Example usage for org.apache.shiro.web.subject WebSubject getSession

List of usage examples for org.apache.shiro.web.subject WebSubject getSession

  1. HOME
  2. Java
  3. org.apache.shiro
  4. org.apache.shiro.web.subject.*
  5. WebSubject
  6. getSession

Introduction

In this page you can find the example usage for org.apache.shiro.web.subject WebSubject getSession.

Prototype

Session getSession();

Source Link

Document

Returns the application Session associated with this Subject.

Usage

From source file:org.sonatype.nexus.security.StatelessAndStatefulWebSessionManagerTest.java

License:Open Source License

/**
 * Verifies a session is NOT stored in the when a stateless client logs in.  (uses the default MapCache impl)
 *//*  w w  w .  j  a  v a2  s.  c o m*/
@Test
public void testStatelessSession() {
    // mock a stateless client connection
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getHeader("X-Nexus-Session")).thenReturn("none");
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);

    // create a user and login
    WebSubject subject = new WebSubject.Builder(securityManager, request, response).buildWebSubject();
    subject.login(new UsernamePasswordToken("user", "user123"));

    verifyNoSessionStored();

    // verify accessing the session does not blow up
    subject.getSession().getAttributeKeys();

    // verify the session is NOT stored in a cache
    try {
        sessionManager.getSession(new DefaultSessionKey(subject.getSession().getId())); // again using the sessionManager
        Assert.fail("expected UnknownSessionException");
    } catch (UnknownSessionException e) {
        // expected
    }

    // force clearing the ehcache
    sessionDAO.getActiveSessionsCache().clear();

    // verify accessing the session does not blow up
    subject.getSession().getAttributeKeys();

    // using the sessionManager API will fail
    try {
        sessionManager.getSession(new DefaultSessionKey(subject.getSession().getId())); // again using the sessionManager
        Assert.fail("expected UnknownSessionException");
    } catch (UnknownSessionException e) {
        // expected
    }
}

From source file:org.sonatype.nexus.security.StatelessAndStatefulWebSessionManagerTest.java

License:Open Source License

/**
 * Verifies a session IS stored in the when a state-full client logs in.  (uses the default MapCache impl)
 *///from  www  . j av a2s . c  o m
@Test
public void testStateFullSession() {
    // mock a state-full client connection
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);

    // create a user and login
    WebSubject subject = new WebSubject.Builder(securityManager, request, response).buildWebSubject();
    subject.login(new UsernamePasswordToken("user", "user123"));

    // verify 1 active sessions
    verifySingleSessionStored(subject.getSession().getId());

    // verify accessing the session does not blow up
    subject.getSession().getAttributeKeys(); // directly against the subject object

    // force clearing the ehcache
    sessionDAO.getActiveSessionsCache().clear();

    // now the session should not be found
    try {
        subject.getSession().getAttributeKeys(); // directly against the subject object
        Assert.fail("expected UnknownSessionException");
    } catch (UnknownSessionException e) {
        // expected
    }

    try {
        sessionManager.getSession(new DefaultSessionKey(subject.getSession().getId())); // again using the sessionManager
        Assert.fail("expected UnknownSessionException");
    } catch (UnknownSessionException e) {
        // expected
    }
}