/** * Convenience method for asserting that this session has not been * {@linkplain #invalidate() invalidated}. * @throws IllegalStateException if this session has been invalidated */ private void assertIsValid() { Assert.state(!isInvalid(), "The session has already been invalidated"); }
@Override @Nullable public HttpSession getSession(boolean create) { checkActive(); // Reset session if invalidated. if (this.session instanceof MockHttpSession && ((MockHttpSession) this.session).isInvalid()) { this.session = null; } // Create new session if necessary. if (this.session == null && create) { this.session = new MockHttpSession(this.servletContext); } return this.session; }
@Override public void match(MvcResult result) { if (!this.exists) { assertThat(result.getRequest().getSession(false)).isNull(); return; } assertThat(result.getRequest().getSession(false)).isNotNull(); MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); if (this.valid != null) { if (this.valid) { assertThat(session.isInvalid()).isFalse(); } else { assertThat(session.isInvalid()).isTrue(); } } if (this.id != null) { assertThat(session.getId()).isEqualTo(this.id); } } }
.andReturn().getRequest().getSession(false); assertTrue(afterLoginSession.isInvalid()); assertNotNull(afterPasswordChange); assertNotNull(afterPasswordChange.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY));
.andReturn().getRequest().getSession(false); assertTrue(afterLoginSessionA.isInvalid()); assertNotNull(afterPasswordChange); assertNotNull(afterPasswordChange.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY));
/** * Convenience method for asserting that this session has not been * {@linkplain #invalidate() invalidated}. * @throws IllegalStateException if this session has been invalidated */ private void assertIsValid() { Assert.state(!isInvalid(), "The session has already been invalidated"); }
/** * Convenience method for asserting that this session has not been * {@linkplain #invalidate() invalidated}. * @throws IllegalStateException if this session has been invalidated */ private void assertIsValid() { Assert.state(!isInvalid(), "The session has already been invalidated"); }
@Override @Nullable public HttpSession getSession(boolean create) { checkActive(); // Reset session if invalidated. if (this.session instanceof MockHttpSession && ((MockHttpSession) this.session).isInvalid()) { this.session = null; } // Create new session if necessary. if (this.session == null && create) { this.session = new MockHttpSession(this.servletContext); } return this.session; }
@Override public HttpSession getSession(boolean create) { checkActive(); // Reset session if invalidated. if (this.session instanceof MockHttpSession && ((MockHttpSession) this.session).isInvalid()) { this.session = null; } // Create new session if necessary. if (this.session == null && create) { this.session = new MockHttpSession(this.servletContext); } return this.session; }
@Test public void backChannelLogoutOK() { final MockHttpSession session = doBackChannelLogout(); assertFalse(handler.process(request, response)); assertTrue(session.isInvalid()); }
@Test public void backChannelLogoutDoesNotRunIfPathIsNotEligibleForLogout() { handler.setLogoutCallbackPath("/logout"); request.setServletPath("/not-a-logout"); final MockHttpSession session = doBackChannelLogout(); assertTrue(handler.process(request, response)); assertFalse(session.isInvalid()); }
@Test public void backChannelLogoutRunsIfPathEqualsLogoutPath() { handler.setLogoutCallbackPath("/logout"); request.setServletPath("/logout"); final MockHttpSession session = doBackChannelLogout(); assertFalse(handler.process(request, response)); assertTrue(session.isInvalid()); }
@Test public void backChannelLogoutFailsIfNoSessionIndex() { final String logoutMessage = LogoutMessageGenerator.generateBackChannelLogoutMessage(""); request.setParameter(LOGOUT_PARAMETER_NAME, logoutMessage); request.setMethod("POST"); final MockHttpSession session = new MockHttpSession(); handler.getSessionMappingStorage().addSessionById(TICKET, session); assertFalse(handler.process(request, response)); assertFalse(session.isInvalid()); }
@Test public void frontChannelLogoutFailsIfBadParameter() { final String logoutMessage = LogoutMessageGenerator.generateFrontChannelLogoutMessage(TICKET); request.setParameter(ANOTHER_PARAMETER, logoutMessage); request.setMethod("GET"); request.setQueryString(ANOTHER_PARAMETER + "=" + logoutMessage); final MockHttpSession session = new MockHttpSession(); handler.getSessionMappingStorage().addSessionById(TICKET, session); assertTrue(handler.process(request, response)); assertFalse(session.isInvalid()); }
@Test public void backChannelLogoutFailsIfMultipart() { final String logoutMessage = LogoutMessageGenerator.generateBackChannelLogoutMessage(TICKET); request.setParameter(LOGOUT_PARAMETER_NAME, logoutMessage); request.setMethod("POST"); request.setContentType("multipart/form-data"); final MockHttpSession session = new MockHttpSession(); handler.getSessionMappingStorage().addSessionById(TICKET, session); assertTrue(handler.process(request, response)); assertFalse(session.isInvalid()); }
@Test public void frontChannelLogoutFailsIfNoSessionIndex() { final String logoutMessage = LogoutMessageGenerator.generateFrontChannelLogoutMessage(""); request.setParameter(LOGOUT_PARAMETER_NAME, logoutMessage); request.setQueryString(LOGOUT_PARAMETER_NAME + "=" + logoutMessage); request.setMethod("GET"); final MockHttpSession session = new MockHttpSession(); handler.getSessionMappingStorage().addSessionById(TICKET, session); assertFalse(handler.process(request, response)); assertFalse(session.isInvalid()); }
@Test public void frontChannelLogoutRelayStateOK() { final String logoutMessage = LogoutMessageGenerator.generateFrontChannelLogoutMessage(TICKET); request.setParameter(LOGOUT_PARAMETER_NAME, logoutMessage); request.setParameter(RELAY_STATE_PARAMETER_NAME, TICKET); request.setQueryString(LOGOUT_PARAMETER_NAME + "=" + logoutMessage + "&" + RELAY_STATE_PARAMETER_NAME + "=" + TICKET); request.setMethod("GET"); final MockHttpSession session = new MockHttpSession(); handler.getSessionMappingStorage().addSessionById(TICKET, session); assertFalse(handler.process(request, response)); assertTrue(session.isInvalid()); } }
@Test public void frontChannelLogoutOK() { final String logoutMessage = LogoutMessageGenerator.generateFrontChannelLogoutMessage(TICKET); request.setParameter(LOGOUT_PARAMETER_NAME, logoutMessage); request.setQueryString(LOGOUT_PARAMETER_NAME + "=" + logoutMessage); request.setMethod("GET"); final MockHttpSession session = new MockHttpSession(); handler.getSessionMappingStorage().addSessionById(TICKET, session); assertFalse(handler.process(request, response)); assertTrue(session.isInvalid()); assertNull(response.getRedirectedUrl()); }