ConcurrentSessionControllerImplTests xref


1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.concurrent;
17  
18  import junit.framework.TestCase;
19  
20  import org.acegisecurity.Authentication;
21  
22  import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
23  
24  import org.acegisecurity.ui.WebAuthenticationDetails;
25  
26  import org.springframework.mock.web.MockHttpServletRequest;
27  import org.springframework.mock.web.MockHttpSession;
28  
29  
30  /**
31   * Tests {@link ConcurrentSessionControllerImpl}.
32   *
33   * @author Ben Alex
34   * @version $Id: ConcurrentSessionControllerImplTests.java 1496 2006-05-23 13:38:33Z benalex $
35   */
36  public class ConcurrentSessionControllerImplTests extends TestCase {
37      //~ Methods ========================================================================================================
38  
39      private Authentication createAuthentication(String user, String password) {
40          UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(user, password);
41          auth.setDetails(createWebDetails(auth));
42  
43          return auth;
44      }
45  
46      private WebAuthenticationDetails createWebDetails(Authentication auth) {
47          MockHttpSession session = new MockHttpSession();
48          MockHttpServletRequest request = new MockHttpServletRequest();
49          request.setSession(session);
50          request.setUserPrincipal(auth);
51  
52          return new WebAuthenticationDetails(request);
53      }
54  
55      public void testLifecycle() throws Exception {
56          // Build a test fixture
57          ConcurrentSessionControllerImpl sc = new ConcurrentSessionControllerImpl();
58          SessionRegistry registry = new SessionRegistryImpl();
59          sc.setSessionRegistry(registry);
60  
61          // Attempt to authenticate - it should be successful
62          Authentication auth = createAuthentication("bob", "1212");
63          sc.checkAuthenticationAllowed(auth);
64          sc.registerSuccessfulAuthentication(auth);
65  
66          String sessionId1 = ((WebAuthenticationDetails) auth.getDetails()).getSessionId();
67          assertFalse(registry.getSessionInformation(sessionId1).isExpired());
68  
69          // Attempt to authenticate again - it should still be successful
70          sc.checkAuthenticationAllowed(auth);
71          sc.registerSuccessfulAuthentication(auth);
72  
73          // Attempt to authenticate with a different session for same principal - should fail
74          sc.setExceptionIfMaximumExceeded(true);
75  
76          Authentication auth2 = createAuthentication("bob", "1212");
77          assertFalse(registry.getSessionInformation(sessionId1).isExpired());
78  
79          try {
80              sc.checkAuthenticationAllowed(auth2);
81              fail("Should have thrown ConcurrentLoginException");
82          } catch (ConcurrentLoginException expected) {
83              assertTrue(true);
84          }
85  
86          // Attempt to authenticate with a different session for same principal - should expire first session
87          sc.setExceptionIfMaximumExceeded(false);
88  
89          Authentication auth3 = createAuthentication("bob", "1212");
90          sc.checkAuthenticationAllowed(auth3);
91          sc.registerSuccessfulAuthentication(auth3);
92  
93          String sessionId3 = ((WebAuthenticationDetails) auth3.getDetails()).getSessionId();
94          assertTrue(registry.getSessionInformation(sessionId1).isExpired());
95          assertFalse(registry.getSessionInformation(sessionId3).isExpired());
96      }
97  
98      public void testStartupDetectsInvalidMaximumSessions()
99          throws Exception {
100         ConcurrentSessionControllerImpl sc = new ConcurrentSessionControllerImpl();
101         sc.setMaximumSessions(0);
102 
103         try {
104             sc.afterPropertiesSet();
105             fail("Should have thrown IAE");
106         } catch (IllegalArgumentException expected) {
107             assertTrue(true);
108         }
109     }
110 
111     public void testStartupDetectsInvalidSessionRegistry()
112         throws Exception {
113         ConcurrentSessionControllerImpl sc = new ConcurrentSessionControllerImpl();
114         sc.setSessionRegistry(null);
115 
116         try {
117             sc.afterPropertiesSet();
118             fail("Should have thrown IAE");
119         } catch (IllegalArgumentException expected) {
120             assertTrue(true);
121         }
122     }
123 }