org.springframework.security.web.session.HttpSessionCreatedEvent Java Examples

The following examples show how to use org.springframework.security.web.session.HttpSessionCreatedEvent. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SessionListener.java    From webanno with Apache License 2.0 6 votes vote down vote up
@EventListener
@Order(Ordered.HIGHEST_PRECEDENCE)
public void onSessionCreated(HttpSessionCreatedEvent aEvent)
{
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null) {
        log.trace("Session created for anonymous user [{}]", aEvent.getSession().getId());
        // We don't register anonymous un-authorized sessions.
        // If this were a pre-authenticated session, we'd have an authentication by now.
        // If it is using the form-based login, the login page handles registering the
        // session.
        return;
    }
    
    String username = authentication.getName();
    log.trace("Session created for user [{}] [{}]", username, aEvent.getSession().getId());
    sessionRegistry.registerNewSession(aEvent.getSession().getId(), username);
}
 
Example #2
Source File: SecurityContextRegistryImplTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@BeforeEach
void setUpBeforeMethod() {
  securityContextRegistry = new SecurityContextRegistryImpl();

  httpSessionWithSecurityContextId = "sessionWithSecurityContext";
  httpSessionWithSecurityContext =
      when(mock(HttpSession.class).getId())
          .thenReturn(httpSessionWithSecurityContextId)
          .getMock();
  securityContext = mock(SecurityContext.class);
  when(httpSessionWithSecurityContext.getAttribute("SPRING_SECURITY_CONTEXT"))
      .thenReturn(securityContext);
  securityContextRegistry.handleHttpSessionCreatedEvent(
      new HttpSessionCreatedEvent(httpSessionWithSecurityContext));

  httpSessionWithoutSecurityContextId = "sessionWithoutSecurityContext";
  HttpSession httpSessionWithoutSecurityContext =
      when(mock(HttpSession.class).getId())
          .thenReturn(httpSessionWithoutSecurityContextId)
          .getMock();
  securityContextRegistry.handleHttpSessionCreatedEvent(
      new HttpSessionCreatedEvent(httpSessionWithoutSecurityContext));
}
 
Example #3
Source File: SecurityContextRegistryImplTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testGetSecurityContextFromSessionUnexpectedValue() {
  String corruptHttpSessionId = "corruptSessionId";
  HttpSession corruptHttpSession =
      when(mock(HttpSession.class).getId()).thenReturn(corruptHttpSessionId).getMock();
  when(corruptHttpSession.getAttribute("SPRING_SECURITY_CONTEXT"))
      .thenReturn("corruptSecurityContext");
  securityContextRegistry.handleHttpSessionCreatedEvent(
      new HttpSessionCreatedEvent(corruptHttpSession));
  Exception exception =
      assertThrows(
          RuntimeException.class,
          () -> securityContextRegistry.getSecurityContext(corruptHttpSessionId));
  assertThat(exception.getMessage())
      .containsPattern(
          "Session attribute 'SPRING_SECURITY_CONTEXT' is of type 'String' instead of 'SecurityContext'");
}
 
Example #4
Source File: MatomoTelemetrySupportImpl.java    From webanno with Apache License 2.0 5 votes vote down vote up
@Override
@EventListener
public void onSessionCreated(HttpSessionCreatedEvent aEvent)
{
    // Listen explicitly ot all sessions so we catch sessions that get created and destroyed
    // within a PING period.
    if (isEnabled()) {
        updateActivePrincipals();
    }
}
 
Example #5
Source File: SecurityContextRegistryImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetSecurityContextInvalidatedSession() {
  String corruptHttpSessionId = "invalidSessionId";
  HttpSession corruptHttpSession =
      when(mock(HttpSession.class).getId()).thenReturn(corruptHttpSessionId).getMock();
  doThrow(IllegalStateException.class)
      .when(corruptHttpSession)
      .getAttribute("SPRING_SECURITY_CONTEXT");
  securityContextRegistry.handleHttpSessionCreatedEvent(
      new HttpSessionCreatedEvent(corruptHttpSession));
  assertNull(securityContextRegistry.getSecurityContext(corruptHttpSessionId));
}
 
Example #6
Source File: HttpSessionCreatedEventListener.java    From cia with Apache License 2.0 4 votes vote down vote up
@Override
public void onApplicationEvent(final HttpSessionCreatedEvent event) {
	LOGGER.info(LOG_MSG_SESSION_CREATED_SESSION_ID, event.getSession().getId());
}
 
Example #7
Source File: SecurityContextRegistryImpl.java    From molgenis with GNU Lesser General Public License v3.0 4 votes vote down vote up
@EventListener
public void handleHttpSessionCreatedEvent(HttpSessionCreatedEvent httpSessionCreatedEvent) {
  HttpSession session = httpSessionCreatedEvent.getSession();
  httpSessionMap.put(session.getId(), session);
}
 
Example #8
Source File: MatomoTelemetrySupport.java    From webanno with Apache License 2.0 votes vote down vote up
void onSessionCreated(HttpSessionCreatedEvent aEvent);