shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lhazlew...@apache.org
Subject svn commit: r801297 - in /incubator/shiro/trunk: core/src/main/java/org/apache/shiro/mgt/ core/src/main/java/org/apache/shiro/realm/ core/src/main/java/org/apache/shiro/session/ core/src/main/java/org/apache/shiro/session/mgt/ core/src/test/java/org/ap...
Date Wed, 05 Aug 2009 16:47:05 GMT
Author: lhazlewood
Date: Wed Aug  5 16:47:05 2009
New Revision: 801297

URL: http://svn.apache.org/viewvc?rev=801297&view=rev
Log:
Removed ReplacedSessionException and its uses - it turns out recovery logic was already available
in the SecurityManager implementations - the SessionManager should not auto-recreate sessions
and instead should be left to the decision of the SecurityManager based on application needs.
 The default SecurityManager behavior works acceptably well in both web and non web applications.

Removed:
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/ReplacedSessionException.java
Modified:
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DelegatingSession.java
    incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/DefaultSecurityManagerTest.java
    incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java
    incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java
    incubator/shiro/trunk/samples/spring/src/main/webapp/WEB-INF/applicationContext.xml
    incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/AdviceFilter.java
    incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java
    incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DelegatingWebSecurityManagerTest.java

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
Wed Aug  5 16:47:05 2009
@@ -227,47 +227,6 @@
     }
 
     /**
-     * Passthrough configuration property to the wrapped {@link org.apache.shiro.session.mgt.AbstractValidatingSessionManager}
- if it should
-     * automatically create a new session when an invalid session is referenced.  The default
value unless
-     * overridden by this method is <code>true</code> for developer convenience
and to match what most people are
-     * accustomed based on years of servlet container behavior.
-     * <p/>
-     * When true (the default), the wrapped {@link AbstractValidatingSessionManager} implementation
throws an
-     * {@link org.apache.shiro.session.ReplacedSessionException ReplacedSessionException}
to the caller whenever a new
-     * session is created so the caller can receive the new session ID and react accordingly
for future
-     * {@link SessionManager SessionManager} method invocations.
-     *
-     * @param autoCreate if the wrapped {@link AbstractValidatingSessionManager} should automatically
create a new
-     *                   session when an invalid session is referenced
-     * @see org.apache.shiro.session.mgt.AbstractValidatingSessionManager#setAutoCreateWhenInvalid(boolean)
-     */
-    public void setAutoCreateSessionAfterInvalidation(boolean autoCreate) {
-        assertSessionManager(AbstractValidatingSessionManager.class);
-        ((AbstractValidatingSessionManager) this.sessionManager).setAutoCreateWhenInvalid(autoCreate);
-    }
-
-    /**
-     * Passthrough configuration property that returns <code>true</code> if the
wrapped
-     * {@link org.apache.shiro.session.mgt.AbstractValidatingSessionManager AbstractValidatingSessionManager}
should automatically create a
-     * new session when an invalid session is referenced, <code>false</code>
otherwise.  Unless overridden by the
-     * {@link #setAutoCreateSessionAfterInvalidation(boolean)} method, the default value
is <code>true</code> for
-     * developer convenience and to match what most people are accustomed based on years
of servlet container behavior.
-     * <p/>
-     * When true (the default), the wrapped {@link org.apache.shiro.session.mgt.AbstractValidatingSessionManager
AbstractValidatingSessionManager}
-     * implementation throws an {@link org.apache.shiro.session.ReplacedSessionException
ReplacedSessionException} to
-     * the caller whenever a new session is created so the caller can receive the new session
ID and react accordingly
-     * for future {@link SessionManager SessionManager} method invocations.
-     *
-     * @return <code>true</code> if this session manager should automatically
create a new session when an invalid
-     *         session is referenced, <code>false</code> otherwise.
-     * @see org.apache.shiro.session.mgt.AbstractValidatingSessionManager#isAutoCreateWhenInvalid()
-     */
-    public boolean isAutoCreateSessionAfterInvalidation() {
-        assertSessionManager(AbstractValidatingSessionManager.class);
-        return ((AbstractValidatingSessionManager) this.sessionManager).isAutoCreateWhenInvalid();
-    }
-
-    /**
      * Ensures the internal SessionManager instance is an <code>instanceof</code>
      * {@link org.apache.shiro.session.SessionListenerRegistrar SessionListenerRegistrar}
to ensure that any
      * listeners attempting to be registered can actually do so with the internal delegate
instance.

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java
Wed Aug  5 16:47:05 2009
@@ -261,7 +261,7 @@
         Cache authzCache = getAuthorizationCache();
         if (authzCache != null) {
             if (log.isTraceEnabled()) {
-                log.trace("Attempting to retrieve the AuthorizationIfno from cache.");
+                log.trace("Attempting to retrieve the AuthorizationInfo from cache.");
             }
             Object key = getAuthorizationCacheKey(principals);
             info = (AuthorizationInfo) authzCache.get(key);

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java
Wed Aug  5 16:47:05 2009
@@ -19,7 +19,10 @@
 package org.apache.shiro.session.mgt;
 
 import org.apache.shiro.authz.AuthorizationException;
-import org.apache.shiro.session.*;
+import org.apache.shiro.session.ExpiredSessionException;
+import org.apache.shiro.session.InvalidSessionException;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.session.UnknownSessionException;
 import org.apache.shiro.util.Destroyable;
 import org.apache.shiro.util.LifecycleUtils;
 import org.apache.shiro.util.ThreadContext;
@@ -114,41 +117,6 @@
         return sessionValidationInterval;
     }
 
-    /**
-     * Returns <code>true</code> if this session manager should automatically
create a new session when an invalid or
-     * nonexistent session is referenced, <code>false</code> otherwise.  Unless
overridden by the
-     * {@link #setAutoCreateWhenInvalid(boolean)} method, the default value is <code>true</code>
for developer
-     * convenience and to match what most people are accustomed based on years of servlet
container behavior.
-     * <p/>
-     * When true (the default), this {@code SessionManager} implementation throws an
-     * {@link org.apache.shiro.session.ReplacedSessionException ReplacedSessionException}
to the caller whenever a new session is created so
-     * the caller can receive the new session ID and react accordingly for future {@code
SessionManager SessionManager}
-     * method invocations.
-     *
-     * @return <code>true</code> if this session manager should automatically
create a new session when an invalid
-     *         session is referenced, <code>false</code> otherwise.
-     */
-    public boolean isAutoCreateWhenInvalid() {
-        return autoCreateWhenInvalid;
-    }
-
-    /**
-     * Sets if this session manager should automatically create a new session when an invalid
-     * session is referenced.  The default value unless overridden by this method is <code>true</code>
for developer
-     * convenience and to match what most people are accustomed based on years of servlet
container behavior.
-     * <p/>
-     * When true (the default), this {@code SessionManager} implementation throws an
-     * {@link org.apache.shiro.session.ReplacedSessionException ReplacedSessionException}
to the caller whenever a new session is created so
-     * the caller can receive the new session ID and react accordingly for future {@code
SessionManager SessionManager}
-     * method invocations.
-     *
-     * @param autoCreateWhenInvalid if this session manager should automatically create a
new session when an
-     *                              invalid session is referenced
-     */
-    public void setAutoCreateWhenInvalid(boolean autoCreateWhenInvalid) {
-        this.autoCreateWhenInvalid = autoCreateWhenInvalid;
-    }
-
     private InetAddress getHostAddressFallback(Session s) {
         InetAddress inet = s.getHostAddress();
         if (inet == null) {
@@ -158,39 +126,25 @@
         return inet;
     }
 
-    private void ensureNotNull(Session session, Serializable sessionId) throws UnknownSessionException
{
-        if (session == null) {
-            onUnknownSession(sessionId);
-            throw new UnknownSessionException(sessionId);
-        }
-    }
-
     protected final Session doGetSession(final Serializable sessionId) throws InvalidSessionException
{
         enableSessionValidationIfNecessary();
 
         if (log.isTraceEnabled()) {
             log.trace("Attempting to retrieve session with id [" + sessionId + "]");
         }
-        InetAddress hostAddress = null;
+        Session s;
         try {
-            Session s = retrieveSession(sessionId);
-            ensureNotNull(s, sessionId);
-            // Save the host address in case the session will be invalidated.
-            // We want to retain it in case it is needed for a replacement session
-            hostAddress = getHostAddressFallback(s);
-            validate(s);
-            return s;
-        } catch (InvalidSessionException ise) {
-            if (!isAutoCreateWhenInvalid()) {
-                throw ise;
+            s = retrieveSession(sessionId);
+            if (s == null) {
+                throw new UnknownSessionException("The session data store did not return
a session for " +
+                        "sessionId [" + sessionId + "]", sessionId);
             }
-            //otherwise auto-create a new session and indicate via a ReplacedSessionException
-            Serializable newId = start(hostAddress);
-            String msg = "Session with id [" + sessionId + "] is invalid.  The SessionManager
" +
-                    "has been configured to automatically re-create sessions upon invalidation.
 Returnining " +
-                    "new session id [" + newId + "] with exception so the caller may react
accordingly.";
-            throw new ReplacedSessionException(msg, ise, sessionId, newId);
+        } catch (UnknownSessionException e) {
+            onUnknownSession(sessionId);
+            throw e;
         }
+        validate(s);
+        return s;
     }
 
     /**
@@ -198,9 +152,9 @@
      *
      * @param sessionId the id of the session to retrieve from the data store
      * @return the session identified by {@code sessionId}.
-     * @throws InvalidSessionException if there is no session identified by {@code sessionId}.
+     * @throws UnknownSessionException if there is no session identified by {@code sessionId}.
      */
-    protected abstract Session retrieveSession(Serializable sessionId) throws InvalidSessionException;
+    protected abstract Session retrieveSession(Serializable sessionId) throws UnknownSessionException;
 
     protected Session createSession(Map initData) throws AuthorizationException {
         enableSessionValidationIfNecessary();

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java
Wed Aug  5 16:47:05 2009
@@ -20,8 +20,8 @@
 
 import org.apache.shiro.cache.CacheManager;
 import org.apache.shiro.cache.CacheManagerAware;
-import org.apache.shiro.session.InvalidSessionException;
 import org.apache.shiro.session.Session;
+import org.apache.shiro.session.UnknownSessionException;
 import org.apache.shiro.session.mgt.eis.MemorySessionDAO;
 import org.apache.shiro.session.mgt.eis.SessionDAO;
 import org.apache.shiro.session.mgt.eis.SessionDAOAware;
@@ -194,11 +194,11 @@
         sessionDAO.update(session);
     }
 
-    protected Session retrieveSession(Serializable sessionId) throws InvalidSessionException
{
+    protected Session retrieveSession(Serializable sessionId) throws UnknownSessionException
{
         return retrieveSessionFromDataSource(sessionId);
     }
 
-    protected Session retrieveSessionFromDataSource(Serializable sessionId) throws InvalidSessionException
{
+    protected Session retrieveSessionFromDataSource(Serializable sessionId) throws UnknownSessionException
{
         return sessionDAO.readSession(sessionId);
     }
 

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DelegatingSession.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DelegatingSession.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DelegatingSession.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/DelegatingSession.java
Wed Aug  5 16:47:05 2009
@@ -19,13 +19,11 @@
 package org.apache.shiro.session.mgt;
 
 import org.apache.shiro.session.InvalidSessionException;
-import org.apache.shiro.session.ReplacedSessionException;
 import org.apache.shiro.session.Session;
 
 import java.io.Serializable;
 import java.net.InetAddress;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.Date;
 
 /**
@@ -140,16 +138,7 @@
      */
     public Date getStartTimestamp() {
         if (startTimestamp == null) {
-            try {
-                startTimestamp = sessionManager.getStartTimestamp(id);
-            } catch (ReplacedSessionException e) {
-                if (!isHandleReplacedSessions()) {
-                    //propagate immediately
-                    throw e;
-                }
-                this.id = e.getNewSessionId();
-                startTimestamp = sessionManager.getStartTimestamp(id);
-            }
+            startTimestamp = sessionManager.getStartTimestamp(id);
         }
         return startTimestamp;
     }
@@ -159,42 +148,15 @@
      */
     public Date getLastAccessTime() {
         //can't cache - only business pojo knows the accurate time:
-        try {
-            return sessionManager.getLastAccessTime(id);
-        } catch (ReplacedSessionException e) {
-            if (!isHandleReplacedSessions()) {
-                //propagate immediately
-                throw e;
-            }
-            this.id = e.getNewSessionId();
-            return sessionManager.getLastAccessTime(id);
-        }
+        return sessionManager.getLastAccessTime(id);
     }
 
     public long getTimeout() throws InvalidSessionException {
-        try {
-            return sessionManager.getTimeout(id);
-        } catch (ReplacedSessionException e) {
-            if (!isHandleReplacedSessions()) {
-                //propagate immediately
-                throw e;
-            }
-            this.id = e.getNewSessionId();
-            return sessionManager.getTimeout(id);
-        }
+        return sessionManager.getTimeout(id);
     }
 
     public void setTimeout(long maxIdleTimeInMillis) throws InvalidSessionException {
-        try {
-            sessionManager.setTimeout(id, maxIdleTimeInMillis);
-        } catch (ReplacedSessionException e) {
-            if (!isHandleReplacedSessions()) {
-                //propagate immediately
-                throw e;
-            }
-            this.id = e.getNewSessionId();
-            sessionManager.setTimeout(id, maxIdleTimeInMillis);
-        }
+        sessionManager.setTimeout(id, maxIdleTimeInMillis);
     }
 
     /**
@@ -202,16 +164,7 @@
      */
     public InetAddress getHostAddress() {
         if (hostAddress == null) {
-            try {
-                hostAddress = sessionManager.getHostAddress(id);
-            } catch (ReplacedSessionException e) {
-                if (!isHandleReplacedSessions()) {
-                    //propagate immediately
-                    throw e;
-                }
-                this.id = e.getNewSessionId();
-                hostAddress = sessionManager.getHostAddress(id);
-            }
+            hostAddress = sessionManager.getHostAddress(id);
         }
         return hostAddress;
     }
@@ -220,33 +173,14 @@
      * @see org.apache.shiro.session.Session#touch()
      */
     public void touch() throws InvalidSessionException {
-        try {
-            sessionManager.touch(id);
-        } catch (ReplacedSessionException e) {
-            if (!isHandleReplacedSessions()) {
-                //propagate immediately
-                throw e;
-            }
-            this.id = e.getNewSessionId();
-            // No need to 'hit' the session manager again - a newly created session is 'touched'
at the time of creation
-        }
+        sessionManager.touch(id);
     }
 
     /**
      * @see org.apache.shiro.session.Session#stop()
      */
     public void stop() throws InvalidSessionException {
-        try {
-            sessionManager.stop(id);
-        } catch (ReplacedSessionException e) {
-            if (!isHandleReplacedSessions()) {
-                //propagate immediately
-                throw e;
-            }
-            this.id = e.getNewSessionId();
-            //TODO - prevent sessionManager from creating new session when 'stop' is already
requested.
-            sessionManager.stop(id);
-        }
+        sessionManager.stop(id);
     }
 
     /**
@@ -254,34 +188,14 @@
      */
     @SuppressWarnings({"unchecked"})
     public Collection<Object> getAttributeKeys() throws InvalidSessionException {
-        try {
-            return sessionManager.getAttributeKeys(id);
-        } catch (ReplacedSessionException e) {
-            if (!isHandleReplacedSessions()) {
-                //propagate immediately
-                throw e;
-            }
-            this.id = e.getNewSessionId();
-            // No need to 'hit' the session manager again - a new session won't have any
attributes:
-            return Collections.EMPTY_SET;
-        }
+        return sessionManager.getAttributeKeys(id);
     }
 
     /**
      * @see org.apache.shiro.session.Session#getAttribute(Object key)
      */
     public Object getAttribute(Object key) throws InvalidSessionException {
-        try {
-            return sessionManager.getAttribute(id, key);
-        } catch (ReplacedSessionException e) {
-            if (!isHandleReplacedSessions()) {
-                //propagate immediately
-                throw e;
-            }
-            this.id = e.getNewSessionId();
-            // No need to 'hit' the session manager again - a new session won't have any
attributes
-            return null;
-        }
+        return sessionManager.getAttribute(id, key);
     }
 
     /**
@@ -291,16 +205,7 @@
         if (value == null) {
             removeAttribute(key);
         } else {
-            try {
-                sessionManager.setAttribute(id, key, value);
-            } catch (ReplacedSessionException e) {
-                if (!isHandleReplacedSessions()) {
-                    //propagate immediately
-                    throw e;
-                }
-                this.id = e.getNewSessionId();
-                sessionManager.setAttribute(id, key, value);
-            }
+            sessionManager.setAttribute(id, key, value);
         }
     }
 
@@ -308,16 +213,6 @@
      * @see Session#removeAttribute(Object key)
      */
     public Object removeAttribute(Object key) throws InvalidSessionException {
-        try {
-            return sessionManager.removeAttribute(id, key);
-        } catch (ReplacedSessionException e) {
-            if (!isHandleReplacedSessions()) {
-                //propagate immediately
-                throw e;
-            }
-            this.id = e.getNewSessionId();
-            // No need to 'hit' the session manager again - a new session won't have any
attributes:
-            return null;
-        }
+        return sessionManager.removeAttribute(id, key);
     }
 }

Modified: incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/DefaultSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/DefaultSecurityManagerTest.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/DefaultSecurityManagerTest.java
(original)
+++ incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/DefaultSecurityManagerTest.java
Wed Aug  5 16:47:05 2009
@@ -22,6 +22,7 @@
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.UsernamePasswordToken;
 import org.apache.shiro.realm.text.PropertiesRealm;
+import org.apache.shiro.session.ExpiredSessionException;
 import org.apache.shiro.session.Session;
 import org.apache.shiro.session.mgt.AbstractValidatingSessionManager;
 import org.apache.shiro.subject.Subject;
@@ -100,12 +101,11 @@
         } catch (InterruptedException e) {
             //ignored
         }
-        session.setTimeout(AbstractValidatingSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT);
-        Serializable newSessionId = session.getId();
-        assertFalse(origSessionId.equals(newSessionId));
-
-        Object aValue = session.getAttribute(key);
-        assertNull(aValue);
+        try {
+            session.setTimeout(AbstractValidatingSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT);
+            fail("Session should have expired.");
+        } catch (ExpiredSessionException expected) {
+        }
     }
 
     /**

Modified: incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java
(original)
+++ incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java
Wed Aug  5 16:47:05 2009
@@ -118,8 +118,6 @@
 
     @Test
     public void testSessionDeleteOnExpiration() {
-
-        sm.setAutoCreateWhenInvalid(false);
         sm.setGlobalSessionTimeout(100);
 
         SessionDAO sessionDAO = createMock(SessionDAO.class);

Modified: incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java
(original)
+++ incubator/shiro/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java
Wed Aug  5 16:47:05 2009
@@ -18,10 +18,11 @@
  */
 package org.apache.shiro.session.mgt;
 
+import org.apache.shiro.session.ExpiredSessionException;
 import org.apache.shiro.util.ThreadContext;
 import org.junit.After;
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.fail;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -65,10 +66,11 @@
         session.setTimeout(100);
         assertEquals(100, session.getTimeout());
         sleep(150);
-        //now the underlying session should have been expired and a new one replaced by default.
-        //so ensure the replaced session has the default session timeout:
-        assertEquals(AbstractSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT, session.getTimeout());
-        assertFalse(origId.equals(session.getId())); //new ID would have been generated
+        try {
+            session.getTimeout();
+            fail("Session should have expired.");
+        } catch (ExpiredSessionException expected) {
+        }
     }
 
 }

Modified: incubator/shiro/trunk/samples/spring/src/main/webapp/WEB-INF/applicationContext.xml
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/samples/spring/src/main/webapp/WEB-INF/applicationContext.xml?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/samples/spring/src/main/webapp/WEB-INF/applicationContext.xml (original)
+++ incubator/shiro/trunk/samples/spring/src/main/webapp/WEB-INF/applicationContext.xml Wed
Aug  5 16:47:05 2009
@@ -44,6 +44,7 @@
         <!-- Single realm app.  If you have multiple realms, use the 'realms' property
instead. -->
         <property name="realm" ref="jdbcRealm"/>
         <property name="sessionMode" value="native"/>
+        <property name="globalSessionTimeout" value="5000"/>
     </bean>
 
     <!-- Used by the SecurityManager to access security data (users, roles, etc).

Modified: incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/AdviceFilter.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/AdviceFilter.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/AdviceFilter.java
(original)
+++ incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/AdviceFilter.java
Wed Aug  5 16:47:05 2009
@@ -18,17 +18,17 @@
  */
 package org.apache.shiro.web.servlet;
 
-import java.io.IOException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.io.IOException;
 
 /**
- * A Servlet Filter that enables AOP-style advice for a SerlvetRequest via
+ * A Servlet Filter that enables AOP-style &quot;around&quot; advice for a SerlvetRequest
via
  * {@link #preHandle(javax.servlet.ServletRequest, javax.servlet.ServletResponse) preHandle},
  * {@link #postHandle(javax.servlet.ServletRequest, javax.servlet.ServletResponse) postHandle},
  * and {@link #afterCompletion(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
Exception) afterCompletion}
@@ -39,7 +39,9 @@
  */
 public abstract class AdviceFilter extends OncePerRequestFilter {
 
-    /** The static logger available to this class only */
+    /**
+     * The static logger available to this class only
+     */
     private static final Logger log = LoggerFactory.getLogger(AdviceFilter.class);
 
     /**
@@ -143,7 +145,7 @@
         } catch (Exception e) {
             exception = e;
         } finally {
-            cleanup( request, response, exception );
+            cleanup(request, response, exception);
         }
     }
 
@@ -156,15 +158,15 @@
      * {@link #afterCompletion(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
Exception) afterCompletion}
      * as well as handles any exceptions properly.
      *
-     * @param request the incoming <code>ServletRequest</code>
+     * @param request  the incoming <code>ServletRequest</code>
      * @param response the outgoing <code>ServletResponse</code>
      * @param existing any exception that might have occurred while executing the <code>FilterChain</code>
or
-     * pre or post advice, or <code>null</code> if the pre/chain/post excution
did not throw an <code>Exception</code>.
+     *                 pre or post advice, or <code>null</code> if the pre/chain/post
excution did not throw an <code>Exception</code>.
      * @throws ServletException if any exception other than an <code>IOException</code>
is thrown.
-     * @throws IOException if the pre/chain/post execution throw an <code>IOException</code>
+     * @throws IOException      if the pre/chain/post execution throw an <code>IOException</code>
      */
-    protected void cleanup( ServletRequest request, ServletResponse response, Exception existing
)
-        throws ServletException, IOException {
+    protected void cleanup(ServletRequest request, ServletResponse response, Exception existing)
+            throws ServletException, IOException {
         Exception exception = existing;
         try {
             afterCompletion(request, response, exception);

Modified: incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java
(original)
+++ incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java
Wed Aug  5 16:47:05 2009
@@ -18,6 +18,7 @@
  */
 package org.apache.shiro.web;
 
+import org.apache.shiro.session.ExpiredSessionException;
 import org.apache.shiro.session.Session;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.util.ThreadContext;
@@ -72,7 +73,7 @@
     @Test
     public void testSessionTimeout() {
         shiroSessionModeInit();
-        long globalTimeout = 50;
+        long globalTimeout = 100;
         sm.setGlobalSessionTimeout(globalTimeout);
 
         HttpServletRequest mockRequest = createNiceMock(HttpServletRequest.class);
@@ -89,13 +90,14 @@
         Session session = subject.getSession();
         Serializable origId = session.getId();
         assertEquals(session.getTimeout(), globalTimeout);
-        session.setTimeout(100);
-        assertEquals(session.getTimeout(), 100);
+        session.setTimeout(125);
+        assertEquals(session.getTimeout(), 125);
         sleep(150);
-        //now the underlying session should have been expired and a new one replaced by default.
-        //so ensure the replaced session has the default session timeout:
-        assertEquals(session.getTimeout(), globalTimeout);
-        assertFalse(origId.equals(session.getId())); //new ID would have been generated
+        try {
+            session.getTimeout();
+            fail("Session should have expired.");
+        } catch (ExpiredSessionException expected) {
+        }
     }
 
     public static InetAddress getLocalHost() {

Modified: incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DelegatingWebSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DelegatingWebSecurityManagerTest.java?rev=801297&r1=801296&r2=801297&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DelegatingWebSecurityManagerTest.java
(original)
+++ incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DelegatingWebSecurityManagerTest.java
Wed Aug  5 16:47:05 2009
@@ -2,7 +2,6 @@
 
 import org.apache.shiro.mgt.SecurityManager;
 import org.apache.shiro.session.ExpiredSessionException;
-import org.apache.shiro.session.ReplacedSessionException;
 import org.apache.shiro.session.Session;
 import org.apache.shiro.session.mgt.AbstractSessionManager;
 import org.apache.shiro.subject.Subject;
@@ -10,7 +9,7 @@
 import static org.easymock.EasyMock.*;
 import org.junit.After;
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.fail;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -77,19 +76,14 @@
         expect(delegate.start((Map) null)).andReturn(sessionId);
         expect(delegate.getHostAddress(sessionId)).andReturn(host);
         expect(delegate.getTimeout(sessionId)).andReturn(AbstractSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT);
-        delegate.setTimeout(sessionId, 125);
+        delegate.setTimeout(sessionId, 125L);
         expectLastCall().times(1);
         expect(delegate.getTimeout(sessionId)).andReturn(125L);
         //pretend that 125ms have gone by
         Serializable replacedSessionId = UUID.randomUUID().toString();
         @SuppressWarnings({"ThrowableInstanceNeverThrown"})
-        ReplacedSessionException replaced =
-                new ReplacedSessionException("test", new ExpiredSessionException(sessionId),
-                        sessionId, replacedSessionId);
-        expect(delegate.getTimeout(sessionId)).andThrow(replaced);
-        //the DelegatingSession will re-try the call on a ReplacedSessionException
-        expect(delegate.getHostAddress(replacedSessionId)).andReturn(host);
-        expect(delegate.getTimeout(replacedSessionId)).andReturn(AbstractSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT);
+        ExpiredSessionException expired = new ExpiredSessionException("test", sessionId);
+        expect(delegate.getTimeout(sessionId)).andThrow(expired);
 
         replay(delegate);
         replay(mockRequest);
@@ -100,13 +94,13 @@
         assertEquals(AbstractSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT, session.getTimeout());
         session.setTimeout(125);
         assertEquals(125, session.getTimeout());
-        //sleep(175);
         //now the underlying session should have been expired and a new one replaced by default.
         //so ensure the replaced session has the default session timeout:
-        long timeout = session.getTimeout();
-        assertEquals(AbstractSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT, timeout);
-        assertFalse(id.equals(session.getId())); //new ID would have been generated
-
+        try {
+            session.getTimeout();
+            fail("Should have thrown an ExpiredSessionException");
+        } catch (ExpiredSessionException expected) {
+        }
         verify(delegate);
         verify(mockRequest);
     }



Mime
View raw message