Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Include FilterChain in SessionInformationExpiredEvent 

Closes gh-14077
This commit is contained in:
Ilpyo-Yang 2024-08-29 12:03:13 -03:00 committed by Marcus Hert Da Coregio
parent 3117feff61
commit 095929f6e8
3 changed files with 40 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2022 the original author or authors. * Copyright 2002-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -141,7 +141,7 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
.of(() -> "Requested session ID " + request.getRequestedSessionId() + " has expired.")); .of(() -> "Requested session ID " + request.getRequestedSessionId() + " has expired."));
doLogout(request, response); doLogout(request, response);
this.sessionInformationExpiredStrategy this.sessionInformationExpiredStrategy
.onExpiredSessionDetected(new SessionInformationExpiredEvent(info, request, response)); .onExpiredSessionDetected(new SessionInformationExpiredEvent(info, request, response, chain));
return; return;
} }
// Non-expired - update last request date/time // Non-expired - update last request date/time

27
web/src/main/java/org/springframework/security/web/session/SessionInformationExpiredEvent.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2016 the original author or authors. * Copyright 2002-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -16,6 +16,7 @@
package org.springframework.security.web.session; package org.springframework.security.web.session;
import jakarta.servlet.FilterChain;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
@ -35,6 +36,8 @@ public final class SessionInformationExpiredEvent extends ApplicationEvent {
private final HttpServletResponse response; private final HttpServletResponse response;
private final FilterChain filterChain;
/** /**
* Creates a new instance * Creates a new instance
* @param sessionInformation the SessionInformation that is expired * @param sessionInformation the SessionInformation that is expired
@ -43,11 +46,25 @@ public final class SessionInformationExpiredEvent extends ApplicationEvent {
*/ */
public SessionInformationExpiredEvent(SessionInformation sessionInformation, HttpServletRequest request, public SessionInformationExpiredEvent(SessionInformation sessionInformation, HttpServletRequest request,
HttpServletResponse response) { HttpServletResponse response) {
this(sessionInformation, request, response, null);
}
/**
* Creates a new instance
* @param sessionInformation the SessionInformation that is expired
* @param request the HttpServletRequest
* @param response the HttpServletResponse
* @param filterChain the FilterChain
* @since 6.4
*/
public SessionInformationExpiredEvent(SessionInformation sessionInformation, HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain) {
super(sessionInformation); super(sessionInformation);
Assert.notNull(request, "request cannot be null"); Assert.notNull(request, "request cannot be null");
Assert.notNull(response, "response cannot be null"); Assert.notNull(response, "response cannot be null");
this.request = request; this.request = request;
this.response = response; this.response = response;
this.filterChain = filterChain;
} }
/** /**
@ -68,4 +85,12 @@ public final class SessionInformationExpiredEvent extends ApplicationEvent {
return (SessionInformation) getSource(); return (SessionInformation) getSource();
} }
/**
* @return the filter chain. Can be {@code null}.
* @since 6.4
*/
public FilterChain getFilterChain() {
return this.filterChain;
}
} }

13
web/src/test/java/org/springframework/security/web/session/SessionInformationExpiredEventTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2016 the original author or authors. * Copyright 2002-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -20,10 +20,12 @@ import java.util.Date;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.core.session.SessionInformation; import org.springframework.security.core.session.SessionInformation;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/** /**
@ -50,4 +52,13 @@ public class SessionInformationExpiredEventTests {
new SessionInformation("fake", "sessionId", new Date()), new MockHttpServletRequest(), null)); new SessionInformation("fake", "sessionId", new Date()), new MockHttpServletRequest(), null));
} }
@Test
void constructorWhenFilterChainThenGetFilterChainReturnsNotNull() {
MockFilterChain filterChain = new MockFilterChain();
SessionInformationExpiredEvent event = new SessionInformationExpiredEvent(
new SessionInformation("fake", "sessionId", new Date()), new MockHttpServletRequest(),
new MockHttpServletResponse(), filterChain);
assertThat(event.getFilterChain()).isSameAs(filterChain);
}
} }