You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2016/07/07 14:23:28 UTC
shiro git commit: SHIRO-421 Corrected integer overflow when calling
HttpServletSession.getTimeout()
Repository: shiro
Updated Branches:
refs/heads/1.3.x 39ceafa2b -> dc97eceb8
SHIRO-421 Corrected integer overflow when calling HttpServletSession.getTimeout()
Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/dc97eceb
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/dc97eceb
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/dc97eceb
Branch: refs/heads/1.3.x
Commit: dc97eceb8c694e695ec024da9020bc1406d13fda
Parents: 39ceafa
Author: Brian Demers <bd...@apache.org>
Authored: Thu Jul 7 10:17:41 2016 -0400
Committer: Brian Demers <bd...@apache.org>
Committed: Thu Jul 7 10:18:03 2016 -0400
----------------------------------------------------------------------
.../shiro/web/session/HttpServletSession.java | 2 +-
.../web/session/HttpServletSessionTest.java | 45 ++++++++++++++++++++
2 files changed, 46 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/shiro/blob/dc97eceb/web/src/main/java/org/apache/shiro/web/session/HttpServletSession.java
----------------------------------------------------------------------
diff --git a/web/src/main/java/org/apache/shiro/web/session/HttpServletSession.java b/web/src/main/java/org/apache/shiro/web/session/HttpServletSession.java
index eb6497c..99630a0 100644
--- a/web/src/main/java/org/apache/shiro/web/session/HttpServletSession.java
+++ b/web/src/main/java/org/apache/shiro/web/session/HttpServletSession.java
@@ -75,7 +75,7 @@ public class HttpServletSession implements Session {
public long getTimeout() throws InvalidSessionException {
try {
- return httpSession.getMaxInactiveInterval() * 1000;
+ return httpSession.getMaxInactiveInterval() * 1000L;
} catch (Exception e) {
throw new InvalidSessionException(e);
}
http://git-wip-us.apache.org/repos/asf/shiro/blob/dc97eceb/web/src/test/java/org/apache/shiro/web/session/HttpServletSessionTest.java
----------------------------------------------------------------------
diff --git a/web/src/test/java/org/apache/shiro/web/session/HttpServletSessionTest.java b/web/src/test/java/org/apache/shiro/web/session/HttpServletSessionTest.java
new file mode 100644
index 0000000..875b121
--- /dev/null
+++ b/web/src/test/java/org/apache/shiro/web/session/HttpServletSessionTest.java
@@ -0,0 +1,45 @@
+package org.apache.shiro.web.session;
+
+import static org.easymock.EasyMock.*;
+import static org.junit.Assert.assertEquals;
+
+import javax.servlet.http.HttpSession;
+
+import org.easymock.Capture;
+import org.junit.Before;
+import org.junit.Test;
+
+public class HttpServletSessionTest {
+
+ private HttpSession mockSession;
+
+ @Before
+ public void setUp() throws Exception {
+ this.mockSession = createMock(HttpSession.class);
+ }
+
+ /*
+ * Shiro-421
+ * Tests that the conversion of a httpSession timeout interval from seconds to milliseconds doesn't overflow.
+ * @since 1.3
+ */
+ @Test
+ public void testLongTimeout() throws Exception {
+ final int expectedTimeoutInSeconds = 30 * 24 * 60 * 60; // 30 days.
+ final long expectedLongValue = expectedTimeoutInSeconds * 1000L;
+
+ Capture<Integer> capturedInt = new Capture<Integer>();
+ // use a capture to make sure the setter is doing the right thing.
+ mockSession.setMaxInactiveInterval(captureInt(capturedInt));
+ expect(mockSession.getMaxInactiveInterval()).andReturn(expectedTimeoutInSeconds);
+ replay(mockSession);
+
+ HttpServletSession servletSession = new HttpServletSession(mockSession, null);
+ servletSession.setTimeout(expectedLongValue);
+
+ long timeoutInMilliseconds = servletSession.getTimeout();
+
+ assertEquals(expectedLongValue, timeoutInMilliseconds);
+ assertEquals(expectedTimeoutInSeconds, capturedInt.getValue().intValue());
+ }
+}