1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.server.session;
20
21 import static org.junit.Assert.assertEquals;
22 import static org.junit.Assert.assertTrue;
23 import static org.junit.Assert.fail;
24
25 import java.io.IOException;
26 import java.io.Serializable;
27 import java.util.ArrayList;
28 import java.util.List;
29
30 import javax.servlet.ServletException;
31 import javax.servlet.http.HttpServlet;
32 import javax.servlet.http.HttpServletRequest;
33 import javax.servlet.http.HttpServletResponse;
34 import javax.servlet.http.HttpSession;
35 import javax.servlet.http.HttpSessionBindingEvent;
36 import javax.servlet.http.HttpSessionBindingListener;
37 import javax.servlet.http.HttpSessionEvent;
38 import javax.servlet.http.HttpSessionListener;
39
40 import org.eclipse.jetty.client.HttpClient;
41 import org.eclipse.jetty.client.api.ContentResponse;
42 import org.eclipse.jetty.client.api.Request;
43 import org.eclipse.jetty.servlet.ServletContextHandler;
44 import org.eclipse.jetty.servlet.ServletHolder;
45 import org.junit.Assert;
46 import org.junit.Test;
47
48
49
50
51
52
53
54
55
56 public abstract class AbstractSessionInvalidateAndCreateTest
57 {
58 public class MySessionListener implements HttpSessionListener
59 {
60 List<String> destroys;
61
62 public void sessionCreated(HttpSessionEvent e)
63 {
64
65 }
66
67 public void sessionDestroyed(HttpSessionEvent e)
68 {
69 if (destroys == null)
70 destroys = new ArrayList<>();
71
72 destroys.add((String)e.getSession().getAttribute("identity"));
73 }
74 }
75
76 public abstract AbstractTestServer createServer(int port, int max, int scavenge);
77
78
79
80 public void pause(int scavengePeriod)
81 {
82 try
83 {
84 Thread.sleep(scavengePeriod * 3000L);
85 }
86 catch (InterruptedException e)
87 {
88 e.printStackTrace();
89 }
90 }
91
92 @Test
93 public void testSessionScavenge() throws Exception
94 {
95 String contextPath = "";
96 String servletMapping = "/server";
97 int inactivePeriod = 1;
98 int scavengePeriod = 2;
99 AbstractTestServer server = createServer(0, inactivePeriod, scavengePeriod);
100 ServletContextHandler context = server.addContext(contextPath);
101 TestServlet servlet = new TestServlet();
102 ServletHolder holder = new ServletHolder(servlet);
103 context.addServlet(holder, servletMapping);
104 MySessionListener listener = new MySessionListener();
105 context.getSessionHandler().addEventListener(listener);
106
107 try
108 {
109 server.start();
110 int port1 = server.getPort();
111
112 HttpClient client = new HttpClient();
113 client.start();
114 try
115 {
116 String url = "http://localhost:" + port1 + contextPath + servletMapping;
117
118
119
120 ContentResponse response1 = client.GET(url + "?action=init");
121 assertEquals(HttpServletResponse.SC_OK,response1.getStatus());
122 String sessionCookie = response1.getHeaders().getStringField("Set-Cookie");
123 assertTrue(sessionCookie != null);
124
125 sessionCookie = sessionCookie.replaceFirst("(\\W)(P|p)ath=", "$1\\$Path=");
126
127
128
129 Request request2 = client.newRequest(url + "?action=test");
130 request2.header("Cookie", sessionCookie);
131 ContentResponse response2 = request2.send();
132 assertEquals(HttpServletResponse.SC_OK,response2.getStatus());
133
134
135 pause(scavengePeriod);
136
137
138
139 assertTrue(listener.destroys.contains("session1"));
140 assertTrue(listener.destroys.contains("session2"));
141
142 assertTrue(servlet.unbound);
143 }
144 finally
145 {
146 client.stop();
147 }
148 }
149 finally
150 {
151 server.stop();
152 }
153 }
154
155 public static class TestServlet extends HttpServlet
156 {
157 private boolean unbound = false;
158
159 public class MySessionBindingListener implements HttpSessionBindingListener, Serializable
160 {
161
162 public void valueUnbound(HttpSessionBindingEvent event)
163 {
164 unbound = true;
165 }
166
167 public void valueBound(HttpSessionBindingEvent event)
168 {
169
170 }
171 }
172
173 @Override
174 protected void doGet(HttpServletRequest request, HttpServletResponse httpServletResponse) throws ServletException, IOException
175 {
176 String action = request.getParameter("action");
177 if ("init".equals(action))
178 {
179 HttpSession session = request.getSession(true);
180 session.setAttribute("identity", "session1");
181 }
182 else if ("test".equals(action))
183 {
184 HttpSession session = request.getSession(false);
185 if (session != null)
186 {
187
188 session.invalidate();
189
190
191 session = request.getSession(true);
192 session.setAttribute("identity", "session2");
193 session.setAttribute("listener", new MySessionBindingListener());
194 }
195 else
196 fail("Session already missing");
197 }
198 }
199 }
200 }