Prevent NullPointerException when session ID changes
The old session ID may not exist in the session registry if the user is not authenticated. Closes gh-9011
This commit is contained in:
parent
6e6d382357
commit
a5b97bb569
|
@ -108,11 +108,13 @@ public class SessionRegistryImpl implements SessionRegistry, ApplicationListener
|
||||||
else if (event instanceof SessionIdChangedEvent) {
|
else if (event instanceof SessionIdChangedEvent) {
|
||||||
SessionIdChangedEvent sessionIdChangedEvent = (SessionIdChangedEvent) event;
|
SessionIdChangedEvent sessionIdChangedEvent = (SessionIdChangedEvent) event;
|
||||||
String oldSessionId = sessionIdChangedEvent.getOldSessionId();
|
String oldSessionId = sessionIdChangedEvent.getOldSessionId();
|
||||||
|
if (this.sessionIds.containsKey(oldSessionId)) {
|
||||||
Object principal = this.sessionIds.get(oldSessionId).getPrincipal();
|
Object principal = this.sessionIds.get(oldSessionId).getPrincipal();
|
||||||
removeSessionInformation(oldSessionId);
|
removeSessionInformation(oldSessionId);
|
||||||
registerNewSession(sessionIdChangedEvent.getNewSessionId(), principal);
|
registerNewSession(sessionIdChangedEvent.getNewSessionId(), principal);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void refreshLastRequest(String sessionId) {
|
public void refreshLastRequest(String sessionId) {
|
||||||
|
|
|
@ -173,6 +173,25 @@ public class SessionRegistryImplTests {
|
||||||
assertThat(this.sessionRegistry.getAllSessions(principal, false)).isEmpty();
|
assertThat(this.sessionRegistry.getAllSessions(principal, false)).isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void sessionIdChangedEventWhenSessionIdNotSavedThenDoesNothing() {
|
||||||
|
final String oldSessionId = "old-session-id";
|
||||||
|
final String newSessionId = "new-session-id";
|
||||||
|
this.sessionRegistry.onApplicationEvent(new SessionIdChangedEvent("") {
|
||||||
|
@Override
|
||||||
|
public String getOldSessionId() {
|
||||||
|
return oldSessionId;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getNewSessionId() {
|
||||||
|
return newSessionId;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
assertThat(this.sessionRegistry.getSessionInformation(oldSessionId)).isNull();
|
||||||
|
assertThat(this.sessionRegistry.getSessionInformation(newSessionId)).isNull();
|
||||||
|
}
|
||||||
|
|
||||||
private boolean contains(String sessionId, Object principal) {
|
private boolean contains(String sessionId, Object principal) {
|
||||||
List<SessionInformation> info = this.sessionRegistry.getAllSessions(principal, false);
|
List<SessionInformation> info = this.sessionRegistry.getAllSessions(principal, false);
|
||||||
for (SessionInformation sessionInformation : info) {
|
for (SessionInformation sessionInformation : info) {
|
||||||
|
|
Loading…
Reference in New Issue