Author: lhazlewood
Date: Sat Mar 26 01:56:41 2011
New Revision: 1085628
URL: http://svn.apache.org/viewvc?rev=1085628&view=rev
Log:
SHIRO-240: implemented fix, added accompanying test cases.
ServletContainerSessionManager now at 100% coverage.
Added:
shiro/trunk/web/src/test/groovy/
shiro/trunk/web/src/test/groovy/org/
shiro/trunk/web/src/test/groovy/org/apache/
shiro/trunk/web/src/test/groovy/org/apache/shiro/
shiro/trunk/web/src/test/groovy/org/apache/shiro/web/
shiro/trunk/web/src/test/groovy/org/apache/shiro/web/session/
shiro/trunk/web/src/test/groovy/org/apache/shiro/web/session/mgt/
shiro/trunk/web/src/test/groovy/org/apache/shiro/web/session/mgt/ServletContainerSessionManagerTest.groovy
Modified:
shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractSessionManager.java
shiro/trunk/pom.xml
shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/ServletContainerSessionManager.java
Modified:
shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractSessionManager.java
URL:
http://svn.apache.org/viewvc/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractSessionManager.java?rev=1085628&r1=1085627&r2=1085628&view=diff
==============================================================================
---
shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractSessionManager.java
(original)
+++
shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractSessionManager.java
Sat Mar 26 01:56:41 2011
@@ -27,6 +27,12 @@ import org.apache.shiro.session.Session;
*
* @since 0.1
*/
+//TODO - deprecate this class (see SHIRO-240):
+//This is only here to make available a common attribute
'globalSessionTimeout' to subclasses, particularly to make it
+//available to both AbstractNativeSessionManager and
ServletContainerSessionManager subclass trees. However, the
+//ServletContainerSessionManager implementation does not use this value
+//(see https://issues.apache.org/jira/browse/SHIRO-240 for why). That means
that only the Native session managers
+//need a globalSessionTimeout property, making this class unnecessary.
public abstract class AbstractSessionManager implements SessionManager {
protected static final long MILLIS_PER_SECOND = 1000;
Modified: shiro/trunk/pom.xml
URL:
http://svn.apache.org/viewvc/shiro/trunk/pom.xml?rev=1085628&r1=1085627&r2=1085628&view=diff
==============================================================================
--- shiro/trunk/pom.xml (original)
+++ shiro/trunk/pom.xml Sat Mar 26 01:56:41 2011
@@ -208,6 +208,34 @@
<artifactId>versions-maven-plugin</artifactId>
<version>1.2</version>
</plugin>
+ <!-- Allow writing tests in Groovy: -->
+ <plugin>
+ <groupId>org.codehaus.gmaven</groupId>
+ <artifactId>gmaven-plugin</artifactId>
+ <version>1.2</version>
+ <configuration>
+ <providerSelection>1.7</providerSelection>
+ <source>src/main/groovy</source>
+ </configuration>
+ <dependencies>
+ <dependency>
+ <groupId>org.codehaus.gmaven.runtime</groupId>
+ <artifactId>gmaven-runtime-1.7</artifactId>
+ <version>1.2</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.codehaus.groovy</groupId>
+ <artifactId>groovy-all</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.groovy</groupId>
+ <artifactId>groovy-all</artifactId>
+ <version>${groovy.version}</version>
+ </dependency>
+ </dependencies>
+ </plugin>
</plugins>
</pluginManagement>
<plugins>
Modified:
shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/ServletContainerSessionManager.java
URL:
http://svn.apache.org/viewvc/shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/ServletContainerSessionManager.java?rev=1085628&r1=1085627&r2=1085628&view=diff
==============================================================================
---
shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/ServletContainerSessionManager.java
(original)
+++
shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/ServletContainerSessionManager.java
Sat Mar 26 01:56:41 2011
@@ -33,19 +33,19 @@ import javax.servlet.http.HttpSession;
/**
- * SessionManager implementation providing Session implementations that are
merely wrappers for the
- * Servlet container's HttpSession.
+ * SessionManager implementation providing {@link Session} implementations
that are merely wrappers for the
+ * Servlet container's {@link HttpSession}.
* <p/>
* Despite its name, this implementation <em>does not</em> itself manage
Sessions since the Servlet container
* provides the actual management support. This class mainly exists to
'impersonate' a regular Shiro
* <tt>SessionManager</tt> so it can be pluggable into a normal Shiro
configuration in a pure web application.
* <p/>
* Note that because this implementation relies on the {@link HttpSession
HttpSession}, it is only functional in a
- * servlet container. I.e. it is <em>NOT</em> capable of supporting Sessions
any clients other than
+ * servlet container. I.e. it is <em>NOT</em> capable of supporting Sessions
for any clients other than
* {@code HttpRequest/HttpResponse} based clients.
* <p/>
- * Therefore, if you need {@code Session} access from heterogenous client
mediums (e.g. web pages,
- * Flash applets, Java Web Start applications, etc.), use the {@link
DefaultWebSessionManager DefaultWebSessionManager}
+ * Therefore, if you need {@code Session} access from heterogeneous clients
(e.g. web pages,
+ * Java Web Start applications, etc.), use the {@link DefaultWebSessionManager
DefaultWebSessionManager}
* instead. The {@code DefaultWebSessionManager} supports both traditional
web-based access as well as non web-based
* clients.
*
@@ -107,9 +107,8 @@ public class ServletContainerSessionMana
HttpSession httpSession = request.getSession();
- //ensure that the httpSession timeout reflects what is configured:
- long timeoutMillis = getGlobalSessionTimeout();
- httpSession.setMaxInactiveInterval((int) (timeoutMillis /
MILLIS_PER_SECOND));
+ //SHIRO-240: DO NOT use the 'globalSessionTimeout' value here on the
acquired session.
+ //see: https://issues.apache.org/jira/browse/SHIRO-240
String host = getHost(sessionContext);
Added:
shiro/trunk/web/src/test/groovy/org/apache/shiro/web/session/mgt/ServletContainerSessionManagerTest.groovy
URL:
http://svn.apache.org/viewvc/shiro/trunk/web/src/test/groovy/org/apache/shiro/web/session/mgt/ServletContainerSessionManagerTest.groovy?rev=1085628&view=auto
==============================================================================
---
shiro/trunk/web/src/test/groovy/org/apache/shiro/web/session/mgt/ServletContainerSessionManagerTest.groovy
(added)
+++
shiro/trunk/web/src/test/groovy/org/apache/shiro/web/session/mgt/ServletContainerSessionManagerTest.groovy
Sat Mar 26 01:56:41 2011
@@ -0,0 +1,175 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.web.session.mgt
+
+import javax.servlet.http.HttpServletRequest
+import javax.servlet.http.HttpServletResponse
+import javax.servlet.http.HttpSession
+import org.apache.shiro.session.mgt.SessionContext
+import org.apache.shiro.session.mgt.SessionKey
+import org.apache.shiro.web.session.HttpServletSession
+import static org.easymock.EasyMock.*
+
+/**
+ * Unit tests for the {@link ServletContainerSessionManager} implementation.
+ */
+class ServletContainerSessionManagerTest extends GroovyTestCase {
+
+ void testStartWithNonWebSessionContext() {
+
+ def sessionContext = createStrictMock(SessionContext)
+
+ replay sessionContext
+
+ ServletContainerSessionManager mgr = new
ServletContainerSessionManager()
+ try {
+ mgr.start sessionContext
+ fail "Start should have failed with a non-web SessionContext"
+ } catch (IllegalArgumentException expected) {
+ }
+
+ verify sessionContext
+ }
+
+ void testStartWithContextHostValue() {
+
+ def host = "host.somecompany.com"
+
+ def request = createStrictMock(HttpServletRequest)
+ def response = createStrictMock(HttpServletResponse)
+ def httpSession = createStrictMock(HttpSession)
+ def context = new DefaultWebSessionContext()
+ context.servletRequest = request
+ context.servletResponse = response
+ context.host = host
+
+ expect(request.session).andReturn httpSession
+
+ httpSession.setAttribute(eq(HttpServletSession.HOST_SESSION_KEY),
eq(host))
+
expect(httpSession.getAttribute(eq(HttpServletSession.HOST_SESSION_KEY))).andReturn
host
+
+ replay request, response, httpSession
+
+ ServletContainerSessionManager mgr = new
ServletContainerSessionManager()
+ def startedSession = mgr.start(context)
+
+ assertTrue startedSession instanceof HttpServletSession
+ assertEquals host, startedSession.host
+ assertSame httpSession, startedSession.httpSession
+
+ verify request, response, httpSession
+ }
+
+ void testStartWithoutContextHostValue() {
+
+ def host = "host.somecompany.com"
+
+ def request = createStrictMock(HttpServletRequest)
+ def response = createStrictMock(HttpServletResponse)
+ def httpSession = createStrictMock(HttpSession)
+ def context = new DefaultWebSessionContext()
+ context.servletRequest = request
+ context.servletResponse = response
+
+ expect(request.session).andReturn httpSession
+ expect(request.remoteHost).andReturn host
+
+ httpSession.setAttribute(eq(HttpServletSession.HOST_SESSION_KEY),
eq(host))
+
expect(httpSession.getAttribute(eq(HttpServletSession.HOST_SESSION_KEY))).andReturn
host
+
+ replay request, response, httpSession
+
+ ServletContainerSessionManager mgr = new
ServletContainerSessionManager()
+ def startedSession = mgr.start(context)
+
+ assertTrue startedSession instanceof HttpServletSession
+ assertEquals host, startedSession.host
+ assertSame httpSession, startedSession.httpSession
+
+ verify request, response, httpSession
+ }
+
+ void testGetSessionWithNonWebSessionKey() {
+
+ def key = createStrictMock(SessionKey)
+
+ replay key
+
+ ServletContainerSessionManager mgr = new
ServletContainerSessionManager()
+ try {
+ mgr.getSession(key)
+ fail "getSession should have failed with a non-web SessionKey"
+ } catch (IllegalArgumentException expected) {
+ }
+
+ verify key
+ }
+
+ void testGetSessionWithExistingRequestSession() {
+
+ String host = "www.company.com"
+
+ def request = createStrictMock(HttpServletRequest)
+ def response = createStrictMock(HttpServletResponse)
+ def httpSession = createStrictMock(HttpSession)
+
+ expect(request.getSession(false)).andReturn httpSession
+ expect(request.remoteHost).andReturn host
+ httpSession.setAttribute(eq(HttpServletSession.HOST_SESSION_KEY),
eq(host))
+
expect(httpSession.getAttribute(eq(HttpServletSession.HOST_SESSION_KEY))).andReturn
host
+
+ def key = new WebSessionKey(request, response)
+
+ replay request, response, httpSession
+
+ ServletContainerSessionManager mgr = new
ServletContainerSessionManager()
+ def session = mgr.getSession(key)
+
+ assertTrue session instanceof HttpServletSession
+ assertEquals host, session.host
+ assertSame httpSession, session.httpSession
+
+ verify request, response, httpSession
+ }
+
+ void testGetSessionWithoutExistingRequestSession() {
+
+ def request = createStrictMock(HttpServletRequest)
+ def response = createStrictMock(HttpServletResponse)
+ def httpSession = createStrictMock(HttpSession)
+
+ expect(request.getSession(false)).andReturn null
+
+ def key = new WebSessionKey(request, response)
+
+ replay request, response, httpSession
+
+ ServletContainerSessionManager mgr = new
ServletContainerSessionManager()
+ def session = mgr.getSession(key)
+
+ assertNull session
+
+ verify request, response, httpSession
+ }
+
+
+
+
+
+}
