You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by lh...@apache.org on 2009/08/05 18:47:05 UTC
svn commit: r801297 - in /incubator/shiro/trunk:
core/src/main/java/org/apache/shiro/mgt/
core/src/main/java/org/apache/shiro/realm/
core/src/main/java/org/apache/shiro/session/
core/src/main/java/org/apache/shiro/session/mgt/ core/src/test/java/org/ap...
Author: lhazlewood
Date: Wed Aug 5 16:47:05 2009
New Revision: 801297
URL: http://svn.apache.org/viewvc?rev=801297&view=rev
Log:
Removed ReplacedSessionException and its uses - it turns out recovery logic was already available in the SecurityManager implementations - the SessionManager should not auto-recreate sessions and instead should be left to the decision of the SecurityManager based on application needs. The default SecurityManager behavior works acceptably well in both web and non web applications.
Removed:
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/ReplacedSessionException.java
Modified:
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java
incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DelegatingSession.java
incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/DefaultSecurityManagerTest.java
incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java
incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java
incubator/shiro/trunk/samples/spring/src/main/webapp/WEB-INF/applicationContext.xml
incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/AdviceFilter.java
incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java
incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DelegatingWebSecurityManagerTest.java
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java Wed Aug 5 16:47:05 2009
@@ -227,47 +227,6 @@
}
/**
- * Passthrough configuration property to the wrapped {@link org.apache.shiro.session.mgt.AbstractValidatingSessionManager} - if it should
- * automatically create a new session when an invalid session is referenced. The default value unless
- * overridden by this method is <code>true</code> for developer convenience and to match what most people are
- * accustomed based on years of servlet container behavior.
- * <p/>
- * When true (the default), the wrapped {@link AbstractValidatingSessionManager} implementation throws an
- * {@link org.apache.shiro.session.ReplacedSessionException ReplacedSessionException} to the caller whenever a new
- * session is created so the caller can receive the new session ID and react accordingly for future
- * {@link SessionManager SessionManager} method invocations.
- *
- * @param autoCreate if the wrapped {@link AbstractValidatingSessionManager} should automatically create a new
- * session when an invalid session is referenced
- * @see org.apache.shiro.session.mgt.AbstractValidatingSessionManager#setAutoCreateWhenInvalid(boolean)
- */
- public void setAutoCreateSessionAfterInvalidation(boolean autoCreate) {
- assertSessionManager(AbstractValidatingSessionManager.class);
- ((AbstractValidatingSessionManager) this.sessionManager).setAutoCreateWhenInvalid(autoCreate);
- }
-
- /**
- * Passthrough configuration property that returns <code>true</code> if the wrapped
- * {@link org.apache.shiro.session.mgt.AbstractValidatingSessionManager AbstractValidatingSessionManager} should automatically create a
- * new session when an invalid session is referenced, <code>false</code> otherwise. Unless overridden by the
- * {@link #setAutoCreateSessionAfterInvalidation(boolean)} method, the default value is <code>true</code> for
- * developer convenience and to match what most people are accustomed based on years of servlet container behavior.
- * <p/>
- * When true (the default), the wrapped {@link org.apache.shiro.session.mgt.AbstractValidatingSessionManager AbstractValidatingSessionManager}
- * implementation throws an {@link org.apache.shiro.session.ReplacedSessionException ReplacedSessionException} to
- * the caller whenever a new session is created so the caller can receive the new session ID and react accordingly
- * for future {@link SessionManager SessionManager} method invocations.
- *
- * @return <code>true</code> if this session manager should automatically create a new session when an invalid
- * session is referenced, <code>false</code> otherwise.
- * @see org.apache.shiro.session.mgt.AbstractValidatingSessionManager#isAutoCreateWhenInvalid()
- */
- public boolean isAutoCreateSessionAfterInvalidation() {
- assertSessionManager(AbstractValidatingSessionManager.class);
- return ((AbstractValidatingSessionManager) this.sessionManager).isAutoCreateWhenInvalid();
- }
-
- /**
* Ensures the internal SessionManager instance is an <code>instanceof</code>
* {@link org.apache.shiro.session.SessionListenerRegistrar SessionListenerRegistrar} to ensure that any
* listeners attempting to be registered can actually do so with the internal delegate instance.
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java Wed Aug 5 16:47:05 2009
@@ -261,7 +261,7 @@
Cache authzCache = getAuthorizationCache();
if (authzCache != null) {
if (log.isTraceEnabled()) {
- log.trace("Attempting to retrieve the AuthorizationIfno from cache.");
+ log.trace("Attempting to retrieve the AuthorizationInfo from cache.");
}
Object key = getAuthorizationCacheKey(principals);
info = (AuthorizationInfo) authzCache.get(key);
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java Wed Aug 5 16:47:05 2009
@@ -19,7 +19,10 @@
package org.apache.shiro.session.mgt;
import org.apache.shiro.authz.AuthorizationException;
-import org.apache.shiro.session.*;
+import org.apache.shiro.session.ExpiredSessionException;
+import org.apache.shiro.session.InvalidSessionException;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.util.Destroyable;
import org.apache.shiro.util.LifecycleUtils;
import org.apache.shiro.util.ThreadContext;
@@ -114,41 +117,6 @@
return sessionValidationInterval;
}
- /**
- * Returns <code>true</code> if this session manager should automatically create a new session when an invalid or
- * nonexistent session is referenced, <code>false</code> otherwise. Unless overridden by the
- * {@link #setAutoCreateWhenInvalid(boolean)} method, the default value is <code>true</code> for developer
- * convenience and to match what most people are accustomed based on years of servlet container behavior.
- * <p/>
- * When true (the default), this {@code SessionManager} implementation throws an
- * {@link org.apache.shiro.session.ReplacedSessionException ReplacedSessionException} to the caller whenever a new session is created so
- * the caller can receive the new session ID and react accordingly for future {@code SessionManager SessionManager}
- * method invocations.
- *
- * @return <code>true</code> if this session manager should automatically create a new session when an invalid
- * session is referenced, <code>false</code> otherwise.
- */
- public boolean isAutoCreateWhenInvalid() {
- return autoCreateWhenInvalid;
- }
-
- /**
- * Sets if this session manager should automatically create a new session when an invalid
- * session is referenced. The default value unless overridden by this method is <code>true</code> for developer
- * convenience and to match what most people are accustomed based on years of servlet container behavior.
- * <p/>
- * When true (the default), this {@code SessionManager} implementation throws an
- * {@link org.apache.shiro.session.ReplacedSessionException ReplacedSessionException} to the caller whenever a new session is created so
- * the caller can receive the new session ID and react accordingly for future {@code SessionManager SessionManager}
- * method invocations.
- *
- * @param autoCreateWhenInvalid if this session manager should automatically create a new session when an
- * invalid session is referenced
- */
- public void setAutoCreateWhenInvalid(boolean autoCreateWhenInvalid) {
- this.autoCreateWhenInvalid = autoCreateWhenInvalid;
- }
-
private InetAddress getHostAddressFallback(Session s) {
InetAddress inet = s.getHostAddress();
if (inet == null) {
@@ -158,39 +126,25 @@
return inet;
}
- private void ensureNotNull(Session session, Serializable sessionId) throws UnknownSessionException {
- if (session == null) {
- onUnknownSession(sessionId);
- throw new UnknownSessionException(sessionId);
- }
- }
-
protected final Session doGetSession(final Serializable sessionId) throws InvalidSessionException {
enableSessionValidationIfNecessary();
if (log.isTraceEnabled()) {
log.trace("Attempting to retrieve session with id [" + sessionId + "]");
}
- InetAddress hostAddress = null;
+ Session s;
try {
- Session s = retrieveSession(sessionId);
- ensureNotNull(s, sessionId);
- // Save the host address in case the session will be invalidated.
- // We want to retain it in case it is needed for a replacement session
- hostAddress = getHostAddressFallback(s);
- validate(s);
- return s;
- } catch (InvalidSessionException ise) {
- if (!isAutoCreateWhenInvalid()) {
- throw ise;
+ s = retrieveSession(sessionId);
+ if (s == null) {
+ throw new UnknownSessionException("The session data store did not return a session for " +
+ "sessionId [" + sessionId + "]", sessionId);
}
- //otherwise auto-create a new session and indicate via a ReplacedSessionException
- Serializable newId = start(hostAddress);
- String msg = "Session with id [" + sessionId + "] is invalid. The SessionManager " +
- "has been configured to automatically re-create sessions upon invalidation. Returnining " +
- "new session id [" + newId + "] with exception so the caller may react accordingly.";
- throw new ReplacedSessionException(msg, ise, sessionId, newId);
+ } catch (UnknownSessionException e) {
+ onUnknownSession(sessionId);
+ throw e;
}
+ validate(s);
+ return s;
}
/**
@@ -198,9 +152,9 @@
*
* @param sessionId the id of the session to retrieve from the data store
* @return the session identified by {@code sessionId}.
- * @throws InvalidSessionException if there is no session identified by {@code sessionId}.
+ * @throws UnknownSessionException if there is no session identified by {@code sessionId}.
*/
- protected abstract Session retrieveSession(Serializable sessionId) throws InvalidSessionException;
+ protected abstract Session retrieveSession(Serializable sessionId) throws UnknownSessionException;
protected Session createSession(Map initData) throws AuthorizationException {
enableSessionValidationIfNecessary();
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java Wed Aug 5 16:47:05 2009
@@ -20,8 +20,8 @@
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.CacheManagerAware;
-import org.apache.shiro.session.InvalidSessionException;
import org.apache.shiro.session.Session;
+import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.eis.MemorySessionDAO;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.session.mgt.eis.SessionDAOAware;
@@ -194,11 +194,11 @@
sessionDAO.update(session);
}
- protected Session retrieveSession(Serializable sessionId) throws InvalidSessionException {
+ protected Session retrieveSession(Serializable sessionId) throws UnknownSessionException {
return retrieveSessionFromDataSource(sessionId);
}
- protected Session retrieveSessionFromDataSource(Serializable sessionId) throws InvalidSessionException {
+ protected Session retrieveSessionFromDataSource(Serializable sessionId) throws UnknownSessionException {
return sessionDAO.readSession(sessionId);
}
Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DelegatingSession.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DelegatingSession.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DelegatingSession.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DelegatingSession.java Wed Aug 5 16:47:05 2009
@@ -19,13 +19,11 @@
package org.apache.shiro.session.mgt;
import org.apache.shiro.session.InvalidSessionException;
-import org.apache.shiro.session.ReplacedSessionException;
import org.apache.shiro.session.Session;
import java.io.Serializable;
import java.net.InetAddress;
import java.util.Collection;
-import java.util.Collections;
import java.util.Date;
/**
@@ -140,16 +138,7 @@
*/
public Date getStartTimestamp() {
if (startTimestamp == null) {
- try {
- startTimestamp = sessionManager.getStartTimestamp(id);
- } catch (ReplacedSessionException e) {
- if (!isHandleReplacedSessions()) {
- //propagate immediately
- throw e;
- }
- this.id = e.getNewSessionId();
- startTimestamp = sessionManager.getStartTimestamp(id);
- }
+ startTimestamp = sessionManager.getStartTimestamp(id);
}
return startTimestamp;
}
@@ -159,42 +148,15 @@
*/
public Date getLastAccessTime() {
//can't cache - only business pojo knows the accurate time:
- try {
- return sessionManager.getLastAccessTime(id);
- } catch (ReplacedSessionException e) {
- if (!isHandleReplacedSessions()) {
- //propagate immediately
- throw e;
- }
- this.id = e.getNewSessionId();
- return sessionManager.getLastAccessTime(id);
- }
+ return sessionManager.getLastAccessTime(id);
}
public long getTimeout() throws InvalidSessionException {
- try {
- return sessionManager.getTimeout(id);
- } catch (ReplacedSessionException e) {
- if (!isHandleReplacedSessions()) {
- //propagate immediately
- throw e;
- }
- this.id = e.getNewSessionId();
- return sessionManager.getTimeout(id);
- }
+ return sessionManager.getTimeout(id);
}
public void setTimeout(long maxIdleTimeInMillis) throws InvalidSessionException {
- try {
- sessionManager.setTimeout(id, maxIdleTimeInMillis);
- } catch (ReplacedSessionException e) {
- if (!isHandleReplacedSessions()) {
- //propagate immediately
- throw e;
- }
- this.id = e.getNewSessionId();
- sessionManager.setTimeout(id, maxIdleTimeInMillis);
- }
+ sessionManager.setTimeout(id, maxIdleTimeInMillis);
}
/**
@@ -202,16 +164,7 @@
*/
public InetAddress getHostAddress() {
if (hostAddress == null) {
- try {
- hostAddress = sessionManager.getHostAddress(id);
- } catch (ReplacedSessionException e) {
- if (!isHandleReplacedSessions()) {
- //propagate immediately
- throw e;
- }
- this.id = e.getNewSessionId();
- hostAddress = sessionManager.getHostAddress(id);
- }
+ hostAddress = sessionManager.getHostAddress(id);
}
return hostAddress;
}
@@ -220,33 +173,14 @@
* @see org.apache.shiro.session.Session#touch()
*/
public void touch() throws InvalidSessionException {
- try {
- sessionManager.touch(id);
- } catch (ReplacedSessionException e) {
- if (!isHandleReplacedSessions()) {
- //propagate immediately
- throw e;
- }
- this.id = e.getNewSessionId();
- // No need to 'hit' the session manager again - a newly created session is 'touched' at the time of creation
- }
+ sessionManager.touch(id);
}
/**
* @see org.apache.shiro.session.Session#stop()
*/
public void stop() throws InvalidSessionException {
- try {
- sessionManager.stop(id);
- } catch (ReplacedSessionException e) {
- if (!isHandleReplacedSessions()) {
- //propagate immediately
- throw e;
- }
- this.id = e.getNewSessionId();
- //TODO - prevent sessionManager from creating new session when 'stop' is already requested.
- sessionManager.stop(id);
- }
+ sessionManager.stop(id);
}
/**
@@ -254,34 +188,14 @@
*/
@SuppressWarnings({"unchecked"})
public Collection<Object> getAttributeKeys() throws InvalidSessionException {
- try {
- return sessionManager.getAttributeKeys(id);
- } catch (ReplacedSessionException e) {
- if (!isHandleReplacedSessions()) {
- //propagate immediately
- throw e;
- }
- this.id = e.getNewSessionId();
- // No need to 'hit' the session manager again - a new session won't have any attributes:
- return Collections.EMPTY_SET;
- }
+ return sessionManager.getAttributeKeys(id);
}
/**
* @see org.apache.shiro.session.Session#getAttribute(Object key)
*/
public Object getAttribute(Object key) throws InvalidSessionException {
- try {
- return sessionManager.getAttribute(id, key);
- } catch (ReplacedSessionException e) {
- if (!isHandleReplacedSessions()) {
- //propagate immediately
- throw e;
- }
- this.id = e.getNewSessionId();
- // No need to 'hit' the session manager again - a new session won't have any attributes
- return null;
- }
+ return sessionManager.getAttribute(id, key);
}
/**
@@ -291,16 +205,7 @@
if (value == null) {
removeAttribute(key);
} else {
- try {
- sessionManager.setAttribute(id, key, value);
- } catch (ReplacedSessionException e) {
- if (!isHandleReplacedSessions()) {
- //propagate immediately
- throw e;
- }
- this.id = e.getNewSessionId();
- sessionManager.setAttribute(id, key, value);
- }
+ sessionManager.setAttribute(id, key, value);
}
}
@@ -308,16 +213,6 @@
* @see Session#removeAttribute(Object key)
*/
public Object removeAttribute(Object key) throws InvalidSessionException {
- try {
- return sessionManager.removeAttribute(id, key);
- } catch (ReplacedSessionException e) {
- if (!isHandleReplacedSessions()) {
- //propagate immediately
- throw e;
- }
- this.id = e.getNewSessionId();
- // No need to 'hit' the session manager again - a new session won't have any attributes:
- return null;
- }
+ return sessionManager.removeAttribute(id, key);
}
}
Modified: incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/DefaultSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/DefaultSecurityManagerTest.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/DefaultSecurityManagerTest.java (original)
+++ incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/DefaultSecurityManagerTest.java Wed Aug 5 16:47:05 2009
@@ -22,6 +22,7 @@
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.realm.text.PropertiesRealm;
+import org.apache.shiro.session.ExpiredSessionException;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.AbstractValidatingSessionManager;
import org.apache.shiro.subject.Subject;
@@ -100,12 +101,11 @@
} catch (InterruptedException e) {
//ignored
}
- session.setTimeout(AbstractValidatingSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT);
- Serializable newSessionId = session.getId();
- assertFalse(origSessionId.equals(newSessionId));
-
- Object aValue = session.getAttribute(key);
- assertNull(aValue);
+ try {
+ session.setTimeout(AbstractValidatingSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT);
+ fail("Session should have expired.");
+ } catch (ExpiredSessionException expected) {
+ }
}
/**
Modified: incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java (original)
+++ incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java Wed Aug 5 16:47:05 2009
@@ -118,8 +118,6 @@
@Test
public void testSessionDeleteOnExpiration() {
-
- sm.setAutoCreateWhenInvalid(false);
sm.setGlobalSessionTimeout(100);
SessionDAO sessionDAO = createMock(SessionDAO.class);
Modified: incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java (original)
+++ incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java Wed Aug 5 16:47:05 2009
@@ -18,10 +18,11 @@
*/
package org.apache.shiro.session.mgt;
+import org.apache.shiro.session.ExpiredSessionException;
import org.apache.shiro.util.ThreadContext;
import org.junit.After;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.fail;
import org.junit.Before;
import org.junit.Test;
@@ -65,10 +66,11 @@
session.setTimeout(100);
assertEquals(100, session.getTimeout());
sleep(150);
- //now the underlying session should have been expired and a new one replaced by default.
- //so ensure the replaced session has the default session timeout:
- assertEquals(AbstractSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT, session.getTimeout());
- assertFalse(origId.equals(session.getId())); //new ID would have been generated
+ try {
+ session.getTimeout();
+ fail("Session should have expired.");
+ } catch (ExpiredSessionException expected) {
+ }
}
}
Modified: incubator/shiro/trunk/samples/spring/src/main/webapp/WEB-INF/applicationContext.xml
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/samples/spring/src/main/webapp/WEB-INF/applicationContext.xml?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/samples/spring/src/main/webapp/WEB-INF/applicationContext.xml (original)
+++ incubator/shiro/trunk/samples/spring/src/main/webapp/WEB-INF/applicationContext.xml Wed Aug 5 16:47:05 2009
@@ -44,6 +44,7 @@
<!-- Single realm app. If you have multiple realms, use the 'realms' property instead. -->
<property name="realm" ref="jdbcRealm"/>
<property name="sessionMode" value="native"/>
+ <property name="globalSessionTimeout" value="5000"/>
</bean>
<!-- Used by the SecurityManager to access security data (users, roles, etc).
Modified: incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/AdviceFilter.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/AdviceFilter.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/AdviceFilter.java (original)
+++ incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/AdviceFilter.java Wed Aug 5 16:47:05 2009
@@ -18,17 +18,17 @@
*/
package org.apache.shiro.web.servlet;
-import java.io.IOException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.io.IOException;
/**
- * A Servlet Filter that enables AOP-style advice for a SerlvetRequest via
+ * A Servlet Filter that enables AOP-style "around" advice for a SerlvetRequest via
* {@link #preHandle(javax.servlet.ServletRequest, javax.servlet.ServletResponse) preHandle},
* {@link #postHandle(javax.servlet.ServletRequest, javax.servlet.ServletResponse) postHandle},
* and {@link #afterCompletion(javax.servlet.ServletRequest, javax.servlet.ServletResponse, Exception) afterCompletion}
@@ -39,7 +39,9 @@
*/
public abstract class AdviceFilter extends OncePerRequestFilter {
- /** The static logger available to this class only */
+ /**
+ * The static logger available to this class only
+ */
private static final Logger log = LoggerFactory.getLogger(AdviceFilter.class);
/**
@@ -143,7 +145,7 @@
} catch (Exception e) {
exception = e;
} finally {
- cleanup( request, response, exception );
+ cleanup(request, response, exception);
}
}
@@ -156,15 +158,15 @@
* {@link #afterCompletion(javax.servlet.ServletRequest, javax.servlet.ServletResponse, Exception) afterCompletion}
* as well as handles any exceptions properly.
*
- * @param request the incoming <code>ServletRequest</code>
+ * @param request the incoming <code>ServletRequest</code>
* @param response the outgoing <code>ServletResponse</code>
* @param existing any exception that might have occurred while executing the <code>FilterChain</code> or
- * pre or post advice, or <code>null</code> if the pre/chain/post excution did not throw an <code>Exception</code>.
+ * pre or post advice, or <code>null</code> if the pre/chain/post excution did not throw an <code>Exception</code>.
* @throws ServletException if any exception other than an <code>IOException</code> is thrown.
- * @throws IOException if the pre/chain/post execution throw an <code>IOException</code>
+ * @throws IOException if the pre/chain/post execution throw an <code>IOException</code>
*/
- protected void cleanup( ServletRequest request, ServletResponse response, Exception existing )
- throws ServletException, IOException {
+ protected void cleanup(ServletRequest request, ServletResponse response, Exception existing)
+ throws ServletException, IOException {
Exception exception = existing;
try {
afterCompletion(request, response, exception);
Modified: incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java (original)
+++ incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java Wed Aug 5 16:47:05 2009
@@ -18,6 +18,7 @@
*/
package org.apache.shiro.web;
+import org.apache.shiro.session.ExpiredSessionException;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
@@ -72,7 +73,7 @@
@Test
public void testSessionTimeout() {
shiroSessionModeInit();
- long globalTimeout = 50;
+ long globalTimeout = 100;
sm.setGlobalSessionTimeout(globalTimeout);
HttpServletRequest mockRequest = createNiceMock(HttpServletRequest.class);
@@ -89,13 +90,14 @@
Session session = subject.getSession();
Serializable origId = session.getId();
assertEquals(session.getTimeout(), globalTimeout);
- session.setTimeout(100);
- assertEquals(session.getTimeout(), 100);
+ session.setTimeout(125);
+ assertEquals(session.getTimeout(), 125);
sleep(150);
- //now the underlying session should have been expired and a new one replaced by default.
- //so ensure the replaced session has the default session timeout:
- assertEquals(session.getTimeout(), globalTimeout);
- assertFalse(origId.equals(session.getId())); //new ID would have been generated
+ try {
+ session.getTimeout();
+ fail("Session should have expired.");
+ } catch (ExpiredSessionException expected) {
+ }
}
public static InetAddress getLocalHost() {
Modified: incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DelegatingWebSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DelegatingWebSecurityManagerTest.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DelegatingWebSecurityManagerTest.java (original)
+++ incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DelegatingWebSecurityManagerTest.java Wed Aug 5 16:47:05 2009
@@ -2,7 +2,6 @@
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.ExpiredSessionException;
-import org.apache.shiro.session.ReplacedSessionException;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.AbstractSessionManager;
import org.apache.shiro.subject.Subject;
@@ -10,7 +9,7 @@
import static org.easymock.EasyMock.*;
import org.junit.After;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.fail;
import org.junit.Before;
import org.junit.Test;
@@ -77,19 +76,14 @@
expect(delegate.start((Map) null)).andReturn(sessionId);
expect(delegate.getHostAddress(sessionId)).andReturn(host);
expect(delegate.getTimeout(sessionId)).andReturn(AbstractSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT);
- delegate.setTimeout(sessionId, 125);
+ delegate.setTimeout(sessionId, 125L);
expectLastCall().times(1);
expect(delegate.getTimeout(sessionId)).andReturn(125L);
//pretend that 125ms have gone by
Serializable replacedSessionId = UUID.randomUUID().toString();
@SuppressWarnings({"ThrowableInstanceNeverThrown"})
- ReplacedSessionException replaced =
- new ReplacedSessionException("test", new ExpiredSessionException(sessionId),
- sessionId, replacedSessionId);
- expect(delegate.getTimeout(sessionId)).andThrow(replaced);
- //the DelegatingSession will re-try the call on a ReplacedSessionException
- expect(delegate.getHostAddress(replacedSessionId)).andReturn(host);
- expect(delegate.getTimeout(replacedSessionId)).andReturn(AbstractSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT);
+ ExpiredSessionException expired = new ExpiredSessionException("test", sessionId);
+ expect(delegate.getTimeout(sessionId)).andThrow(expired);
replay(delegate);
replay(mockRequest);
@@ -100,13 +94,13 @@
assertEquals(AbstractSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT, session.getTimeout());
session.setTimeout(125);
assertEquals(125, session.getTimeout());
- //sleep(175);
//now the underlying session should have been expired and a new one replaced by default.
//so ensure the replaced session has the default session timeout:
- long timeout = session.getTimeout();
- assertEquals(AbstractSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT, timeout);
- assertFalse(id.equals(session.getId())); //new ID would have been generated
-
+ try {
+ session.getTimeout();
+ fail("Should have thrown an ExpiredSessionException");
+ } catch (ExpiredSessionException expected) {
+ }
verify(delegate);
verify(mockRequest);
}