View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.server.session;
20  
21  import static org.junit.Assert.assertEquals;
22  import static org.junit.Assert.assertFalse;
23  import static org.junit.Assert.assertNotNull;
24  import static org.junit.Assert.assertNotSame;
25  import static org.junit.Assert.assertNull;
26  import static org.junit.Assert.assertTrue;
27  
28  import java.io.IOException;
29  
30  import javax.servlet.ServletException;
31  import javax.servlet.http.HttpServlet;
32  import javax.servlet.http.HttpServletRequest;
33  import javax.servlet.http.HttpServletResponse;
34  import javax.servlet.http.HttpSession;
35  
36  import org.eclipse.jetty.client.HttpClient;
37  import org.eclipse.jetty.client.api.ContentResponse;
38  import org.eclipse.jetty.client.api.Request;
39  import org.eclipse.jetty.servlet.ServletContextHandler;
40  
41  
42  public abstract class AbstractSessionRenewTest
43  {
44      public abstract AbstractTestServer createServer(int port, int max, int scavenge);
45  
46      public void testSessionRenewal() throws Exception
47      {
48          String contextPath = "";
49          String servletMapping = "/server";
50          int scavengePeriod = 3;
51          AbstractTestServer server = createServer(0, 1, scavengePeriod);
52          ServletContextHandler context = server.addContext(contextPath);
53          context.addServlet(TestServlet.class, servletMapping);
54  
55  
56          HttpClient client = new HttpClient();
57          try
58          {
59              server.start();
60              int port=server.getPort();
61              
62              client.start();
63  
64              //make a request to create a session
65              ContentResponse response = client.GET("http://localhost:" + port + contextPath + servletMapping + "?action=create");
66              assertEquals(HttpServletResponse.SC_OK,response.getStatus());
67  
68              String sessionCookie = response.getHeaders().getStringField("Set-Cookie");
69              assertTrue(sessionCookie != null);
70  
71              //make a request to change the sessionid
72              Request request = client.newRequest("http://localhost:" + port + contextPath + servletMapping + "?action=renew");
73              request.header("Cookie", sessionCookie);
74              ContentResponse renewResponse = request.send();
75              assertEquals(HttpServletResponse.SC_OK,renewResponse.getStatus());
76              String renewSessionCookie = renewResponse.getHeaders().getStringField("Set-Cookie");
77              assertNotNull(renewSessionCookie);
78              assertNotSame(sessionCookie, renewSessionCookie);
79          }
80          finally
81          {
82              client.stop();
83              server.stop();
84          }
85      }
86  
87  
88      public static class TestServlet extends HttpServlet
89      {
90          @Override
91          protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
92          {
93              String action = request.getParameter("action");
94              if ("create".equals(action))
95              {
96                  HttpSession session = request.getSession(true);
97                  assertTrue(session.isNew());
98              }
99              else if ("renew".equals(action))
100             {
101                 HttpSession beforeSession = request.getSession(false);
102                 assertTrue(beforeSession != null);
103                 String beforeSessionId = beforeSession.getId();
104 
105 
106                 ((AbstractSession)beforeSession).renewId(request);
107 
108                 HttpSession afterSession = request.getSession(false);
109                 assertTrue(afterSession != null);
110                 String afterSessionId = afterSession.getId();
111 
112                 assertTrue(beforeSession==afterSession);
113                 assertFalse(beforeSessionId.equals(afterSessionId));
114 
115                 AbstractSessionManager sessionManager = (AbstractSessionManager)((AbstractSession)afterSession).getSessionManager();
116                 AbstractSessionIdManager sessionIdManager = (AbstractSessionIdManager)sessionManager.getSessionIdManager();
117 
118                 assertTrue(sessionIdManager.idInUse(afterSessionId));
119                 assertFalse(sessionIdManager.idInUse(beforeSessionId));
120 
121                 HttpSession session = sessionManager.getSession(afterSessionId);
122                 assertNotNull(session);
123                 session = sessionManager.getSession(beforeSessionId);
124                 assertNull(session);
125 
126                 if (((AbstractSession)afterSession).isIdChanged())
127                 {
128                     ((org.eclipse.jetty.server.Response)response).addCookie(sessionManager.getSessionCookie(afterSession, request.getContextPath(), request.isSecure()));
129                 }
130             }
131         }
132     }
133 
134 }