ConcurrentSessionControllerImplTests xref


1   /* Copyright 2004, 2005 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.concurrent;
17  
18  import junit.framework.TestCase;
19  
20  import org.acegisecurity.Authentication;
21  import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
22  import org.acegisecurity.ui.WebAuthenticationDetails;
23  import org.springframework.mock.web.MockHttpServletRequest;
24  import org.springframework.mock.web.MockHttpSession;
25  
26  
27  /***
28   * Tests {@link ConcurrentSessionControllerImpl}.
29   *
30   * @author Ben Alex
31   * @version $Id: ConcurrentSessionControllerImplTests.java,v 1.4 2005/11/30 01:23:35 benalex Exp $
32   */
33  public class ConcurrentSessionControllerImplTests extends TestCase {
34      //~ Methods ================================================================
35  
36      public void testLifecycle() throws Exception {
37          // Build a test fixture
38          ConcurrentSessionControllerImpl sc = new ConcurrentSessionControllerImpl();
39          SessionRegistry registry = new SessionRegistryImpl();
40          sc.setSessionRegistry(registry);
41  
42          // Attempt to authenticate - it should be successful
43          Authentication auth = createAuthentication("bob", "1212");
44          sc.checkAuthenticationAllowed(auth);
45          sc.registerSuccessfulAuthentication(auth);
46  
47          String sessionId1 = ((WebAuthenticationDetails) auth.getDetails())
48              .getSessionId();
49          assertFalse(registry.getSessionInformation(sessionId1).isExpired());
50  
51          // Attempt to authenticate again - it should still be successful
52          sc.checkAuthenticationAllowed(auth);
53          sc.registerSuccessfulAuthentication(auth);
54  
55          // Attempt to authenticate with a different session for same principal - should fail
56          sc.setExceptionIfMaximumExceeded(true);
57  
58          Authentication auth2 = createAuthentication("bob", "1212");
59          assertFalse(registry.getSessionInformation(sessionId1).isExpired());
60  
61          try {
62              sc.checkAuthenticationAllowed(auth2);
63              fail("Should have thrown ConcurrentLoginException");
64          } catch (ConcurrentLoginException expected) {
65              assertTrue(true);
66          }
67  
68          // Attempt to authenticate with a different session for same principal - should expire first session
69          sc.setExceptionIfMaximumExceeded(false);
70  
71          Authentication auth3 = createAuthentication("bob", "1212");
72          sc.checkAuthenticationAllowed(auth3);
73          sc.registerSuccessfulAuthentication(auth3);
74  
75          String sessionId3 = ((WebAuthenticationDetails) auth3.getDetails())
76              .getSessionId();
77          assertTrue(registry.getSessionInformation(sessionId1).isExpired());
78          assertFalse(registry.getSessionInformation(sessionId3).isExpired());
79      }
80  
81      public void testStartupDetectsInvalidMaximumSessions()
82          throws Exception {
83          ConcurrentSessionControllerImpl sc = new ConcurrentSessionControllerImpl();
84          sc.setMaximumSessions(0);
85  
86          try {
87              sc.afterPropertiesSet();
88              fail("Should have thrown IAE");
89          } catch (IllegalArgumentException expected) {
90              assertTrue(true);
91          }
92      }
93  
94      public void testStartupDetectsInvalidSessionRegistry()
95          throws Exception {
96          ConcurrentSessionControllerImpl sc = new ConcurrentSessionControllerImpl();
97          sc.setSessionRegistry(null);
98  
99          try {
100             sc.afterPropertiesSet();
101             fail("Should have thrown IAE");
102         } catch (IllegalArgumentException expected) {
103             assertTrue(true);
104         }
105     }
106 
107     private Authentication createAuthentication(String user, String password) {
108         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(user,
109                 password);
110         auth.setDetails(createWebDetails(auth));
111 
112         return auth;
113     }
114 
115     private WebAuthenticationDetails createWebDetails(Authentication auth) {
116         MockHttpSession session = new MockHttpSession();
117         MockHttpServletRequest request = new MockHttpServletRequest();
118         request.setSession(session);
119         request.setUserPrincipal(auth);
120 
121         return new WebAuthenticationDetails(request);
122     }
123 }