added live tests for session timeout properties

2019-07-25 11:40:21 -03:00 · 2019-07-25 11:40:21 -03:00 · b981da41c8
commit b981da41c8
parent b355af4d01
3 changed files with 110 additions and 1 deletions
--- a/spring-security-mvc-session/src/main/java/com/baeldung/web/SessionRestController.java
+++ b/spring-security-mvc-session/src/main/java/com/baeldung/web/SessionRestController.java
@ -0,0 +1,17 @@
+package com.baeldung.web;
+
+import javax.servlet.http.HttpSession;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class SessionRestController {
+
+    @GetMapping("/session-max-interval")
+    @ResponseBody
+    public String retrieveMaxSessionIncativeInterval(HttpSession session) {
+        return "Max Inactive Interval before Session expires: " + session.getMaxInactiveInterval();
+    }
+}
--- a/spring-security-mvc-session/src/main/resources/application.properties
+++ b/spring-security-mvc-session/src/main/resources/application.properties
@ -1,4 +1,4 @@
-server.servlet.session.timeout=60s
+server.servlet.session.timeout=65s

 spring.mvc.view.prefix=/WEB-INF/view/
 spring.mvc.view.suffix=.jsp
--- a/spring-security-mvc-session/src/test/java/com/baeldung/session/SessionConfigurationIntegrationTest.java
+++ b/spring-security-mvc-session/src/test/java/com/baeldung/session/SessionConfigurationIntegrationTest.java
@ -0,0 +1,92 @@
+package com.baeldung.session;
+
+import static io.restassured.RestAssured.given;
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.util.Optional;
+
+import org.junit.Test;
+import org.springframework.http.HttpStatus;
+
+import io.restassured.filter.session.SessionFilter;
+import io.restassured.response.Response;
+import io.restassured.specification.RequestSpecification;
+
+/**
+ * This Live Test requires the service to be up and running.
+ */
+public class SessionConfigurationIntegrationTest {
+
+    private static final String USER = "user1";
+    private static final String PASSWORD = "user1Pass";
+    private static final String SESSION_SVC_URL = "http://localhost:8080/session-max-interval";
+
+    @Test
+    public void givenValidUser_whenRequestResourceAfterSessionExpiration_thenRedirectedToInvalidSessionUri() throws Exception {
+        SessionFilter sessionFilter = new SessionFilter();
+        simpleSvcRequestLoggingIn(sessionFilter);
+        Response resp2 = simpleResponseRequestUsingSessionNotFollowingRedirects(sessionFilter);
+        assertThat(resp2.getStatusCode()).isEqualTo(HttpStatus.OK.value());
+        assertThat(resp2.getBody()
+            .asString()).isEqualTo("Max Inactive Interval before Session expires: 60");
+
+        // session will be expired in 60 seconds...
+        Thread.sleep(62000);
+        Response resp3 = simpleResponseRequestUsingSessionNotFollowingRedirects(sessionFilter);
+
+        assertThat(resp3.getStatusCode()).isEqualTo(HttpStatus.FOUND.value());
+        assertThat(resp3.getHeader("Location")).isEqualTo("http://localhost:8080/invalidSession.html");
+    }
+
+    @Test
+    public void givenValidUser_whenLoginMoreThanMaxValidSession_thenRedirectedToExpiredSessionUri() throws Exception {
+        SessionFilter sessionFilter = new SessionFilter();
+        simpleSvcRequestLoggingIn(sessionFilter);
+        simpleSvcRequestLoggingIn();
+
+        // this login will expire the first session
+        simpleSvcRequestLoggingIn();
+
+        // now try to access a resource using expired session
+        Response resp4 = given().filter(sessionFilter)
+            .and()
+            .redirects()
+            .follow(false)
+            .when()
+            .get(SESSION_SVC_URL);
+
+        assertThat(resp4.getStatusCode()).isEqualTo(HttpStatus.FOUND.value());
+        assertThat(resp4.getHeader("Location")).isEqualTo("http://localhost:8080/sessionExpired.html");
+    }
+
+    private static void simpleSvcRequestLoggingIn() {
+        simpleSvcRequestLoggingIn(null);
+    }
+
+    private static void simpleSvcRequestLoggingIn(SessionFilter sessionFilter) {
+        Response response = simpleResponseSvcRequestLoggingIn(Optional.ofNullable(sessionFilter));
+
+        assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK.value());
+        assertThat(response.getBody()
+            .asString()).isEqualTo("Max Inactive Interval before Session expires: 60");
+    }
+
+    private static Response simpleResponseSvcRequestLoggingIn(Optional<SessionFilter> sessionFilter) {
+        RequestSpecification spec = given().auth()
+            .form(USER, PASSWORD);
+        sessionFilter.ifPresent(filter -> spec.and()
+            .filter(filter));
+        return spec.when()
+            .get(SESSION_SVC_URL);
+    }
+
+    private static Response simpleResponseRequestUsingSessionNotFollowingRedirects(SessionFilter sessionFilter) {
+        return given().filter(sessionFilter)
+            .and()
+            .redirects()
+            .follow(false)
+            .when()
+            .get(SESSION_SVC_URL);
+    }
+
+}