Java 类org.springframework.security.web.session.HttpSessionCreatedEvent 实例源码

@BeforeMethod
public void setUpBeforeMethod()
{
    securityContextRegistry = new SecurityContextRegistryImpl();

    httpSessionWithSecurityContextId = "sessionWithSecurityContext";
    httpSessionWithSecurityContext = when(mock(HttpSession.class).getId()).thenReturn(
            httpSessionWithSecurityContextId).getMock();
    securityContext = mock(SecurityContext.class);
    when(httpSessionWithSecurityContext.getAttribute("SPRING_SECURITY_CONTEXT")).thenReturn(securityContext);
    securityContextRegistry.handleHttpSessionCreatedEvent(
            new HttpSessionCreatedEvent(httpSessionWithSecurityContext));

    httpSessionWithoutSecurityContextId = "sessionWithoutSecurityContext";
    HttpSession httpSessionWithoutSecurityContext = when(mock(HttpSession.class).getId()).thenReturn(
            httpSessionWithoutSecurityContextId).getMock();
    securityContextRegistry.handleHttpSessionCreatedEvent(
            new HttpSessionCreatedEvent(httpSessionWithoutSecurityContext));
}

@Override
public void onApplicationEvent(HttpSessionCreatedEvent event) {
    int sessionTimeoutInSecs = sessionTimeoutInMins * 60;
    event.getSession().setMaxInactiveInterval(sessionTimeoutInSecs);

    logger.debug("Session Timeout is set as " + sessionTimeoutInSecs + " Seconds");
}

@Override
protected HazelcastHttpSession createNewSession(HazelcastRequestWrapper requestWrapper,
                                                boolean create,
                                                String existingSessionId) {
    HazelcastHttpSession session = super.createNewSession(requestWrapper, create, existingSessionId);
    ApplicationContext appContext =
            WebApplicationContextUtils.getWebApplicationContext(servletContext);
    if (appContext != null) {
        ensureSessionRegistryInitialized(appContext);
        if (sessionRegistry != null && session != null) {
            String originalSessionId = session.getOriginalSessionId();
            // If original session id is registered already, we don't need it.
            // So, we should remove it.
            sessionRegistry.removeSessionInformation(originalSessionId);
            // Publish event if this session is not registered
            if (!isSessionRegistered(session.getId())) {
                /**
                 * Publish an event to notify
                 * {@link org.springframework.security.core.session.SessionRegistry} instance.
                 * So Spring knows our Hazelcast session.
                 *
                 * If session is already exist
                 *      (
                 *          possibly added by
                 *          {@link org.springframework.security.web.session.HttpSessionEventPublisher} instance
                 *          which is defined in {@code web.xml} before
                 *          {@link com.hazelcast.web.SessionListener} to
                 *          {@link org.springframework.security.core.session.SessionRegistry}
                 *      ),
                 * it will be just updated.
                 */
                appContext.publishEvent(new HttpSessionCreatedEvent(session));

                LOGGER.finest("Published create session event for Spring for session with id "
                        + session.getId());
            }
        }
    }
    return session;
}

@Override
public void onApplicationEvent(
        HttpSessionCreatedEvent httpSessionCreatedEvent) {
    counter++;
    System.out.println("Total sessions created " + counter);

    Date timestamp = new Date(httpSessionCreatedEvent.getTimestamp());
    System.out.println("Session created at "
            + new SimpleDateFormat("yyyy-MM-dd").format(timestamp)
            + " and session is " + httpSessionCreatedEvent.getSession());
}

@Test(expectedExceptions = RuntimeException.class, expectedExceptionsMessageRegExp = "Session attribute 'SPRING_SECURITY_CONTEXT' is of type 'String' instead of 'SecurityContext'")
public void testGetSecurityContextFromSessionUnexpectedValue()
{
    String corruptHttpSessionId = "corruptSessionId";
    HttpSession corruptHttpSession = when(mock(HttpSession.class).getId()).thenReturn(corruptHttpSessionId)
                                                                          .getMock();
    when(corruptHttpSession.getAttribute("SPRING_SECURITY_CONTEXT")).thenReturn("corruptSecurityContext");
    securityContextRegistry.handleHttpSessionCreatedEvent(new HttpSessionCreatedEvent(corruptHttpSession));
    assertNull(securityContextRegistry.getSecurityContext(corruptHttpSessionId));
}

@Test
public void testGetSecurityContextInvalidatedSession()
{
    String corruptHttpSessionId = "invalidSessionId";
    HttpSession corruptHttpSession = when(mock(HttpSession.class).getId()).thenReturn(corruptHttpSessionId)
                                                                          .getMock();
    doThrow(IllegalStateException.class).when(corruptHttpSession).getAttribute("SPRING_SECURITY_CONTEXT");
    securityContextRegistry.handleHttpSessionCreatedEvent(new HttpSessionCreatedEvent(corruptHttpSession));
    assertNull(securityContextRegistry.getSecurityContext(corruptHttpSessionId));
}

@Override
public void onApplicationEvent(HttpSessionCreatedEvent httpSessionCreatedEvent) {
}

@Override
public void onApplicationEvent(final HttpSessionCreatedEvent event) {
    LOGGER.info(LOG_MSG_SESSION_CREATED_SESSION_ID, event.getSession().getId());
}

@EventListener
public void handleHttpSessionCreatedEvent(HttpSessionCreatedEvent httpSessionCreatedEvent)
{
    HttpSession session = httpSessionCreatedEvent.getSession();
    httpSessionMap.put(session.getId(), session);
}