SessionRegistryImpl is now aware of SessionIdChangedEvent
This commit is contained in:
parent
ae532c080c
commit
5fc6414377
|
@ -0,0 +1,29 @@
|
|||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.core.session;
|
||||
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
|
||||
public abstract class SessionIdChangedEvent extends ApplicationEvent {
|
||||
|
||||
public SessionIdChangedEvent(Object source) {
|
||||
super(source);
|
||||
}
|
||||
|
||||
public abstract String getOldSessionId();
|
||||
|
||||
public abstract String getNewSessionId();
|
||||
}
|
|
@ -18,6 +18,7 @@ package org.springframework.security.core.session;
|
|||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
import org.springframework.context.ApplicationListener;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
@ -40,7 +41,7 @@ import java.util.concurrent.CopyOnWriteArraySet;
|
|||
* @author Luke Taylor
|
||||
*/
|
||||
public class SessionRegistryImpl implements SessionRegistry,
|
||||
ApplicationListener<SessionDestroyedEvent> {
|
||||
ApplicationListener<ApplicationEvent> {
|
||||
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
|
@ -101,9 +102,18 @@ public class SessionRegistryImpl implements SessionRegistry,
|
|||
return sessionIds.get(sessionId);
|
||||
}
|
||||
|
||||
public void onApplicationEvent(SessionDestroyedEvent event) {
|
||||
String sessionId = event.getId();
|
||||
public void onApplicationEvent(ApplicationEvent event) {
|
||||
if (event instanceof SessionDestroyedEvent) {
|
||||
SessionDestroyedEvent sessionDestroyedEvent = (SessionDestroyedEvent) event;
|
||||
String sessionId = sessionDestroyedEvent.getId();
|
||||
removeSessionInformation(sessionId);
|
||||
} else if (event instanceof SessionIdChangedEvent) {
|
||||
SessionIdChangedEvent sessionIdChangedEvent = (SessionIdChangedEvent) event;
|
||||
String oldSessionId = sessionIdChangedEvent.getOldSessionId();
|
||||
Object principal = sessionIds.get(oldSessionId).getPrincipal();
|
||||
removeSessionInformation(oldSessionId);
|
||||
registerNewSession(sessionIdChangedEvent.getNewSessionId(), principal);
|
||||
}
|
||||
}
|
||||
|
||||
public void refreshLastRequest(String sessionId) {
|
||||
|
|
|
@ -69,6 +69,33 @@ public class SessionRegistryImplTests {
|
|||
assertThat(sessionRegistry.getSessionInformation(sessionId)).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sessionIdChangedEventRemovesOldSessionAndAddsANewSession() {
|
||||
Object principal = "Some principal object";
|
||||
final String sessionId = "zzzz";
|
||||
final String newSessionId = "123";
|
||||
|
||||
// Register new Session
|
||||
sessionRegistry.registerNewSession(sessionId, principal);
|
||||
|
||||
// De-register session via an ApplicationEvent
|
||||
sessionRegistry.onApplicationEvent(new SessionIdChangedEvent("") {
|
||||
@Override
|
||||
public String getOldSessionId() {
|
||||
return sessionId;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getNewSessionId() {
|
||||
return newSessionId;
|
||||
}
|
||||
});
|
||||
|
||||
assertThat(sessionRegistry.getSessionInformation(sessionId)).isNull();
|
||||
assertThat(sessionRegistry.getSessionInformation(newSessionId)).isNotNull();
|
||||
assertThat(sessionRegistry.getSessionInformation(newSessionId).getPrincipal()).isEqualTo(principal);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMultiplePrincipals() {
|
||||
Object principal1 = "principal_1";
|
||||
|
|
|
@ -25,6 +25,7 @@ import org.springframework.security.web.context.support.SecurityWebApplicationCo
|
|||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.servlet.http.HttpSessionEvent;
|
||||
import javax.servlet.http.HttpSessionIdListener;
|
||||
import javax.servlet.http.HttpSessionListener;
|
||||
|
||||
/**
|
||||
|
@ -44,7 +45,7 @@ import javax.servlet.http.HttpSessionListener;
|
|||
*
|
||||
* @author Ray Krueger
|
||||
*/
|
||||
public class HttpSessionEventPublisher implements HttpSessionListener {
|
||||
public class HttpSessionEventPublisher implements HttpSessionListener, HttpSessionIdListener {
|
||||
// ~ Static fields/initializers
|
||||
// =====================================================================================
|
||||
|
||||
|
@ -90,4 +91,16 @@ public class HttpSessionEventPublisher implements HttpSessionListener {
|
|||
|
||||
getContext(event.getSession().getServletContext()).publishEvent(e);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void sessionIdChanged(HttpSessionEvent event, String oldSessionId) {
|
||||
HttpSessionIdChangedEvent e = new HttpSessionIdChangedEvent(event.getSession(), oldSessionId);
|
||||
Log log = LogFactory.getLog(LOGGER_NAME);
|
||||
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Publishing event: " + e);
|
||||
}
|
||||
|
||||
getContext(event.getSession().getServletContext()).publishEvent(e);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.session;
|
||||
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import org.springframework.security.core.session.SessionIdChangedEvent;
|
||||
|
||||
/**
|
||||
* Published by the {@link HttpSessionEventPublisher} when an {@code HttpSession} id
|
||||
* is changed
|
||||
*
|
||||
*/
|
||||
public class HttpSessionIdChangedEvent extends SessionIdChangedEvent {
|
||||
private final String oldSessionId;
|
||||
private final String newSessionid;
|
||||
// ~ Constructors
|
||||
// ===================================================================================================
|
||||
|
||||
public HttpSessionIdChangedEvent(HttpSession session, String oldSessionId) {
|
||||
super(session);
|
||||
this.oldSessionId = oldSessionId;
|
||||
this.newSessionid = session.getId();
|
||||
}
|
||||
|
||||
public String getOldSessionId() {
|
||||
return oldSessionId;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getNewSessionId() {
|
||||
return newSessionid;
|
||||
}
|
||||
}
|
|
@ -72,6 +72,11 @@ public class HttpSessionEventPublisherTests {
|
|||
assertThat(listener.getDestroyedEvent()).isNotNull();
|
||||
assertThat(listener.getCreatedEvent()).isNull();
|
||||
assertThat(listener.getDestroyedEvent().getSession()).isEqualTo(session);
|
||||
|
||||
publisher.sessionIdChanged(event, "oldSessionId");
|
||||
assertThat(listener.getSessionIdChangedEvent()).isNotNull();
|
||||
assertThat(listener.getSessionIdChangedEvent().getOldSessionId()).isEqualTo("oldSessionId");
|
||||
listener.setSessionIdChangedEvent(null);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -108,6 +113,11 @@ public class HttpSessionEventPublisherTests {
|
|||
assertThat(listener.getDestroyedEvent()).isNotNull();
|
||||
assertThat(listener.getCreatedEvent()).isNull();
|
||||
assertThat(listener.getDestroyedEvent().getSession()).isEqualTo(session);
|
||||
|
||||
publisher.sessionIdChanged(event, "oldSessionId");
|
||||
assertThat(listener.getSessionIdChangedEvent()).isNotNull();
|
||||
assertThat(listener.getSessionIdChangedEvent().getOldSessionId()).isEqualTo("oldSessionId");
|
||||
listener.setSessionIdChangedEvent(null);
|
||||
}
|
||||
|
||||
// SEC-2599
|
||||
|
@ -131,4 +141,14 @@ public class HttpSessionEventPublisherTests {
|
|||
|
||||
publisher.sessionDestroyed(event);
|
||||
}
|
||||
|
||||
@Test(expected = IllegalStateException.class)
|
||||
public void sessionIdChangeNullApplicationContext() {
|
||||
HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
|
||||
MockServletContext servletContext = new MockServletContext();
|
||||
MockHttpSession session = new MockHttpSession(servletContext);
|
||||
HttpSessionEvent event = new HttpSessionEvent(session);
|
||||
|
||||
publisher.sessionIdChanged(event, "oldSessionId");
|
||||
}
|
||||
}
|
||||
|
|
|
@ -32,6 +32,7 @@ public class MockApplicationListener implements ApplicationListener<ApplicationE
|
|||
|
||||
private HttpSessionCreatedEvent createdEvent;
|
||||
private HttpSessionDestroyedEvent destroyedEvent;
|
||||
private HttpSessionIdChangedEvent sessionIdChangedEvent;
|
||||
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
|
@ -51,6 +52,9 @@ public class MockApplicationListener implements ApplicationListener<ApplicationE
|
|||
else if (event instanceof HttpSessionDestroyedEvent) {
|
||||
destroyedEvent = (HttpSessionDestroyedEvent) event;
|
||||
}
|
||||
else if (event instanceof HttpSessionIdChangedEvent) {
|
||||
sessionIdChangedEvent = (HttpSessionIdChangedEvent) event;
|
||||
}
|
||||
}
|
||||
|
||||
public void setCreatedEvent(HttpSessionCreatedEvent createdEvent) {
|
||||
|
@ -60,4 +64,12 @@ public class MockApplicationListener implements ApplicationListener<ApplicationE
|
|||
public void setDestroyedEvent(HttpSessionDestroyedEvent destroyedEvent) {
|
||||
this.destroyedEvent = destroyedEvent;
|
||||
}
|
||||
|
||||
public void setSessionIdChangedEvent(HttpSessionIdChangedEvent sessionIdChangedEvent) {
|
||||
this.sessionIdChangedEvent = sessionIdChangedEvent;
|
||||
}
|
||||
|
||||
public HttpSessionIdChangedEvent getSessionIdChangedEvent() {
|
||||
return sessionIdChangedEvent;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue