public void onNewSessionCookiePath() throws Exception { + request.setContextPath("/somethingunique"); + strategy.onNewSession(session, request, response); - Cookie sessionCookie = response.getCookie(cookieName); - assertThat(sessionCookie.getPath()).isEqualTo(request.getContextPath() + "/"); - } + Cookie sessionCookie = response.getCookie(cookieName); + assertThat(sessionCookie.getPath()).isEqualTo(request.getContextPath() + "/"); + } - @Test - public void onNewSessionCustomCookieName() throws Exception { - setCookieName("CUSTOM"); - strategy.onNewSession(session, request, response); - assertThat(getSessionId()).isEqualTo(session.getId()); - } + @Test + public void onNewSessionCustomCookieName() throws Exception { + setCookieName("CUSTOM"); + strategy.onNewSession(session, request, response); + assertThat(getSessionId()).isEqualTo(session.getId()); + } - @Test - public void onDeleteSession() throws Exception { - strategy.onInvalidateSession(request, response); - assertThat(getSessionId()).isEmpty(); - } + @Test + public void onDeleteSession() throws Exception { + strategy.onInvalidateSession(request, response); + assertThat(getSessionId()).isEmpty(); + } - @Test - public void onDeleteSessionCookiePath() throws Exception { - request.setContextPath("/somethingunique"); - strategy.onInvalidateSession(request, response); + @Test + public void onDeleteSessionCookiePath() throws Exception { + request.setContextPath("/somethingunique"); + strategy.onInvalidateSession(request, response); - Cookie sessionCookie = response.getCookie(cookieName); - assertThat(sessionCookie.getPath()).isEqualTo(request.getContextPath() + "/"); - } + Cookie sessionCookie = response.getCookie(cookieName); + assertThat(sessionCookie.getPath()).isEqualTo(request.getContextPath() + "/"); + } - @Test - public void onDeleteSessionCustomCookieName() throws Exception { - setCookieName("CUSTOM"); - strategy.onInvalidateSession(request, response); - assertThat(getSessionId()).isEmpty(); - } + @Test + public void onDeleteSessionCustomCookieName() throws Exception { + setCookieName("CUSTOM"); + strategy.onInvalidateSession(request, response); + assertThat(getSessionId()).isEmpty(); + } - @Test(expected = IllegalArgumentException.class) - public void setCookieNameNull() throws Exception { - strategy.setCookieName(null); - } + @Test(expected = IllegalArgumentException.class) + public void setCookieNameNull() throws Exception { + strategy.setCookieName(null); + } - public void setCookieName(String cookieName) { - strategy.setCookieName(cookieName); - this.cookieName = cookieName; - } + public void setCookieName(String cookieName) { + strategy.setCookieName(cookieName); + this.cookieName = cookieName; + } - public void setSessionId(String id) { - request.setCookies(new Cookie(cookieName, id)); - } + public void setSessionId(String id) { + request.setCookies(new Cookie(cookieName, id)); + } - public String getSessionId() { - return response.getCookie(cookieName).getValue(); - } + public String getSessionId() { + return response.getCookie(cookieName).getValue(); + } } \ No newline at end of file diff --git a/src/test/java/org/springframework/session/web/HeaderSessionStrategyTests.java b/src/test/java/org/springframework/session/web/HeaderSessionStrategyTests.java index edf0eae8..83ad62f5 100644 --- a/src/test/java/org/springframework/session/web/HeaderSessionStrategyTests.java +++ b/src/test/java/org/springframework/session/web/HeaderSessionStrategyTests.java @@ -10,81 +10,81 @@ import org.springframework.session.Session; import static org.fest.assertions.Assertions.assertThat; public class HeaderSessionStrategyTests { - private MockHttpServletRequest request; - private MockHttpServletResponse response; + private MockHttpServletRequest request; + private MockHttpServletResponse response; - private HeaderHttpSessionStrategy strategy; - private String headerName; - private Session session; + private HeaderHttpSessionStrategy strategy; + private String headerName; + private Session session; - @Before - public void setup() throws Exception { - headerName = "x-auth-token"; - session = new MapSession(); - request = new MockHttpServletRequest(); - response = new MockHttpServletResponse(); - strategy = new HeaderHttpSessionStrategy(); - } + @Before + public void setup() throws Exception { + headerName = "x-auth-token"; + session = new MapSession(); + request = new MockHttpServletRequest(); + response = new MockHttpServletResponse(); + strategy = new HeaderHttpSessionStrategy(); + } - @Test - public void getRequestedSessionIdNull() throws Exception { - assertThat(strategy.getRequestedSessionId(request)).isNull(); - } + @Test + public void getRequestedSessionIdNull() throws Exception { + assertThat(strategy.getRequestedSessionId(request)).isNull(); + } - @Test - public void getRequestedSessionIdNotNull() throws Exception { - setSessionId(session.getId()); - assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId()); - } + @Test + public void getRequestedSessionIdNotNull() throws Exception { + setSessionId(session.getId()); + assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId()); + } - @Test - public void getRequestedSessionIdNotNullCustomHeaderName() throws Exception { - setHeaderName("CUSTOM"); - setSessionId(session.getId()); - assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId()); - } + @Test + public void getRequestedSessionIdNotNullCustomHeaderName() throws Exception { + setHeaderName("CUSTOM"); + setSessionId(session.getId()); + assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId()); + } - @Test - public void onNewSession() throws Exception { - strategy.onNewSession(session, request, response); - assertThat(getSessionId()).isEqualTo(session.getId()); - } + @Test + public void onNewSession() throws Exception { + strategy.onNewSession(session, request, response); + assertThat(getSessionId()).isEqualTo(session.getId()); + } - @Test - public void onNewSessionCustomHeaderName() throws Exception { - setHeaderName("CUSTOM"); - strategy.onNewSession(session, request, response); - assertThat(getSessionId()).isEqualTo(session.getId()); - } + @Test + public void onNewSessionCustomHeaderName() throws Exception { + setHeaderName("CUSTOM"); + strategy.onNewSession(session, request, response); + assertThat(getSessionId()).isEqualTo(session.getId()); + } - @Test - public void onDeleteSession() throws Exception { - strategy.onInvalidateSession(request, response); - assertThat(getSessionId()).isEmpty(); - } + @Test + public void onDeleteSession() throws Exception { + strategy.onInvalidateSession(request, response); + assertThat(getSessionId()).isEmpty(); + } - @Test - public void onDeleteSessionCustomHeaderName() throws Exception { - setHeaderName("CUSTOM"); - strategy.onInvalidateSession(request, response); - assertThat(getSessionId()).isEmpty(); - } + @Test + public void onDeleteSessionCustomHeaderName() throws Exception { + setHeaderName("CUSTOM"); + strategy.onInvalidateSession(request, response); + assertThat(getSessionId()).isEmpty(); + } - @Test(expected = IllegalArgumentException.class) - public void setHeaderNameNull() throws Exception { - strategy.setHeaderName(null); - } + @Test(expected = IllegalArgumentException.class) + public void setHeaderNameNull() throws Exception { + strategy.setHeaderName(null); + } - public void setHeaderName(String headerName) { - strategy.setHeaderName(headerName); - this.headerName = headerName; - } + public void setHeaderName(String headerName) { + strategy.setHeaderName(headerName); + this.headerName = headerName; + } - public void setSessionId(String id) { - request.addHeader(headerName, id); - } + public void setSessionId(String id) { + request.addHeader(headerName, id); + } - public String getSessionId() { - return response.getHeader(headerName); - } + public String getSessionId() { + return response.getHeader(headerName); + } } \ No newline at end of file diff --git a/src/test/java/org/springframework/session/web/OncePerRequestFilterTests.java b/src/test/java/org/springframework/session/web/OncePerRequestFilterTests.java index a155ed98..5626de46 100644 --- a/src/test/java/org/springframework/session/web/OncePerRequestFilterTests.java +++ b/src/test/java/org/springframework/session/web/OncePerRequestFilterTests.java @@ -18,56 +18,56 @@ import java.util.List; import static org.fest.assertions.Assertions.*; public class OncePerRequestFilterTests { - private MockHttpServletRequest request; - private MockHttpServletResponse response; - private MockFilterChain chain; - private OncePerRequestFilter filter; - private HttpServlet servlet; + private MockHttpServletRequest request; + private MockHttpServletResponse response; + private MockFilterChain chain; + private OncePerRequestFilter filter; + private HttpServlet servlet; - private List invocations; + private List invocations; - @Before - public void setup() { - servlet = new HttpServlet() {}; - request = new MockHttpServletRequest(); - response = new MockHttpServletResponse(); - chain = new MockFilterChain(); - invocations = new ArrayList(); - filter = new OncePerRequestFilter() { - @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { - invocations.add(this); - filterChain.doFilter(request, response); - } - }; - } + @Before + public void setup() { + servlet = new HttpServlet() {}; + request = new MockHttpServletRequest(); + response = new MockHttpServletResponse(); + chain = new MockFilterChain(); + invocations = new ArrayList(); + filter = new OncePerRequestFilter() { + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + invocations.add(this); + filterChain.doFilter(request, response); + } + }; + } - @Test - public void doFilterOnce() throws ServletException, IOException { - filter.doFilter(request, response, chain); + @Test + public void doFilterOnce() throws ServletException, IOException { + filter.doFilter(request, response, chain); - assertThat(invocations).containsOnly(filter); - } + assertThat(invocations).containsOnly(filter); + } - @Test - public void doFilterMultiOnlyIvokesOnce() throws ServletException, IOException { - filter.doFilter(request, response, new MockFilterChain(servlet, filter)); + @Test + public void doFilterMultiOnlyIvokesOnce() throws ServletException, IOException { + filter.doFilter(request, response, new MockFilterChain(servlet, filter)); - assertThat(invocations).containsOnly(filter); - } + assertThat(invocations).containsOnly(filter); + } - @Test - public void doFilterOtherSubclassInvoked() throws ServletException, IOException { - OncePerRequestFilter filter2 = new OncePerRequestFilter() { - @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { - invocations.add(this); - filterChain.doFilter(request, response); - } - }; - filter.doFilter(request, response, new MockFilterChain(servlet, filter2)); + @Test + public void doFilterOtherSubclassInvoked() throws ServletException, IOException { + OncePerRequestFilter filter2 = new OncePerRequestFilter() { + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + invocations.add(this); + filterChain.doFilter(request, response); + } + }; + filter.doFilter(request, response, new MockFilterChain(servlet, filter2)); - assertThat(invocations).containsOnly(filter, filter2); - } + assertThat(invocations).containsOnly(filter, filter2); + } } \ No newline at end of file diff --git a/src/test/java/org/springframework/session/web/SessionRepositoryFilterTests.java b/src/test/java/org/springframework/session/web/SessionRepositoryFilterTests.java index b931a6cd..dab21edd 100644 --- a/src/test/java/org/springframework/session/web/SessionRepositoryFilterTests.java +++ b/src/test/java/org/springframework/session/web/SessionRepositoryFilterTests.java @@ -21,862 +21,862 @@ import static org.fest.assertions.Assertions.assertThat; import static org.junit.Assert.fail; public class SessionRepositoryFilterTests { - private final static String SESSION_ATTR_NAME = HttpSession.class.getName(); - - private SessionRepository sessionRepository; - - private SessionRepositoryFilter filter; - - private MockHttpServletRequest request; - - private MockHttpServletResponse response; - - private MockFilterChain chain; - - @Before - public void setup() throws Exception { - sessionRepository = new MapSessionRepository(); - filter = new SessionRepositoryFilter(sessionRepository); - request = new MockHttpServletRequest(); - response = new MockHttpServletResponse(); - chain = new MockFilterChain(); - } - - @Test - public void doFilterCreateDate() throws Exception { - final String CREATE_ATTR = "create"; - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - long creationTime = wrappedRequest.getSession().getCreationTime(); - long now = System.currentTimeMillis(); - assertThat(now - creationTime).isGreaterThanOrEqualTo(0).isLessThan(5000); - request.setAttribute(CREATE_ATTR, creationTime); - } - }); - - final long expectedCreationTime = (Long) request.getAttribute(CREATE_ATTR); - Thread.sleep(50L); - setupSession(); - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - long creationTime = wrappedRequest.getSession().getCreationTime(); - - assertThat(creationTime).isEqualTo(expectedCreationTime); - } - }); - } - - @Test - public void doFilterLastAccessedTime() throws Exception { - final String ACCESS_ATTR = "create"; - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - long lastAccessed = wrappedRequest.getSession().getLastAccessedTime(); - assertThat(lastAccessed).isEqualTo(wrappedRequest.getSession().getCreationTime()); - request.setAttribute(ACCESS_ATTR, lastAccessed); - } - }); - - final long creationTime = (Long) request.getAttribute(ACCESS_ATTR); - Thread.sleep(10L); - setupSession(); - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - long lastAccessed = wrappedRequest.getSession().getLastAccessedTime(); - - assertThat(lastAccessed).isGreaterThan(wrappedRequest.getSession().getCreationTime()); - } - }); - } - - @Test - public void doFilterId() throws Exception { - final String ID_ATTR = "create"; - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - String id = wrappedRequest.getSession().getId(); - assertThat(id).isNotNull(); - assertThat(wrappedRequest.getSession().getId()).isEqualTo(id); - request.setAttribute(ID_ATTR, id); - } - }); - - final String id = (String) request.getAttribute(ID_ATTR); - assertThat(getSessionCookie().getValue()).isEqualTo(id); - setSessionCookie(id); - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - assertThat(wrappedRequest.getSession().getId()).isEqualTo(id); - } - }); - } - - @Test - public void doFilterIdChanges() throws Exception { - final String ID_ATTR = "create"; - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - String id = wrappedRequest.getSession().getId(); - request.setAttribute(ID_ATTR, id); - } - }); - - final String id = (String) request.getAttribute(ID_ATTR); - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - assertThat(wrappedRequest.getSession().getId()).isNotEqualTo(id); - } - }); - } - - @Test - public void doFilterServletContext() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - ServletContext context = wrappedRequest.getSession().getServletContext(); - assertThat(context).isSameAs(wrappedRequest.getServletContext()); - } - }); - } - - @Test - public void doFilterMaxInactiveIntervalDefault() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - int interval = wrappedRequest.getSession().getMaxInactiveInterval(); - assertThat(interval).isEqualTo(1800); // 30 minute default (same as Tomcat) - } - }); - } - - @Test - public void doFilterMaxInactiveIntervalOverride() throws Exception { - final int interval = 600; - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - wrappedRequest.getSession().setMaxInactiveInterval(interval); - assertThat(wrappedRequest.getSession().getMaxInactiveInterval()).isEqualTo(interval); - } - }); - - setupSession(); - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - assertThat(wrappedRequest.getSession().getMaxInactiveInterval()).isEqualTo(interval); - } - }); - } - - @Test - public void doFilterAttribute() throws Exception { - final String ATTR = "ATTR"; - final String VALUE = "VALUE"; - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - wrappedRequest.getSession().setAttribute(ATTR, VALUE); - assertThat(wrappedRequest.getSession().getAttribute(ATTR)).isEqualTo(VALUE); - assertThat(Collections.list(wrappedRequest.getSession().getAttributeNames())).containsOnly(ATTR); - } - }); - - setupSession(); - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - assertThat(wrappedRequest.getSession().getAttribute(ATTR)).isEqualTo(VALUE); - assertThat(Collections.list(wrappedRequest.getSession().getAttributeNames())).containsOnly(ATTR); - } - }); - - setupSession(); - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - assertThat(wrappedRequest.getSession().getAttribute(ATTR)).isEqualTo(VALUE); - - wrappedRequest.getSession().removeAttribute(ATTR); - - assertThat(wrappedRequest.getSession().getAttribute(ATTR)).isNull(); - } - }); - - setupSession(); - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - assertThat(wrappedRequest.getSession().getAttribute(ATTR)).isNull(); - } - }); - } - - @Test - public void doFilterValue() throws Exception { - final String ATTR = "ATTR"; - final String VALUE = "VALUE"; - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - wrappedRequest.getSession().putValue(ATTR, VALUE); - assertThat(wrappedRequest.getSession().getValue(ATTR)).isEqualTo(VALUE); - assertThat(Arrays.asList(wrappedRequest.getSession().getValueNames())).containsOnly(ATTR); - } - }); - - setupSession(); - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - assertThat(wrappedRequest.getSession().getValue(ATTR)).isEqualTo(VALUE); - assertThat(Arrays.asList(wrappedRequest.getSession().getValueNames())).containsOnly(ATTR); - } - }); - - setupSession(); - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - assertThat(wrappedRequest.getSession().getValue(ATTR)).isEqualTo(VALUE); - - wrappedRequest.getSession().removeValue(ATTR); - - assertThat(wrappedRequest.getSession().getValue(ATTR)).isNull(); - } - }); - - setupSession(); - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - assertThat(wrappedRequest.getSession().getValue(ATTR)).isNull(); - } - }); - } - - @Test - public void doFilterIsNewTrue() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - assertThat(wrappedRequest.getSession().isNew()).isTrue(); - assertThat(wrappedRequest.getSession().isNew()).isTrue(); - } - }); - } - - @Test - public void doFilterIsNewFalse() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - wrappedRequest.getSession(); - } - }); - - setupSession(); - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - assertThat(wrappedRequest.getSession().isNew()).isFalse(); - } - }); - } - - @Test - public void doFilterGetSessionNew() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - wrappedRequest.getSession(); - } - }); - - assertNewSession(); - } - - @Test - public void doFilterGetSessionTrueNew() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - wrappedRequest.getSession(true); - } - }); - - assertNewSession(); - } - - @Test - public void doFilterGetSessionFalseNew() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - wrappedRequest.getSession(false); - } - }); - - assertNoSession(); - } - - @Test - public void doFilterGetSessionGetSessionFalse() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - wrappedRequest.getSession(); - } - }); - - setupSession(); - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - assertThat(wrappedRequest.getSession(false)).isNotNull(); - } - }); - } - - @Test - public void doFilterCookieSecuritySettings() throws Exception { - request.setSecure(true); - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - wrappedRequest.getSession(); - } - }); - - Cookie session = getSessionCookie(); - assertThat(session.isHttpOnly()).describedAs("Session Cookie should be HttpOnly").isTrue(); - assertThat(session.getSecure()).describedAs("Session Cookie should be marked as Secure").isTrue(); - } - - @Test - public void doFilterSessionContext() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSessionContext sessionContext = wrappedRequest.getSession().getSessionContext(); - assertThat(sessionContext).isNotNull(); - assertThat(sessionContext.getSession("a")).isNull(); - assertThat(sessionContext.getIds()).isNotNull(); - assertThat(sessionContext.getIds().hasMoreElements()).isFalse(); - - try { - sessionContext.getIds().nextElement(); - fail("Expected Exception"); - } catch(NoSuchElementException success) {} - } - }); - } - - - - // --- saving - - @Test - public void doFilterGetAttr() throws Exception { - final String ATTR_NAME = "attr"; - final String ATTR_VALUE = "value"; - final String ATTR_NAME2 = "attr2"; - final String ATTR_VALUE2 = "value2"; - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - wrappedRequest.getSession().setAttribute(ATTR_NAME, ATTR_VALUE); - wrappedRequest.getSession().setAttribute(ATTR_NAME2, ATTR_VALUE2); - } - }); - - assertNewSession(); - - setupSession(); - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - assertThat(wrappedRequest.getSession().getAttribute(ATTR_NAME)).isEqualTo(ATTR_VALUE); - assertThat(wrappedRequest.getSession().getAttribute(ATTR_NAME2)).isEqualTo(ATTR_VALUE2); - } - }); - } - - // --- invalidate - - @Test - public void doFilterInvalidateInvalidateIllegalState() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - try { - session.invalidate(); - fail("Expected Exception"); - } catch(IllegalStateException success) {} - } - }); - } - - @Test - public void doFilterInvalidateCreationTimeIllegalState() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - try { - session.getCreationTime(); - fail("Expected Exception"); - } catch(IllegalStateException success) {} - } - }); - } - - @Test - public void doFilterInvalidateAttributeIllegalState() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - try { - session.getAttribute("attr"); - fail("Expected Exception"); - } catch(IllegalStateException success) {} - } - }); - } - - @Test - public void doFilterInvalidateValueIllegalState() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - try { - session.getValue("attr"); - fail("Expected Exception"); - } catch(IllegalStateException success) {} - } - }); - } - - @Test - public void doFilterInvalidateAttributeNamesIllegalState() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - try { - session.getAttributeNames(); - fail("Expected Exception"); - } catch(IllegalStateException success) {} - } - }); - } - - @Test - public void doFilterInvalidateValueNamesIllegalState() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - try { - session.getValueNames(); - fail("Expected Exception"); - } catch(IllegalStateException success) {} - } - }); - } - - @Test - public void doFilterInvalidateSetAttributeIllegalState() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - try { - session.setAttribute("a", "b"); - fail("Expected Exception"); - } catch(IllegalStateException success) {} - } - }); - } - - @Test - public void doFilterInvalidatePutValueIllegalState() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - try { - session.putValue("a", "b"); - fail("Expected Exception"); - } catch(IllegalStateException success) {} - } - }); - } - - @Test - public void doFilterInvalidateRemoveAttributeIllegalState() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - try { - session.removeAttribute("name"); - fail("Expected Exception"); - } catch(IllegalStateException success) {} - } - }); - } - - @Test - public void doFilterInvalidateRemoveValueIllegalState() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - try { - session.removeValue("name"); - fail("Expected Exception"); - } catch(IllegalStateException success) {} - } - }); - } - - @Test - public void doFilterInvalidateNewIllegalState() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - try { - session.isNew(); - fail("Expected Exception"); - } catch(IllegalStateException success) {} - } - }); - } - - @Test - public void doFilterInvalidateLastAccessedTimeIllegalState() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - try { - session.getLastAccessedTime(); - fail("Expected Exception"); - } catch(IllegalStateException success) {} - } - }); - } - - @Test - public void doFilterInvalidateId() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - // no exception - session.getId(); - } - }); - } - - @Test - public void doFilterInvalidateServletContext() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - - // no exception - session.getServletContext(); - } - }); - } - - @Test - public void doFilterInvalidateSessionContext() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - - // no exception - session.getSessionContext(); - } - }); - } - - @Test - public void doFilterInvalidateMaxInteractiveInterval() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - HttpSession session = wrappedRequest.getSession(); - session.invalidate(); - - // no exception - session.getMaxInactiveInterval(); - session.setMaxInactiveInterval(3600); - } - }); - } - - @Test - public void doFilterInvalidateAndGetSession() throws Exception { - final String ATTR_NAME = "attr"; - final String ATTR_VALUE = "value"; - final String ATTR_NAME2 = "attr2"; - final String ATTR_VALUE2 = "value2"; - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - wrappedRequest.getSession().setAttribute(ATTR_NAME, ATTR_VALUE); - wrappedRequest.getSession().invalidate(); - wrappedRequest.getSession().setAttribute(ATTR_NAME2, ATTR_VALUE2); - } - }); - - assertNewSession(); - - setupSession(); - - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - assertThat(wrappedRequest.getSession().getAttribute(ATTR_NAME)).isNull(); - assertThat(wrappedRequest.getSession().getAttribute(ATTR_NAME2)).isEqualTo(ATTR_VALUE2); - } - }); - } - - // --- invalid session ids - - @Test - public void doFilterGetSessionInvalidSessionId() throws Exception { - setSessionCookie("INVALID"); - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - wrappedRequest.getSession(); - } - }); - - assertNewSession(); - } - - @Test - public void doFilterGetSessionTrueInvalidSessionId() throws Exception { - setSessionCookie("INVALID"); - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - wrappedRequest.getSession(true); - } - }); - - assertNewSession(); - } - - @Test - public void doFilterGetSessionFalseInvalidSessionId() throws Exception { - setSessionCookie("INVALID"); - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest) { - wrappedRequest.getSession(false); - } - }); - - assertNoSession(); - } - - // --- commit response saves immediately - - @Test - public void doFilterSendError() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { - String id = wrappedRequest.getSession().getId(); - wrappedResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - assertThat(sessionRepository.getSession(id)).isNotNull(); - } - }); - } - - @Test - public void doFilterSendErrorAndMessage() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { - String id = wrappedRequest.getSession().getId(); - wrappedResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Error"); - assertThat(sessionRepository.getSession(id)).isNotNull(); - } - }); - } - - @Test - public void doFilterSendRedirect() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { - String id = wrappedRequest.getSession().getId(); - wrappedResponse.sendRedirect("/"); - assertThat(sessionRepository.getSession(id)).isNotNull(); - } - }); - } - - @Test - public void doFilterFlushBuffer() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { - String id = wrappedRequest.getSession().getId(); - wrappedResponse.flushBuffer(); - assertThat(sessionRepository.getSession(id)).isNotNull(); - } - }); - } - - @Test - public void doFilterOutputFlush() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { - String id = wrappedRequest.getSession().getId(); - wrappedResponse.getOutputStream().flush(); - assertThat(sessionRepository.getSession(id)).isNotNull(); - } - }); - } - - @Test - public void doFilterOutputClose() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { - String id = wrappedRequest.getSession().getId(); - wrappedResponse.getOutputStream().close(); - assertThat(sessionRepository.getSession(id)).isNotNull(); - } - }); - } - - @Test - public void doFilterWriterFlush() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { - String id = wrappedRequest.getSession().getId(); - wrappedResponse.getWriter().flush(); - assertThat(sessionRepository.getSession(id)).isNotNull(); - } - }); - } - - @Test - public void doFilterWriterClose() throws Exception { - doFilter(new DoInFilter() { - @Override - public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { - String id = wrappedRequest.getSession().getId(); - wrappedResponse.getWriter().close(); - assertThat(sessionRepository.getSession(id)).isNotNull(); - } - }); - } - - // --- helper methods - - private void assertNewSession() { - Cookie cookie = getSessionCookie(); - assertThat(cookie).isNotNull(); - assertThat(cookie.getMaxAge()).isEqualTo(-1); - assertThat(cookie.getValue()).isNotEqualTo("INVALID"); - assertThat(cookie.isHttpOnly()).describedAs("Cookie is expected to be HTTP Only").isTrue(); - assertThat(cookie.getSecure()).describedAs("Cookie secured is expected to be " + request.isSecure()).isEqualTo(request.isSecure()); - assertThat(request.getSession(false)).describedAs("The original HttpServletRequest HttpSession should be null").isNull(); - } - - private void assertNoSession() { - Cookie cookie = getSessionCookie(); - assertThat(cookie).isNull(); - assertThat(request.getSession(false)).describedAs("The original HttpServletRequest HttpSession should be null").isNull(); - } - - private Cookie getSessionCookie() { - return response.getCookie("SESSION"); - } - - private void setSessionCookie(String sessionId) { - request.setCookies(new Cookie[]{new Cookie("SESSION", sessionId)}); - } - - private void setupSession() { - setSessionCookie(getSessionCookie().getValue()); - } - - private void doFilter(final DoInFilter doInFilter) throws ServletException, IOException { - chain = new MockFilterChain(new HttpServlet() {}, new OncePerRequestFilter() { - @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { - doInFilter.doFilter(request, response); - } - }); - filter.doFilter(request, response, chain); - } - - abstract class DoInFilter { - void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws ServletException, IOException { - doFilter(wrappedRequest); - } - void doFilter(HttpServletRequest wrappedRequest) {} - } + private final static String SESSION_ATTR_NAME = HttpSession.class.getName(); + + private SessionRepository sessionRepository; + + private SessionRepositoryFilter filter; + + private MockHttpServletRequest request; + + private MockHttpServletResponse response; + + private MockFilterChain chain; + + @Before + public void setup() throws Exception { + sessionRepository = new MapSessionRepository(); + filter = new SessionRepositoryFilter(sessionRepository); + request = new MockHttpServletRequest(); + response = new MockHttpServletResponse(); + chain = new MockFilterChain(); + } + + @Test + public void doFilterCreateDate() throws Exception { + final String CREATE_ATTR = "create"; + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + long creationTime = wrappedRequest.getSession().getCreationTime(); + long now = System.currentTimeMillis(); + assertThat(now - creationTime).isGreaterThanOrEqualTo(0).isLessThan(5000); + request.setAttribute(CREATE_ATTR, creationTime); + } + }); + + final long expectedCreationTime = (Long) request.getAttribute(CREATE_ATTR); + Thread.sleep(50L); + setupSession(); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + long creationTime = wrappedRequest.getSession().getCreationTime(); + + assertThat(creationTime).isEqualTo(expectedCreationTime); + } + }); + } + + @Test + public void doFilterLastAccessedTime() throws Exception { + final String ACCESS_ATTR = "create"; + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + long lastAccessed = wrappedRequest.getSession().getLastAccessedTime(); + assertThat(lastAccessed).isEqualTo(wrappedRequest.getSession().getCreationTime()); + request.setAttribute(ACCESS_ATTR, lastAccessed); + } + }); + + final long creationTime = (Long) request.getAttribute(ACCESS_ATTR); + Thread.sleep(10L); + setupSession(); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + long lastAccessed = wrappedRequest.getSession().getLastAccessedTime(); + + assertThat(lastAccessed).isGreaterThan(wrappedRequest.getSession().getCreationTime()); + } + }); + } + + @Test + public void doFilterId() throws Exception { + final String ID_ATTR = "create"; + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + String id = wrappedRequest.getSession().getId(); + assertThat(id).isNotNull(); + assertThat(wrappedRequest.getSession().getId()).isEqualTo(id); + request.setAttribute(ID_ATTR, id); + } + }); + + final String id = (String) request.getAttribute(ID_ATTR); + assertThat(getSessionCookie().getValue()).isEqualTo(id); + setSessionCookie(id); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.getSession().getId()).isEqualTo(id); + } + }); + } + + @Test + public void doFilterIdChanges() throws Exception { + final String ID_ATTR = "create"; + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + String id = wrappedRequest.getSession().getId(); + request.setAttribute(ID_ATTR, id); + } + }); + + final String id = (String) request.getAttribute(ID_ATTR); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.getSession().getId()).isNotEqualTo(id); + } + }); + } + + @Test + public void doFilterServletContext() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + ServletContext context = wrappedRequest.getSession().getServletContext(); + assertThat(context).isSameAs(wrappedRequest.getServletContext()); + } + }); + } + + @Test + public void doFilterMaxInactiveIntervalDefault() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + int interval = wrappedRequest.getSession().getMaxInactiveInterval(); + assertThat(interval).isEqualTo(1800); // 30 minute default (same as Tomcat) + } + }); + } + + @Test + public void doFilterMaxInactiveIntervalOverride() throws Exception { + final int interval = 600; + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession().setMaxInactiveInterval(interval); + assertThat(wrappedRequest.getSession().getMaxInactiveInterval()).isEqualTo(interval); + } + }); + + setupSession(); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.getSession().getMaxInactiveInterval()).isEqualTo(interval); + } + }); + } + + @Test + public void doFilterAttribute() throws Exception { + final String ATTR = "ATTR"; + final String VALUE = "VALUE"; + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession().setAttribute(ATTR, VALUE); + assertThat(wrappedRequest.getSession().getAttribute(ATTR)).isEqualTo(VALUE); + assertThat(Collections.list(wrappedRequest.getSession().getAttributeNames())).containsOnly(ATTR); + } + }); + + setupSession(); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.getSession().getAttribute(ATTR)).isEqualTo(VALUE); + assertThat(Collections.list(wrappedRequest.getSession().getAttributeNames())).containsOnly(ATTR); + } + }); + + setupSession(); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.getSession().getAttribute(ATTR)).isEqualTo(VALUE); + + wrappedRequest.getSession().removeAttribute(ATTR); + + assertThat(wrappedRequest.getSession().getAttribute(ATTR)).isNull(); + } + }); + + setupSession(); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.getSession().getAttribute(ATTR)).isNull(); + } + }); + } + + @Test + public void doFilterValue() throws Exception { + final String ATTR = "ATTR"; + final String VALUE = "VALUE"; + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession().putValue(ATTR, VALUE); + assertThat(wrappedRequest.getSession().getValue(ATTR)).isEqualTo(VALUE); + assertThat(Arrays.asList(wrappedRequest.getSession().getValueNames())).containsOnly(ATTR); + } + }); + + setupSession(); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.getSession().getValue(ATTR)).isEqualTo(VALUE); + assertThat(Arrays.asList(wrappedRequest.getSession().getValueNames())).containsOnly(ATTR); + } + }); + + setupSession(); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.getSession().getValue(ATTR)).isEqualTo(VALUE); + + wrappedRequest.getSession().removeValue(ATTR); + + assertThat(wrappedRequest.getSession().getValue(ATTR)).isNull(); + } + }); + + setupSession(); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.getSession().getValue(ATTR)).isNull(); + } + }); + } + + @Test + public void doFilterIsNewTrue() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.getSession().isNew()).isTrue(); + assertThat(wrappedRequest.getSession().isNew()).isTrue(); + } + }); + } + + @Test + public void doFilterIsNewFalse() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession(); + } + }); + + setupSession(); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.getSession().isNew()).isFalse(); + } + }); + } + + @Test + public void doFilterGetSessionNew() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession(); + } + }); + + assertNewSession(); + } + + @Test + public void doFilterGetSessionTrueNew() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession(true); + } + }); + + assertNewSession(); + } + + @Test + public void doFilterGetSessionFalseNew() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession(false); + } + }); + + assertNoSession(); + } + + @Test + public void doFilterGetSessionGetSessionFalse() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession(); + } + }); + + setupSession(); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.getSession(false)).isNotNull(); + } + }); + } + + @Test + public void doFilterCookieSecuritySettings() throws Exception { + request.setSecure(true); + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession(); + } + }); + + Cookie session = getSessionCookie(); + assertThat(session.isHttpOnly()).describedAs("Session Cookie should be HttpOnly").isTrue(); + assertThat(session.getSecure()).describedAs("Session Cookie should be marked as Secure").isTrue(); + } + + @Test + public void doFilterSessionContext() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSessionContext sessionContext = wrappedRequest.getSession().getSessionContext(); + assertThat(sessionContext).isNotNull(); + assertThat(sessionContext.getSession("a")).isNull(); + assertThat(sessionContext.getIds()).isNotNull(); + assertThat(sessionContext.getIds().hasMoreElements()).isFalse(); + + try { + sessionContext.getIds().nextElement(); + fail("Expected Exception"); + } catch(NoSuchElementException success) {} + } + }); + } + + + + // --- saving + + @Test + public void doFilterGetAttr() throws Exception { + final String ATTR_NAME = "attr"; + final String ATTR_VALUE = "value"; + final String ATTR_NAME2 = "attr2"; + final String ATTR_VALUE2 = "value2"; + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession().setAttribute(ATTR_NAME, ATTR_VALUE); + wrappedRequest.getSession().setAttribute(ATTR_NAME2, ATTR_VALUE2); + } + }); + + assertNewSession(); + + setupSession(); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.getSession().getAttribute(ATTR_NAME)).isEqualTo(ATTR_VALUE); + assertThat(wrappedRequest.getSession().getAttribute(ATTR_NAME2)).isEqualTo(ATTR_VALUE2); + } + }); + } + + // --- invalidate + + @Test + public void doFilterInvalidateInvalidateIllegalState() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + try { + session.invalidate(); + fail("Expected Exception"); + } catch(IllegalStateException success) {} + } + }); + } + + @Test + public void doFilterInvalidateCreationTimeIllegalState() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + try { + session.getCreationTime(); + fail("Expected Exception"); + } catch(IllegalStateException success) {} + } + }); + } + + @Test + public void doFilterInvalidateAttributeIllegalState() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + try { + session.getAttribute("attr"); + fail("Expected Exception"); + } catch(IllegalStateException success) {} + } + }); + } + + @Test + public void doFilterInvalidateValueIllegalState() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + try { + session.getValue("attr"); + fail("Expected Exception"); + } catch(IllegalStateException success) {} + } + }); + } + + @Test + public void doFilterInvalidateAttributeNamesIllegalState() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + try { + session.getAttributeNames(); + fail("Expected Exception"); + } catch(IllegalStateException success) {} + } + }); + } + + @Test + public void doFilterInvalidateValueNamesIllegalState() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + try { + session.getValueNames(); + fail("Expected Exception"); + } catch(IllegalStateException success) {} + } + }); + } + + @Test + public void doFilterInvalidateSetAttributeIllegalState() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + try { + session.setAttribute("a", "b"); + fail("Expected Exception"); + } catch(IllegalStateException success) {} + } + }); + } + + @Test + public void doFilterInvalidatePutValueIllegalState() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + try { + session.putValue("a", "b"); + fail("Expected Exception"); + } catch(IllegalStateException success) {} + } + }); + } + + @Test + public void doFilterInvalidateRemoveAttributeIllegalState() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + try { + session.removeAttribute("name"); + fail("Expected Exception"); + } catch(IllegalStateException success) {} + } + }); + } + + @Test + public void doFilterInvalidateRemoveValueIllegalState() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + try { + session.removeValue("name"); + fail("Expected Exception"); + } catch(IllegalStateException success) {} + } + }); + } + + @Test + public void doFilterInvalidateNewIllegalState() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + try { + session.isNew(); + fail("Expected Exception"); + } catch(IllegalStateException success) {} + } + }); + } + + @Test + public void doFilterInvalidateLastAccessedTimeIllegalState() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + try { + session.getLastAccessedTime(); + fail("Expected Exception"); + } catch(IllegalStateException success) {} + } + }); + } + + @Test + public void doFilterInvalidateId() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + // no exception + session.getId(); + } + }); + } + + @Test + public void doFilterInvalidateServletContext() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + + // no exception + session.getServletContext(); + } + }); + } + + @Test + public void doFilterInvalidateSessionContext() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + + // no exception + session.getSessionContext(); + } + }); + } + + @Test + public void doFilterInvalidateMaxInteractiveInterval() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + HttpSession session = wrappedRequest.getSession(); + session.invalidate(); + + // no exception + session.getMaxInactiveInterval(); + session.setMaxInactiveInterval(3600); + } + }); + } + + @Test + public void doFilterInvalidateAndGetSession() throws Exception { + final String ATTR_NAME = "attr"; + final String ATTR_VALUE = "value"; + final String ATTR_NAME2 = "attr2"; + final String ATTR_VALUE2 = "value2"; + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession().setAttribute(ATTR_NAME, ATTR_VALUE); + wrappedRequest.getSession().invalidate(); + wrappedRequest.getSession().setAttribute(ATTR_NAME2, ATTR_VALUE2); + } + }); + + assertNewSession(); + + setupSession(); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.getSession().getAttribute(ATTR_NAME)).isNull(); + assertThat(wrappedRequest.getSession().getAttribute(ATTR_NAME2)).isEqualTo(ATTR_VALUE2); + } + }); + } + + // --- invalid session ids + + @Test + public void doFilterGetSessionInvalidSessionId() throws Exception { + setSessionCookie("INVALID"); + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession(); + } + }); + + assertNewSession(); + } + + @Test + public void doFilterGetSessionTrueInvalidSessionId() throws Exception { + setSessionCookie("INVALID"); + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession(true); + } + }); + + assertNewSession(); + } + + @Test + public void doFilterGetSessionFalseInvalidSessionId() throws Exception { + setSessionCookie("INVALID"); + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession(false); + } + }); + + assertNoSession(); + } + + // --- commit response saves immediately + + @Test + public void doFilterSendError() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { + String id = wrappedRequest.getSession().getId(); + wrappedResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + assertThat(sessionRepository.getSession(id)).isNotNull(); + } + }); + } + + @Test + public void doFilterSendErrorAndMessage() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { + String id = wrappedRequest.getSession().getId(); + wrappedResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Error"); + assertThat(sessionRepository.getSession(id)).isNotNull(); + } + }); + } + + @Test + public void doFilterSendRedirect() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { + String id = wrappedRequest.getSession().getId(); + wrappedResponse.sendRedirect("/"); + assertThat(sessionRepository.getSession(id)).isNotNull(); + } + }); + } + + @Test + public void doFilterFlushBuffer() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { + String id = wrappedRequest.getSession().getId(); + wrappedResponse.flushBuffer(); + assertThat(sessionRepository.getSession(id)).isNotNull(); + } + }); + } + + @Test + public void doFilterOutputFlush() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { + String id = wrappedRequest.getSession().getId(); + wrappedResponse.getOutputStream().flush(); + assertThat(sessionRepository.getSession(id)).isNotNull(); + } + }); + } + + @Test + public void doFilterOutputClose() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { + String id = wrappedRequest.getSession().getId(); + wrappedResponse.getOutputStream().close(); + assertThat(sessionRepository.getSession(id)).isNotNull(); + } + }); + } + + @Test + public void doFilterWriterFlush() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { + String id = wrappedRequest.getSession().getId(); + wrappedResponse.getWriter().flush(); + assertThat(sessionRepository.getSession(id)).isNotNull(); + } + }); + } + + @Test + public void doFilterWriterClose() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { + String id = wrappedRequest.getSession().getId(); + wrappedResponse.getWriter().close(); + assertThat(sessionRepository.getSession(id)).isNotNull(); + } + }); + } + + // --- helper methods + + private void assertNewSession() { + Cookie cookie = getSessionCookie(); + assertThat(cookie).isNotNull(); + assertThat(cookie.getMaxAge()).isEqualTo(-1); + assertThat(cookie.getValue()).isNotEqualTo("INVALID"); + assertThat(cookie.isHttpOnly()).describedAs("Cookie is expected to be HTTP Only").isTrue(); + assertThat(cookie.getSecure()).describedAs("Cookie secured is expected to be " + request.isSecure()).isEqualTo(request.isSecure()); + assertThat(request.getSession(false)).describedAs("The original HttpServletRequest HttpSession should be null").isNull(); + } + + private void assertNoSession() { + Cookie cookie = getSessionCookie(); + assertThat(cookie).isNull(); + assertThat(request.getSession(false)).describedAs("The original HttpServletRequest HttpSession should be null").isNull(); + } + + private Cookie getSessionCookie() { + return response.getCookie("SESSION"); + } + + private void setSessionCookie(String sessionId) { + request.setCookies(new Cookie[]{new Cookie("SESSION", sessionId)}); + } + + private void setupSession() { + setSessionCookie(getSessionCookie().getValue()); + } + + private void doFilter(final DoInFilter doInFilter) throws ServletException, IOException { + chain = new MockFilterChain(new HttpServlet() {}, new OncePerRequestFilter() { + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + doInFilter.doFilter(request, response); + } + }); + filter.doFilter(request, response, chain); + } + + abstract class DoInFilter { + void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws ServletException, IOException { + doFilter(wrappedRequest); + } + void doFilter(HttpServletRequest wrappedRequest) {} + } } \ No newline at end of file