Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 13:32:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1870: Updated HttpSessionDestroyedEvent to properly look for SecurityContexts as session attribute values instead of session attribute names

Browse Source
This commit is contained in:
Rob Winch 2011-12-29 15:41:21 -06:00
parent 044861eb20
commit 6fe6e18939
2 changed files with 61 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
web/src/main/java/org/springframework/security/web/session/HttpSessionDestroyedEvent.java
View File

@ -27,6 +27,7 @@ import java.util.*;
* *
* @author Ray Krueger * @author Ray Krueger
* @author Luke Taylor * @author Luke Taylor
* @author Rob Winch
*/ */
public class HttpSessionDestroyedEvent extends SessionDestroyedEvent { public class HttpSessionDestroyedEvent extends SessionDestroyedEvent {
//~ Constructors =================================================================================================== //~ Constructors ===================================================================================================
@ -42,16 +43,17 @@ public class HttpSessionDestroyedEvent extends SessionDestroyedEvent {
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
@Override @Override
public List<SecurityContext> getSecurityContexts() { public List<SecurityContext> getSecurityContexts() {
HttpSession session = (HttpSession)getSource(); HttpSession session = getSession();
Enumeration<String> attributes = session.getAttributeNames(); Enumeration<String> attributes = session.getAttributeNames();
ArrayList<SecurityContext> contexts = new ArrayList<SecurityContext>(); ArrayList<SecurityContext> contexts = new ArrayList<SecurityContext>();
while(attributes.hasMoreElements()) { while(attributes.hasMoreElements()) {
Object attribute = attributes.nextElement(); String attributeName = attributes.nextElement();
if (attribute instanceof SecurityContext) { Object attributeValue = session.getAttribute(attributeName);
contexts.add((SecurityContext) attribute); if (attributeValue instanceof SecurityContext) {
contexts.add((SecurityContext) attributeValue);
} }
} }

55
web/src/test/java/org/springframework/security/web/session/HttpSessionDestroyedEventTests.java Normal file
View File

@ -0,0 +1,55 @@
package org.springframework.security.web.session;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertSame;
import static org.mockito.Mockito.mock;
import java.util.List;
import org.junit.Before;
import org.junit.Test;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextImpl;
/**
*
* @author Rob Winch
*
*/
public class HttpSessionDestroyedEventTests {
private MockHttpSession session;
private HttpSessionDestroyedEvent destroyedEvent;
@Before
public void setUp() {
session = new MockHttpSession();
session.setAttribute("notcontext", "notcontext");
session.setAttribute("null", null);
session.setAttribute("context", new SecurityContextImpl());
destroyedEvent = new HttpSessionDestroyedEvent(session);
}
// SEC-1870
@Test
public void getSecurityContexts() {
List<SecurityContext> securityContexts = destroyedEvent.getSecurityContexts();
assertEquals(1,securityContexts.size());
assertSame(session.getAttribute("context"), securityContexts.get(0));
}
@Test
public void getSecurityContextsMulti() {
session.setAttribute("another", new SecurityContextImpl());
List<SecurityContext> securityContexts = destroyedEvent.getSecurityContexts();
assertEquals(2,securityContexts.size());
}
@Test
public void getSecurityContextsDiffImpl() {
session.setAttribute("context", mock(SecurityContext.class));
List<SecurityContext> securityContexts = destroyedEvent.getSecurityContexts();
assertEquals(1,securityContexts.size());
assertSame(session.getAttribute("context"), securityContexts.get(0));
}
}