View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.server.session;
20  
21  import static org.junit.Assert.assertEquals;
22  import static org.junit.Assert.assertTrue;
23  import static org.junit.Assert.fail;
24  
25  import java.io.IOException;
26  import java.io.Serializable;
27  import java.util.ArrayList;
28  import java.util.List;
29  
30  import javax.servlet.ServletException;
31  import javax.servlet.http.HttpServlet;
32  import javax.servlet.http.HttpServletRequest;
33  import javax.servlet.http.HttpServletResponse;
34  import javax.servlet.http.HttpSession;
35  import javax.servlet.http.HttpSessionBindingEvent;
36  import javax.servlet.http.HttpSessionBindingListener;
37  import javax.servlet.http.HttpSessionEvent;
38  import javax.servlet.http.HttpSessionListener;
39  
40  import org.eclipse.jetty.client.HttpClient;
41  import org.eclipse.jetty.client.api.ContentResponse;
42  import org.eclipse.jetty.client.api.Request;
43  import org.eclipse.jetty.servlet.ServletContextHandler;
44  import org.eclipse.jetty.servlet.ServletHolder;
45  import org.junit.Test;
46  
47  /**
48   * AbstractSessionInvalidateAndCreateTest
49   *
50   * This test verifies that invalidating an existing session and creating
51   * a new session within the scope of a single request will expire the
52   * newly created session correctly (removed from the server and session listeners called).
53   * See https://bugs.eclipse.org/bugs/show_bug.cgi?id=377610
54   */
55  public abstract class AbstractSessionInvalidateAndCreateTest
56  {
57      public class MySessionListener implements HttpSessionListener
58      {
59          List<String> destroys;
60  
61          public void sessionCreated(HttpSessionEvent e)
62          {
63  
64          }
65  
66          public void sessionDestroyed(HttpSessionEvent e)
67          {
68              if (destroys == null)
69                  destroys = new ArrayList<>();
70  
71              destroys.add((String)e.getSession().getAttribute("identity"));
72          }
73      }
74  
75      public abstract AbstractTestServer createServer(int port, int max, int scavenge);
76  
77  
78  
79      public void pause(int scavengePeriod)
80      {
81          try
82          {
83              Thread.sleep(scavengePeriod * 3000L);
84          }
85          catch (InterruptedException e)
86          {
87              e.printStackTrace();
88          }
89      }
90  
91      @Test
92      public void testSessionScavenge() throws Exception
93      {
94          String contextPath = "";
95          String servletMapping = "/server";
96          int inactivePeriod = 1;
97          int scavengePeriod = 2;
98          AbstractTestServer server = createServer(0, inactivePeriod, scavengePeriod);
99          ServletContextHandler context = server.addContext(contextPath);
100         TestServlet servlet = new TestServlet();
101         ServletHolder holder = new ServletHolder(servlet);
102         context.addServlet(holder, servletMapping);
103         MySessionListener listener = new MySessionListener();
104         context.getSessionHandler().addEventListener(listener);
105     
106         try
107         {
108             server.start();
109             int port1 = server.getPort();
110             
111             HttpClient client = new HttpClient();
112             client.start();
113             try
114             {
115                 String url = "http://localhost:" + port1 + contextPath + servletMapping;
116 
117 
118                 // Create the session
119                 ContentResponse response1 = client.GET(url + "?action=init");
120                 assertEquals(HttpServletResponse.SC_OK,response1.getStatus());
121                 String sessionCookie = response1.getHeaders().get("Set-Cookie");
122                 assertTrue(sessionCookie != null);
123                 // Mangle the cookie, replacing Path with $Path, etc.
124                 sessionCookie = sessionCookie.replaceFirst("(\\W)(P|p)ath=", "$1\\$Path=");
125 
126 
127                 // Make a request which will invalidate the existing session and create a new one
128                 Request request2 = client.newRequest(url + "?action=test");
129                 request2.header("Cookie", sessionCookie);
130                 ContentResponse response2 = request2.send();
131                 assertEquals(HttpServletResponse.SC_OK,response2.getStatus());
132 
133                 // Wait for the scavenger to run, waiting 3 times the scavenger period
134                 pause(scavengePeriod);
135 
136                 //test that the session created in the last test is scavenged:
137                 //the HttpSessionListener should have been called when session1 was invalidated and session2 was scavenged
138                 assertTrue(listener.destroys.contains("session1"));
139                 assertTrue(listener.destroys.contains("session2"));
140                 //session2's HttpSessionBindingListener should have been called when it was scavenged
141                 assertTrue(servlet.unbound);
142             }
143             finally
144             {
145                 client.stop();
146             }
147         }
148         finally
149         {
150             server.stop();
151         }
152     }
153 
154     public static class TestServlet extends HttpServlet
155     {
156         private boolean unbound = false;
157         
158         public class MySessionBindingListener implements HttpSessionBindingListener, Serializable
159         {
160 
161             public void valueUnbound(HttpSessionBindingEvent event)
162             {
163                 unbound = true;
164             }
165 
166             public void valueBound(HttpSessionBindingEvent event)
167             {
168 
169             }
170         }
171 
172         @Override
173         protected void doGet(HttpServletRequest request, HttpServletResponse httpServletResponse) throws ServletException, IOException
174         {
175             String action = request.getParameter("action");
176             if ("init".equals(action))
177             {
178                 HttpSession session = request.getSession(true);
179                 session.setAttribute("identity", "session1");
180             }
181             else if ("test".equals(action))
182             {
183                 HttpSession session = request.getSession(false);
184                 if (session != null)
185                 {
186                     //invalidate existing session
187                     session.invalidate();
188 
189                     //now make a new session
190                     session = request.getSession(true);
191                     session.setAttribute("identity", "session2");
192                     session.setAttribute("listener", new MySessionBindingListener());
193                 }
194                 else
195                     fail("Session already missing");
196             }
197         }
198     }
199 }