1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.server.session;
20
21 import static org.junit.Assert.assertEquals;
22 import static org.junit.Assert.assertFalse;
23 import static org.junit.Assert.assertNotNull;
24 import static org.junit.Assert.assertNotSame;
25 import static org.junit.Assert.assertNull;
26 import static org.junit.Assert.assertTrue;
27
28 import java.io.IOException;
29
30 import javax.servlet.ServletException;
31 import javax.servlet.http.HttpServlet;
32 import javax.servlet.http.HttpServletRequest;
33 import javax.servlet.http.HttpServletResponse;
34 import javax.servlet.http.HttpSession;
35 import javax.servlet.http.HttpSessionEvent;
36 import javax.servlet.http.HttpSessionIdListener;
37
38 import org.eclipse.jetty.client.HttpClient;
39 import org.eclipse.jetty.client.api.ContentResponse;
40 import org.eclipse.jetty.client.api.Request;
41 import org.eclipse.jetty.webapp.WebAppContext;
42
43
44 public abstract class AbstractSessionRenewTest
45 {
46 public abstract AbstractTestServer createServer(int port, int max, int scavenge);
47
48 public void testSessionRenewal() throws Exception
49 {
50 String contextPath = "";
51 String servletMapping = "/server";
52 int scavengePeriod = 3;
53 AbstractTestServer server = createServer(0, 1, scavengePeriod);
54 WebAppContext context = server.addWebAppContext(".", contextPath);
55 context.addServlet(TestServlet.class, servletMapping);
56 TestHttpSessionIdListener testListener = new TestHttpSessionIdListener();
57 context.addEventListener(testListener);
58
59
60
61 HttpClient client = new HttpClient();
62 try
63 {
64 server.start();
65 int port=server.getPort();
66
67 client.start();
68
69
70 ContentResponse response = client.GET("http://localhost:" + port + contextPath + servletMapping + "?action=create");
71 assertEquals(HttpServletResponse.SC_OK,response.getStatus());
72
73 String sessionCookie = response.getHeaders().get("Set-Cookie");
74 assertTrue(sessionCookie != null);
75 assertFalse(testListener.isCalled());
76
77
78 Request request = client.newRequest("http://localhost:" + port + contextPath + servletMapping + "?action=renew");
79 request.header("Cookie", sessionCookie);
80 ContentResponse renewResponse = request.send();
81 assertEquals(HttpServletResponse.SC_OK,renewResponse.getStatus());
82 String renewSessionCookie = renewResponse.getHeaders().get("Set-Cookie");
83 assertNotNull(renewSessionCookie);
84 assertNotSame(sessionCookie, renewSessionCookie);
85 assertTrue(testListener.isCalled());
86 }
87 finally
88 {
89 client.stop();
90 server.stop();
91 }
92 }
93
94
95
96 public static class TestHttpSessionIdListener implements HttpSessionIdListener
97 {
98 boolean called = false;
99
100 @Override
101 public void sessionIdChanged(HttpSessionEvent event, String oldSessionId)
102 {
103 assertNotNull(event.getSession());
104 assertNotSame(oldSessionId, event.getSession().getId());
105 called = true;
106 }
107
108 public boolean isCalled()
109 {
110 return called;
111 }
112 }
113
114
115 public static class TestServlet extends HttpServlet
116 {
117
118 @Override
119 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
120 {
121 String action = request.getParameter("action");
122 if ("create".equals(action))
123 {
124 HttpSession session = request.getSession(true);
125 assertTrue(session.isNew());
126 }
127 else if ("renew".equals(action))
128 {
129 HttpSession beforeSession = request.getSession(false);
130 assertTrue(beforeSession != null);
131 String beforeSessionId = beforeSession.getId();
132
133
134 ((AbstractSession)beforeSession).renewId(request);
135
136 HttpSession afterSession = request.getSession(false);
137 assertTrue(afterSession != null);
138 String afterSessionId = afterSession.getId();
139
140 assertTrue(beforeSession==afterSession);
141 assertFalse(beforeSessionId.equals(afterSessionId));
142
143 AbstractSessionManager sessionManager = (AbstractSessionManager)((AbstractSession)afterSession).getSessionManager();
144 AbstractSessionIdManager sessionIdManager = (AbstractSessionIdManager)sessionManager.getSessionIdManager();
145
146 assertTrue(sessionIdManager.idInUse(afterSessionId));
147 assertFalse(sessionIdManager.idInUse(beforeSessionId));
148
149 HttpSession session = sessionManager.getSession(afterSessionId);
150 assertNotNull(session);
151 session = sessionManager.getSession(beforeSessionId);
152 assertNull(session);
153
154 if (((AbstractSession)afterSession).isIdChanged())
155 {
156 ((org.eclipse.jetty.server.Response)response).addCookie(sessionManager.getSessionCookie(afterSession, request.getContextPath(), request.isSecure()));
157 }
158 }
159 }
160 }
161
162 }