| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 |
- package com.vaadin.tests.applicationcontext;
-
- import com.vaadin.server.VaadinService;
- import com.vaadin.tests.components.AbstractTestCase;
- import com.vaadin.tests.util.Log;
- import com.vaadin.ui.Button;
- import com.vaadin.ui.Button.ClickEvent;
- import com.vaadin.ui.Button.ClickListener;
- import com.vaadin.ui.LegacyWindow;
-
- public class ChangeSessionId extends AbstractTestCase {
-
- private Log log = new Log(5);
- Button loginButton = new Button("Change session");
- boolean requestSessionSwitch = false;
-
- @Override
- public void init() {
- LegacyWindow mainWindow = new LegacyWindow("Sestest Application");
- mainWindow.addComponent(log);
- mainWindow.addComponent(loginButton);
- mainWindow.addComponent(
- new Button("Show session id", new Button.ClickListener() {
-
- @Override
- public void buttonClick(ClickEvent event) {
- logSessionId();
- }
- }));
- setMainWindow(mainWindow);
-
- loginButton.addClickListener(new ClickListener() {
- @Override
- public void buttonClick(ClickEvent event) {
- String oldSessionId = getSessionId();
- VaadinService
- .reinitializeSession(VaadinService.getCurrentRequest());
- String newSessionId = getSessionId();
- if (oldSessionId.equals(newSessionId)) {
- log.log("FAILED! Both old and new session id is "
- + newSessionId);
- } else {
- log.log("Session id changed successfully from "
- + oldSessionId + " to " + newSessionId);
- }
-
- }
- });
- logSessionId();
- }
-
- private void logSessionId() {
- log.log("Session id: " + getSessionId());
- }
-
- protected String getSessionId() {
- return getContext().getSession().getId();
- }
-
- @Override
- protected String getDescription() {
- return "Tests that the session id can be changed to prevent session fixation attacks";
- }
-
- @Override
- protected Integer getTicketNumber() {
- return 6094;
- }
-
- }
|
