Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x

This commit is contained in:
Jan Bartel 2021-05-24 10:24:13 +10:00
commit 5a38d47045
1 changed files with 51 additions and 2 deletions

View File

@ -14,6 +14,7 @@
package org.eclipse.jetty.server.session;
import java.io.IOException;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import jakarta.servlet.ServletException;
@ -33,6 +34,7 @@ import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
/**
* Test having multiple session cookies in a request.
@ -54,6 +56,8 @@ public class DuplicateCookieTest
ServletHolder holder = new ServletHolder(servlet);
ServletContextHandler contextHandler = server1.addContext(contextPath);
contextHandler.addServlet(holder, servletMapping);
TestHttpChannelCompleteListener scopeListener = new TestHttpChannelCompleteListener();
server1.getServerConnector().addBean(scopeListener);
server1.start();
int port1 = server1.getPort();
@ -70,6 +74,8 @@ public class DuplicateCookieTest
assertEquals(0, s4422.getRequests());
//make a request with another session cookie in there that does not exist
CountDownLatch latch = new CountDownLatch(1);
scopeListener.setExitSynchronizer(latch);
Request request = client.newRequest("http://localhost:" + port1 + contextPath + servletMapping + "?action=check");
request.headers(headers -> headers.add("Cookie", "JSESSIONID=123")); //doesn't exist
request.headers(headers -> headers.add("Cookie", "JSESSIONID=4422")); //does exist
@ -77,6 +83,10 @@ public class DuplicateCookieTest
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
assertEquals("4422", response.getContentAsString());
//ensure request has finished processing so session will be completed
assertTrue(latch.await(5, TimeUnit.SECONDS));
//check session is drained of requests
assertEquals(0, s4422.getRequests());
}
finally
@ -101,6 +111,8 @@ public class DuplicateCookieTest
ServletHolder holder = new ServletHolder(servlet);
ServletContextHandler contextHandler = server1.addContext(contextPath);
contextHandler.addServlet(holder, servletMapping);
TestHttpChannelCompleteListener scopeListener = new TestHttpChannelCompleteListener();
server1.getServerConnector().addBean(scopeListener);
server1.start();
int port1 = server1.getPort();
@ -127,6 +139,8 @@ public class DuplicateCookieTest
assertEquals(0, s2255.getRequests());
//make a request where the valid session cookie is first
CountDownLatch latch = new CountDownLatch(1);
scopeListener.setExitSynchronizer(latch);
Request request = client.newRequest("http://localhost:" + port1 + contextPath + servletMapping + "?action=check");
request.headers(headers -> headers.add("Cookie", "JSESSIONID=1122")); //is valid
request.headers(headers -> headers.add("Cookie", "JSESSIONID=2233")); //is invalid
@ -135,6 +149,10 @@ public class DuplicateCookieTest
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
assertEquals("1122", response.getContentAsString());
//ensure request has finished processing so session will be completed
assertTrue(latch.await(5, TimeUnit.SECONDS));
//check valid session is drained of requests
assertEquals(0, s1122.getRequests());
}
finally
@ -159,6 +177,8 @@ public class DuplicateCookieTest
ServletHolder holder = new ServletHolder(servlet);
ServletContextHandler contextHandler = server1.addContext(contextPath);
contextHandler.addServlet(holder, servletMapping);
TestHttpChannelCompleteListener scopeListener = new TestHttpChannelCompleteListener();
server1.getServerConnector().addBean(scopeListener);
server1.start();
int port1 = server1.getPort();
@ -185,6 +205,9 @@ public class DuplicateCookieTest
assertEquals(0, s2255.getRequests());
//make a request with the valid session cookie last
// Create the session
CountDownLatch latch = new CountDownLatch(1);
scopeListener.setExitSynchronizer(latch);
Request request = client.newRequest("http://localhost:" + port1 + contextPath + servletMapping + "?action=check");
request.headers(headers -> headers.add("Cookie", "JSESSIONID=2233")); //is invalid
request.headers(headers -> headers.add("Cookie", "JSESSIONID=2255")); //is invalid
@ -193,6 +216,10 @@ public class DuplicateCookieTest
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
assertEquals("1122", response.getContentAsString());
//ensure request has completed so session will be completed
assertTrue(latch.await(5, TimeUnit.SECONDS));
//check valid session drained of requests
assertEquals(0, s1122.getRequests());
}
finally
@ -217,6 +244,8 @@ public class DuplicateCookieTest
ServletHolder holder = new ServletHolder(servlet);
ServletContextHandler contextHandler = server1.addContext(contextPath);
contextHandler.addServlet(holder, servletMapping);
TestHttpChannelCompleteListener scopeListener = new TestHttpChannelCompleteListener();
server1.getServerConnector().addBean(scopeListener);
server1.start();
int port1 = server1.getPort();
@ -243,6 +272,8 @@ public class DuplicateCookieTest
assertEquals(0, s2255.getRequests());
//make a request with another session cookie with the valid session surrounded by invalids
CountDownLatch latch = new CountDownLatch(1);
scopeListener.setExitSynchronizer(latch);
Request request = client.newRequest("http://localhost:" + port1 + contextPath + servletMapping + "?action=check");
request.headers(headers -> headers.add("Cookie", "JSESSIONID=2233")); //is invalid
request.headers(headers -> headers.add("Cookie", "JSESSIONID=1122")); //is valid
@ -251,6 +282,10 @@ public class DuplicateCookieTest
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
assertEquals("1122", response.getContentAsString());
//ensure request has completed so session will be completed
assertTrue(latch.await(5, TimeUnit.SECONDS));
//check valid session drained of requests
assertEquals(0, s1122.getRequests());
}
finally
@ -275,12 +310,14 @@ public class DuplicateCookieTest
ServletHolder holder = new ServletHolder(servlet);
ServletContextHandler contextHandler = server1.addContext(contextPath);
contextHandler.addServlet(holder, servletMapping);
TestHttpChannelCompleteListener scopeListener = new TestHttpChannelCompleteListener();
server1.getServerConnector().addBean(scopeListener);
server1.start();
int port1 = server1.getPort();
try (StacklessLogging ignored = new StacklessLogging(DuplicateCookieTest.class.getPackage()))
{
//create some of unexpired sessions
//create some unexpired sessions
Session s1234 = createUnExpiredSession(contextHandler.getSessionHandler().getSessionCache(),
contextHandler.getSessionHandler().getSessionCache().getSessionDataStore(),
"1234");
@ -300,13 +337,18 @@ public class DuplicateCookieTest
assertEquals(0, s9111.getRequests());
//make a request with multiple valid session ids
CountDownLatch latch = new CountDownLatch(1);
scopeListener.setExitSynchronizer(latch);
Request request = client.newRequest("http://localhost:" + port1 + contextPath + servletMapping + "?action=check");
request.headers(headers -> headers.add("Cookie", "JSESSIONID=1234"));
request.headers(headers -> headers.add("Cookie", "JSESSIONID=5678"));
ContentResponse response = request.send();
assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
//check that all valid sessions have their request counts decremented correctly after the request, back to 0
//ensure request has completed so any session will be completed
assertTrue(latch.await(5, TimeUnit.SECONDS));
//check that all sessions have their request counts decremented correctly after the request, back to 0
assertEquals(0, s1234.getRequests());
assertEquals(0, s5678.getRequests());
assertEquals(0, s9111.getRequests());
@ -333,6 +375,8 @@ public class DuplicateCookieTest
ServletHolder holder = new ServletHolder(servlet);
ServletContextHandler contextHandler = server1.addContext(contextPath);
contextHandler.addServlet(holder, servletMapping);
TestHttpChannelCompleteListener scopeListener = new TestHttpChannelCompleteListener();
server1.getServerConnector().addBean(scopeListener);
server1.start();
int port1 = server1.getPort();
@ -350,12 +394,17 @@ public class DuplicateCookieTest
assertEquals(0, s1234.getRequests());
//make a request with multiple valid session ids
CountDownLatch latch = new CountDownLatch(1);
scopeListener.setExitSynchronizer(latch);
Request request = client.newRequest("http://localhost:" + port1 + contextPath + servletMapping + "?action=check");
request.headers(headers -> headers.add("Cookie", "JSESSIONID=1234"));
request.headers(headers -> headers.add("Cookie", "JSESSIONID=1234"));
ContentResponse response = request.send();
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
//ensure request has finished processing so session will be completed
assertTrue(latch.await(5, TimeUnit.SECONDS));
//check that all valid sessions have their request counts decremented correctly after the request, back to 0
assertEquals(0, s1234.getRequests());
}