View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.server.session;
20  
21  import static org.junit.Assert.assertEquals;
22  import static org.junit.Assert.assertTrue;
23  
24  import java.io.IOException;
25  
26  import javax.servlet.ServletException;
27  import javax.servlet.http.HttpServlet;
28  import javax.servlet.http.HttpServletRequest;
29  import javax.servlet.http.HttpServletResponse;
30  import javax.servlet.http.HttpSession;
31  
32  import org.eclipse.jetty.client.HttpClient;
33  import org.eclipse.jetty.client.api.ContentResponse;
34  import org.eclipse.jetty.client.api.Request;
35  import org.eclipse.jetty.servlet.ServletHolder;
36  import org.junit.Test;
37  
38  public abstract class AbstractSessionExpiryTest
39  {
40      public abstract AbstractTestServer createServer(int port, int max, int scavenge);
41  
42      public void pause(int scavengePeriod)
43      {
44          try
45          {
46              Thread.sleep(scavengePeriod * 2500L);
47          }
48          catch (InterruptedException e)
49          {
50              e.printStackTrace();
51          }
52      }
53  
54      @Test
55      public void testSessionNotExpired() throws Exception
56      {
57          String contextPath = "";
58          String servletMapping = "/server";
59          int inactivePeriod = 10;
60          int scavengePeriod = 10;
61          AbstractTestServer server1 = createServer(0, inactivePeriod, scavengePeriod);
62          TestServlet servlet = new TestServlet();
63          ServletHolder holder = new ServletHolder(servlet);
64          server1.addContext(contextPath).addServlet(holder, servletMapping);
65  
66          HttpClient client = new HttpClient();
67          try
68          {
69              server1.start();
70              int port1 = server1.getPort();
71  
72              client.start();
73              String url = "http://localhost:" + port1 + contextPath + servletMapping;
74  
75              //make a request to set up a session on the server
76              ContentResponse response = client.GET(url + "?action=init");
77              assertEquals(HttpServletResponse.SC_OK,response.getStatus());
78              String sessionCookie = response.getHeaders().getStringField("Set-Cookie");
79              assertTrue(sessionCookie != null);
80              // Mangle the cookie, replacing Path with $Path, etc.
81              sessionCookie = sessionCookie.replaceFirst("(\\W)(P|p)ath=", "$1\\$Path=");
82  
83              //now stop the server
84              server1.stop();
85  
86              //start the server again, before the session times out
87              server1.start();
88              port1 = server1.getPort();
89              url = "http://localhost:" + port1 + contextPath + servletMapping;
90  
91              //make another request, the session should not have expired
92              Request request = client.newRequest(url + "?action=notexpired");
93              request.getHeaders().add("Cookie", sessionCookie);
94              ContentResponse response2 = request.send();
95              assertEquals(HttpServletResponse.SC_OK,response2.getStatus());
96  
97          }
98          finally
99          {
100             client.stop();
101             server1.stop();
102         }
103     }
104 
105     @Test
106     public void testSessionExpiry() throws Exception
107     {
108         String contextPath = "";
109         String servletMapping = "/server";
110         int inactivePeriod = 2;
111         int scavengePeriod = 10;
112         AbstractTestServer server1 = createServer(0, inactivePeriod, scavengePeriod);
113         TestServlet servlet = new TestServlet();
114         ServletHolder holder = new ServletHolder(servlet);
115         server1.addContext(contextPath).addServlet(holder, servletMapping);
116         server1.start();
117         int port1 = server1.getPort();
118 
119         try
120         {
121             HttpClient client = new HttpClient();
122             client.start();
123             String url = "http://localhost:" + port1 + contextPath + servletMapping;
124 
125             //make a request to set up a session on the server
126             ContentResponse response1 = client.GET(url + "?action=init");
127             assertEquals(HttpServletResponse.SC_OK,response1.getStatus());
128             String sessionCookie = response1.getHeaders().getStringField("Set-Cookie");
129             assertTrue(sessionCookie != null);
130             // Mangle the cookie, replacing Path with $Path, etc.
131             sessionCookie = sessionCookie.replaceFirst("(\\W)(P|p)ath=", "$1\\$Path=");
132 
133             //now stop the server
134             server1.stop();
135 
136             //and wait until the expiry time has passed
137             pause(inactivePeriod);
138 
139             //restart the server
140             server1.start();
141             port1 = server1.getPort();
142             url = "http://localhost:" + port1 + contextPath + servletMapping;
143 
144             //make another request, the session should have expired
145             Request request = client.newRequest(url + "?action=test");
146             request.getHeaders().add("Cookie", sessionCookie);
147             ContentResponse response2 = request.send();
148             assertEquals(HttpServletResponse.SC_OK,response2.getStatus());
149         }
150         finally
151         {
152             server1.stop();
153         }
154     }
155 
156     public static class TestServlet extends HttpServlet
157     {
158         public String originalId = null;
159 
160         @Override
161         protected void doGet(HttpServletRequest request, HttpServletResponse httpServletResponse) throws ServletException, IOException
162         {
163             String action = request.getParameter("action");
164             if ("init".equals(action))
165             {
166                 HttpSession session = request.getSession(true);
167                 session.setAttribute("test", "test");
168                 originalId = session.getId();
169             }
170             else if ("test".equals(action))
171             {
172                 HttpSession session = request.getSession(true);
173                 assertTrue(session != null);
174                 assertTrue(!originalId.equals(session.getId()));
175             }
176             else if ("notexpired".equals(action))
177             {
178                 HttpSession session = request.getSession(false);
179                 assertTrue(session != null);
180                 assertTrue(originalId.equals(session.getId()));
181             }
182 
183         }
184     }
185 }