1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.server.session;
20
21 import static org.junit.Assert.assertEquals;
22 import static org.junit.Assert.assertTrue;
23 import static org.junit.Assert.fail;
24
25 import java.io.IOException;
26 import java.io.Serializable;
27 import java.util.ArrayList;
28 import java.util.List;
29
30 import javax.servlet.ServletException;
31 import javax.servlet.http.HttpServlet;
32 import javax.servlet.http.HttpServletRequest;
33 import javax.servlet.http.HttpServletResponse;
34 import javax.servlet.http.HttpSession;
35 import javax.servlet.http.HttpSessionBindingEvent;
36 import javax.servlet.http.HttpSessionBindingListener;
37 import javax.servlet.http.HttpSessionEvent;
38 import javax.servlet.http.HttpSessionListener;
39
40 import org.eclipse.jetty.client.HttpClient;
41 import org.eclipse.jetty.client.api.ContentResponse;
42 import org.eclipse.jetty.client.api.Request;
43 import org.eclipse.jetty.servlet.ServletContextHandler;
44 import org.eclipse.jetty.servlet.ServletHolder;
45 import org.junit.Test;
46
47
48
49
50
51
52
53
54
55 public abstract class AbstractSessionInvalidateAndCreateTest
56 {
57 public class MySessionListener implements HttpSessionListener
58 {
59 List<String> destroys;
60
61 public void sessionCreated(HttpSessionEvent e)
62 {
63
64 }
65
66 public void sessionDestroyed(HttpSessionEvent e)
67 {
68 if (destroys == null)
69 destroys = new ArrayList<>();
70
71 destroys.add((String)e.getSession().getAttribute("identity"));
72 }
73 }
74
75 public abstract AbstractTestServer createServer(int port, int max, int scavenge);
76
77
78
79 public void pause(int scavengePeriod)
80 {
81 try
82 {
83 Thread.sleep(scavengePeriod * 3000L);
84 }
85 catch (InterruptedException e)
86 {
87 e.printStackTrace();
88 }
89 }
90
91 @Test
92 public void testSessionScavenge() throws Exception
93 {
94 String contextPath = "";
95 String servletMapping = "/server";
96 int inactivePeriod = 1;
97 int scavengePeriod = 2;
98 AbstractTestServer server = createServer(0, inactivePeriod, scavengePeriod);
99 ServletContextHandler context = server.addContext(contextPath);
100 TestServlet servlet = new TestServlet();
101 ServletHolder holder = new ServletHolder(servlet);
102 context.addServlet(holder, servletMapping);
103 MySessionListener listener = new MySessionListener();
104 context.getSessionHandler().addEventListener(listener);
105
106 try
107 {
108 server.start();
109 int port1 = server.getPort();
110
111 HttpClient client = new HttpClient();
112 client.start();
113 try
114 {
115 String url = "http://localhost:" + port1 + contextPath + servletMapping;
116
117
118
119 ContentResponse response1 = client.GET(url + "?action=init");
120 assertEquals(HttpServletResponse.SC_OK,response1.getStatus());
121 String sessionCookie = response1.getHeaders().get("Set-Cookie");
122 assertTrue(sessionCookie != null);
123
124 sessionCookie = sessionCookie.replaceFirst("(\\W)(P|p)ath=", "$1\\$Path=");
125
126
127
128 Request request2 = client.newRequest(url + "?action=test");
129 request2.header("Cookie", sessionCookie);
130 ContentResponse response2 = request2.send();
131 assertEquals(HttpServletResponse.SC_OK,response2.getStatus());
132
133
134 pause(scavengePeriod);
135
136
137
138 assertTrue(listener.destroys.contains("session1"));
139 assertTrue(listener.destroys.contains("session2"));
140
141 assertTrue(servlet.unbound);
142 }
143 finally
144 {
145 client.stop();
146 }
147 }
148 finally
149 {
150 server.stop();
151 }
152 }
153
154 public static class TestServlet extends HttpServlet
155 {
156 private boolean unbound = false;
157
158 public class MySessionBindingListener implements HttpSessionBindingListener, Serializable
159 {
160
161 public void valueUnbound(HttpSessionBindingEvent event)
162 {
163 unbound = true;
164 }
165
166 public void valueBound(HttpSessionBindingEvent event)
167 {
168
169 }
170 }
171
172 @Override
173 protected void doGet(HttpServletRequest request, HttpServletResponse httpServletResponse) throws ServletException, IOException
174 {
175 String action = request.getParameter("action");
176 if ("init".equals(action))
177 {
178 HttpSession session = request.getSession(true);
179 session.setAttribute("identity", "session1");
180 }
181 else if ("test".equals(action))
182 {
183 HttpSession session = request.getSession(false);
184 if (session != null)
185 {
186
187 session.invalidate();
188
189
190 session = request.getSession(true);
191 session.setAttribute("identity", "session2");
192 session.setAttribute("listener", new MySessionBindingListener());
193 }
194 else
195 fail("Session already missing");
196 }
197 }
198 }
199 }