View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.server.session;
20  
21  import static org.junit.Assert.assertEquals;
22  import static org.junit.Assert.assertTrue;
23  
24  import java.io.IOException;
25  import java.util.ArrayList;
26  import java.util.List;
27  
28  import javax.servlet.ServletException;
29  import javax.servlet.http.HttpServlet;
30  import javax.servlet.http.HttpServletRequest;
31  import javax.servlet.http.HttpServletResponse;
32  import javax.servlet.http.HttpSession;
33  import javax.servlet.http.HttpSessionEvent;
34  import javax.servlet.http.HttpSessionListener;
35  
36  import org.eclipse.jetty.client.HttpClient;
37  import org.eclipse.jetty.client.api.ContentResponse;
38  import org.eclipse.jetty.client.api.Request;
39  import org.eclipse.jetty.servlet.ServletContextHandler;
40  import org.eclipse.jetty.servlet.ServletHolder;
41  import org.junit.Test;
42  
43  public abstract class AbstractSessionExpiryTest
44  {
45      public abstract AbstractTestServer createServer(int port, int max, int scavenge);
46  
47      public void pause(int scavengePeriod)
48      {
49          try
50          {
51              Thread.sleep(scavengePeriod * 2500L);
52          }
53          catch (InterruptedException e)
54          {
55              e.printStackTrace();
56          }
57      }
58      
59      public class TestHttpSessionListener implements HttpSessionListener
60      {
61          public List<String> createdSessions = new ArrayList<String>();
62          public List<String> destroyedSessions = new ArrayList<String>();
63          
64          public void sessionDestroyed(HttpSessionEvent se)
65          {
66              destroyedSessions.add(se.getSession().getId());
67          }
68          
69          public void sessionCreated(HttpSessionEvent se)
70          {
71              createdSessions.add(se.getSession().getId());
72          }
73      };
74      
75  
76      @Test
77      public void testSessionNotExpired() throws Exception
78      {
79          String contextPath = "";
80          String servletMapping = "/server";
81          int inactivePeriod = 10;
82          int scavengePeriod = 10;
83          AbstractTestServer server1 = createServer(0, inactivePeriod, scavengePeriod);
84          TestServlet servlet = new TestServlet();
85          ServletHolder holder = new ServletHolder(servlet);
86          server1.addContext(contextPath).addServlet(holder, servletMapping);
87  
88          HttpClient client = new HttpClient();
89          try
90          {
91              server1.start();
92              int port1 = server1.getPort();
93  
94              client.start();
95              String url = "http://localhost:" + port1 + contextPath + servletMapping;
96  
97              //make a request to set up a session on the server
98              ContentResponse response = client.GET(url + "?action=init");
99              assertEquals(HttpServletResponse.SC_OK,response.getStatus());
100             String sessionCookie = response.getHeaders().get("Set-Cookie");
101             assertTrue(sessionCookie != null);
102             // Mangle the cookie, replacing Path with $Path, etc.
103             sessionCookie = sessionCookie.replaceFirst("(\\W)(P|p)ath=", "$1\\$Path=");
104 
105             //now stop the server
106             server1.stop();
107 
108             //start the server again, before the session times out
109             server1.start();
110             port1 = server1.getPort();
111             url = "http://localhost:" + port1 + contextPath + servletMapping;
112 
113             //make another request, the session should not have expired
114             Request request = client.newRequest(url + "?action=notexpired");
115             request.getHeaders().add("Cookie", sessionCookie);
116             ContentResponse response2 = request.send();
117             assertEquals(HttpServletResponse.SC_OK,response2.getStatus());
118 
119         }
120         finally
121         {
122             client.stop();
123             server1.stop();
124         }
125     }
126     
127 
128     @Test
129     public void testSessionExpiry() throws Exception
130     {
131      
132         
133         String contextPath = "";
134         String servletMapping = "/server";
135         int inactivePeriod = 2;
136         int scavengePeriod = 1;
137         AbstractTestServer server1 = createServer(0, inactivePeriod, scavengePeriod);
138         TestServlet servlet = new TestServlet();
139         ServletHolder holder = new ServletHolder(servlet);
140         ServletContextHandler context = server1.addContext(contextPath);
141         context.addServlet(holder, servletMapping);
142         TestHttpSessionListener listener = new TestHttpSessionListener();
143         
144         context.getSessionHandler().addEventListener(listener);
145         
146         server1.start();
147         int port1 = server1.getPort();
148 
149         try
150         {
151             HttpClient client = new HttpClient();
152             client.start();
153             String url = "http://localhost:" + port1 + contextPath + servletMapping;
154 
155             //make a request to set up a session on the server
156             ContentResponse response1 = client.GET(url + "?action=init");
157             assertEquals(HttpServletResponse.SC_OK,response1.getStatus());
158             String sessionCookie = response1.getHeaders().get("Set-Cookie");
159             assertTrue(sessionCookie != null);
160             // Mangle the cookie, replacing Path with $Path, etc.
161             sessionCookie = sessionCookie.replaceFirst("(\\W)(P|p)ath=", "$1\\$Path=");
162             
163             String sessionId = AbstractTestServer.extractSessionId(sessionCookie);     
164             
165             verifySessionCreated(listener,sessionId);
166             
167             //now stop the server
168             server1.stop();
169 
170             //and wait until the expiry time has passed
171             pause(inactivePeriod);
172 
173             //restart the server
174             server1.start();
175             
176             port1 = server1.getPort();
177             url = "http://localhost:" + port1 + contextPath + servletMapping;
178 
179             //make another request, the session should have expired
180             Request request = client.newRequest(url + "?action=test");
181             request.getHeaders().add("Cookie", sessionCookie);
182             ContentResponse response2 = request.send();
183             assertEquals(HttpServletResponse.SC_OK,response2.getStatus());
184             
185             //and wait until the expiry time has passed
186             pause(inactivePeriod);
187             
188             verifySessionDestroyed (listener, sessionId);
189         }
190         finally
191         {
192             server1.stop();
193         }     
194     }
195     public void verifySessionCreated (TestHttpSessionListener listener, String sessionId)
196     {
197         assertTrue(listener.createdSessions.contains(sessionId));
198     }
199     public void verifySessionDestroyed (TestHttpSessionListener listener, String sessionId)
200     {
201         assertTrue (listener.destroyedSessions.contains(sessionId));
202     }
203 
204 
205 
206     public static class TestServlet extends HttpServlet
207     {
208         public String originalId = null;
209 
210         @Override
211         protected void doGet(HttpServletRequest request, HttpServletResponse httpServletResponse) throws ServletException, IOException
212         {
213             String action = request.getParameter("action");
214             if ("init".equals(action))
215             {
216                 HttpSession session = request.getSession(true);
217                 session.setAttribute("test", "test");
218                 originalId = session.getId();
219             }
220             else if ("test".equals(action))
221             {
222                 HttpSession session = request.getSession(true);
223                 assertTrue(session != null);
224                 assertTrue(!originalId.equals(session.getId()));
225             }
226             else if ("notexpired".equals(action))
227             {
228                 HttpSession session = request.getSession(false);
229                 assertTrue(session != null);
230                 assertTrue(originalId.equals(session.getId()));
231             }
232 
233         }
234     }
235 }