View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.server.session;
20  
21  import java.io.IOException;
22  
23  import javax.servlet.ServletException;
24  import javax.servlet.http.HttpServlet;
25  import javax.servlet.http.HttpServletRequest;
26  import javax.servlet.http.HttpServletResponse;
27  import javax.servlet.http.HttpSession;
28  
29  import org.eclipse.jetty.client.ContentExchange;
30  import org.eclipse.jetty.client.HttpClient;
31  import org.eclipse.jetty.http.HttpMethods;
32  import org.eclipse.jetty.server.Request;
33  import org.eclipse.jetty.server.SessionManager;
34  import org.eclipse.jetty.server.session.AbstractTestServer;
35  import org.eclipse.jetty.servlet.ServletHolder;
36  import org.junit.Test;
37  import static org.junit.Assert.assertEquals;
38  import static org.junit.Assert.assertTrue;
39  
40  
41  
42  /**
43   * AbstractSessionExpiryTest
44   *
45   *
46   *
47   */
48  public abstract class AbstractSessionExpiryTest
49  {
50      public abstract AbstractTestServer createServer(int port, int max, int scavenge);
51  
52      public void pause(int scavengePeriod)
53      {
54          try
55          {
56              Thread.sleep(scavengePeriod * 2500L);
57          }
58          catch (InterruptedException e)
59          {
60              e.printStackTrace();
61          }
62      }
63      
64      @Test
65      public void testSessionNotExpired() throws Exception
66      {
67          String contextPath = "";
68          String servletMapping = "/server";
69          int inactivePeriod = 10;
70          int scavengePeriod = 10;
71          AbstractTestServer server1 = createServer(0, inactivePeriod, scavengePeriod);
72          TestServlet servlet = new TestServlet();
73          ServletHolder holder = new ServletHolder(servlet);
74          server1.addContext(contextPath).addServlet(holder, servletMapping);
75          server1.start();
76          int port1 = server1.getPort();
77  
78          try
79          {
80              HttpClient client = new HttpClient();
81              client.setConnectorType(HttpClient.CONNECTOR_SOCKET);
82              client.start();
83              String url = "http://localhost:" + port1 + contextPath + servletMapping;
84  
85              //make a request to set up a session on the server
86              ContentExchange exchange1 = new ContentExchange(true);
87              exchange1.setMethod(HttpMethods.GET);
88              exchange1.setURL(url + "?action=init");
89              client.send(exchange1);
90              exchange1.waitForDone();
91              assertEquals(HttpServletResponse.SC_OK,exchange1.getResponseStatus());
92              String sessionCookie = exchange1.getResponseFields().getStringField("Set-Cookie");
93              assertTrue(sessionCookie != null);
94              // Mangle the cookie, replacing Path with $Path, etc.
95              sessionCookie = sessionCookie.replaceFirst("(\\W)(P|p)ath=", "$1\\$Path=");
96              
97              //now stop the server
98              server1.stop();
99              
100             //start the server again, before the session times out
101             server1.start();            
102             port1 = server1.getPort();
103             url = "http://localhost:" + port1 + contextPath + servletMapping;
104             
105             //make another request, the session should not have expired
106             ContentExchange exchange2 = new ContentExchange(true);
107             exchange2.setMethod(HttpMethods.GET);
108             exchange2.setURL(url + "?action=notexpired");
109             exchange2.getRequestFields().add("Cookie", sessionCookie);
110             client.send(exchange2);
111             exchange2.waitForDone();
112             assertEquals(HttpServletResponse.SC_OK,exchange2.getResponseStatus());
113 
114         }
115         finally
116         {
117             server1.stop();
118         }
119     }
120 
121     @Test
122     public void testSessionExpiry() throws Exception
123     {
124         String contextPath = "";
125         String servletMapping = "/server";
126         int inactivePeriod = 2;
127         int scavengePeriod = 10;
128         AbstractTestServer server1 = createServer(0, inactivePeriod, scavengePeriod);
129         TestServlet servlet = new TestServlet();
130         ServletHolder holder = new ServletHolder(servlet);
131         server1.addContext(contextPath).addServlet(holder, servletMapping);
132         server1.start();
133         int port1 = server1.getPort();
134 
135         try
136         {
137             HttpClient client = new HttpClient();
138             client.setConnectorType(HttpClient.CONNECTOR_SOCKET);
139             client.start();
140             String url = "http://localhost:" + port1 + contextPath + servletMapping;
141 
142             //make a request to set up a session on the server
143             ContentExchange exchange1 = new ContentExchange(true);
144             exchange1.setMethod(HttpMethods.GET);
145             exchange1.setURL(url + "?action=init");
146             client.send(exchange1);
147             exchange1.waitForDone();
148             assertEquals(HttpServletResponse.SC_OK,exchange1.getResponseStatus());
149             String sessionCookie = exchange1.getResponseFields().getStringField("Set-Cookie");
150             assertTrue(sessionCookie != null);
151             // Mangle the cookie, replacing Path with $Path, etc.
152             sessionCookie = sessionCookie.replaceFirst("(\\W)(P|p)ath=", "$1\\$Path=");
153             
154             //now stop the server
155             server1.stop();
156             
157             //and wait until the expiry time has passed
158             pause(inactivePeriod);
159             
160             //restart the server
161             server1.start();            
162             port1 = server1.getPort();
163             url = "http://localhost:" + port1 + contextPath + servletMapping;
164             
165             //make another request, the session should have expired
166             ContentExchange exchange2 = new ContentExchange(true);
167             exchange2.setMethod(HttpMethods.GET);
168             exchange2.setURL(url + "?action=test");
169             exchange2.getRequestFields().add("Cookie", sessionCookie);
170             client.send(exchange2);
171             exchange2.waitForDone();
172             assertEquals(HttpServletResponse.SC_OK,exchange2.getResponseStatus());
173         }
174         finally
175         {
176             server1.stop();
177         }
178     }
179 
180     public static class TestServlet extends HttpServlet
181     {
182         public String originalId = null;
183         public String testId = null;
184         public String checkId = null;
185 
186         @Override
187         protected void doGet(HttpServletRequest request, HttpServletResponse httpServletResponse) throws ServletException, IOException
188         {
189             String action = request.getParameter("action");
190             if ("init".equals(action))
191             {
192                 HttpSession session = request.getSession(true);
193                 session.setAttribute("test", "test");
194                 originalId = session.getId();
195             }
196             else if ("test".equals(action))
197             {
198                 HttpSession session = request.getSession(true);
199                 assertTrue(session != null);
200                 assertTrue(!originalId.equals(session.getId()));
201             }
202             else if ("notexpired".equals(action))
203             {
204                 HttpSession session = request.getSession(false);
205                 assertTrue(session != null);
206                 assertTrue(originalId.equals(session.getId()));
207             }
208            
209         }
210     }
211 }