SEC-1870: Updated HttpSessionDestroyedEvent to properly look for SecurityContexts as session attribute values instead of session attribute names
This commit is contained in:
parent
044861eb20
commit
6fe6e18939
|
@ -27,6 +27,7 @@ import java.util.*;
|
|||
*
|
||||
* @author Ray Krueger
|
||||
* @author Luke Taylor
|
||||
* @author Rob Winch
|
||||
*/
|
||||
public class HttpSessionDestroyedEvent extends SessionDestroyedEvent {
|
||||
//~ Constructors ===================================================================================================
|
||||
|
@ -42,16 +43,17 @@ public class HttpSessionDestroyedEvent extends SessionDestroyedEvent {
|
|||
@SuppressWarnings("unchecked")
|
||||
@Override
|
||||
public List<SecurityContext> getSecurityContexts() {
|
||||
HttpSession session = (HttpSession)getSource();
|
||||
HttpSession session = getSession();
|
||||
|
||||
Enumeration<String> attributes = session.getAttributeNames();
|
||||
|
||||
ArrayList<SecurityContext> contexts = new ArrayList<SecurityContext>();
|
||||
|
||||
while(attributes.hasMoreElements()) {
|
||||
Object attribute = attributes.nextElement();
|
||||
if (attribute instanceof SecurityContext) {
|
||||
contexts.add((SecurityContext) attribute);
|
||||
String attributeName = attributes.nextElement();
|
||||
Object attributeValue = session.getAttribute(attributeName);
|
||||
if (attributeValue instanceof SecurityContext) {
|
||||
contexts.add((SecurityContext) attributeValue);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
package org.springframework.security.web.session;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertSame;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpSession;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Rob Winch
|
||||
*
|
||||
*/
|
||||
public class HttpSessionDestroyedEventTests {
|
||||
private MockHttpSession session;
|
||||
private HttpSessionDestroyedEvent destroyedEvent;
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
session = new MockHttpSession();
|
||||
session.setAttribute("notcontext", "notcontext");
|
||||
session.setAttribute("null", null);
|
||||
session.setAttribute("context", new SecurityContextImpl());
|
||||
destroyedEvent = new HttpSessionDestroyedEvent(session);
|
||||
}
|
||||
|
||||
// SEC-1870
|
||||
@Test
|
||||
public void getSecurityContexts() {
|
||||
List<SecurityContext> securityContexts = destroyedEvent.getSecurityContexts();
|
||||
assertEquals(1,securityContexts.size());
|
||||
assertSame(session.getAttribute("context"), securityContexts.get(0));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getSecurityContextsMulti() {
|
||||
session.setAttribute("another", new SecurityContextImpl());
|
||||
List<SecurityContext> securityContexts = destroyedEvent.getSecurityContexts();
|
||||
assertEquals(2,securityContexts.size());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getSecurityContextsDiffImpl() {
|
||||
session.setAttribute("context", mock(SecurityContext.class));
|
||||
List<SecurityContext> securityContexts = destroyedEvent.getSecurityContexts();
|
||||
assertEquals(1,securityContexts.size());
|
||||
assertSame(session.getAttribute("context"), securityContexts.get(0));
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue