#6094 Add a way to switch session key

svn changeset:20519/svn branch:6.7
author: Leif Åstrand <leif@vaadin.com> 2011-08-19 12:54:47 +0000
committer: Leif Åstrand <leif@vaadin.com> 2011-08-19 12:54:47 +0000
commit: 948aca0a6fceb8d9bcd659bc13926d2b95ac395d (patch)
tree: 62346b168919d4d7b8cc5844443b4431caf2127c /tests
parent: 2ff00c1bfdc5b62c7dca469d428fbef1a672ab52 (diff)
download: vaadin-framework-948aca0a6fceb8d9bcd659bc13926d2b95ac395d.tar.gz
vaadin-framework-948aca0a6fceb8d9bcd659bc13926d2b95ac395d.zip
2 files changed, 106 insertions, 0 deletions
diff --git a/tests/src/com/vaadin/tests/applicationcontext/ChangeSessionId.html b/tests/src/com/vaadin/tests/applicationcontext/ChangeSessionId.html
new file mode 100644
index 0000000000..6d028f1fea
--- /dev/null
+++ b/tests/src/com/vaadin/tests/applicationcontext/ChangeSessionId.html
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head profile="http://selenium-ide.openqa.org/profiles/test-case">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+<link rel="selenium.base" href="http://arturwin.office.itmill.com:8888/" />
+<title>ChangeSessionId</title>
+</head>
+<body>
+<table cellpadding="1" cellspacing="1" border="1">
+<thead>
+<tr><td rowspan="1" colspan="3">ChangeSessionId</td></tr>
+</thead><tbody>
+<tr>
+	<td>open</td>
+	<td>/run/com.vaadin.tests.applicationcontext.ChangeSessionId?restartApplication</td>
+	<td></td>
+</tr>
+<tr>
+	<td>click</td>
+	<td>vaadin=runcomvaadintestsapplicationcontextChangeSessionId::/VVerticalLayout[0]/ChildComponentContainer[1]/VButton[0]/domChild[0]/domChild[0]</td>
+	<td></td>
+</tr>
+<tr>
+	<td>click</td>
+	<td>vaadin=runcomvaadintestsapplicationcontextChangeSessionId::/VVerticalLayout[0]/ChildComponentContainer[2]/VButton[0]/domChild[0]/domChild[0]</td>
+	<td></td>
+</tr>
+<tr>
+	<td>assertText</td>
+	<td>vaadin=runcomvaadintestsapplicationcontextChangeSessionId::PID_SLog_row_1</td>
+	<td>2. Session id changed successfully from * to *</td>
+</tr>
+
+</tbody></table>
+</body>
+</html>
diff --git a/tests/src/com/vaadin/tests/applicationcontext/ChangeSessionId.java b/tests/src/com/vaadin/tests/applicationcontext/ChangeSessionId.java
new file mode 100644
index 0000000000..ddbbc49e68
--- /dev/null
+++ b/tests/src/com/vaadin/tests/applicationcontext/ChangeSessionId.java
@@ -0,0 +1,69 @@
+package com.vaadin.tests.applicationcontext;
+
+import com.vaadin.terminal.gwt.server.WebApplicationContext;
+import com.vaadin.tests.components.AbstractTestCase;
+import com.vaadin.tests.util.Log;
+import com.vaadin.ui.Button;
+import com.vaadin.ui.Button.ClickEvent;
+import com.vaadin.ui.Button.ClickListener;
+import com.vaadin.ui.Window;
+
+public class ChangeSessionId extends AbstractTestCase {
+
+    private Log log = new Log(5);
+    Button loginButton = new Button("Change session");
+    boolean requestSessionSwitch = false;
+
+    @Override
+    public void init() {
+        Window mainWindow = new Window("Sestest Application");
+        mainWindow.addComponent(log);
+        mainWindow.addComponent(loginButton);
+        mainWindow.addComponent(new Button("Show session id",
+                new Button.ClickListener() {
+
+                    public void buttonClick(ClickEvent event) {
+                        logSessionId();
+                    }
+                }));
+        setMainWindow(mainWindow);
+
+        loginButton.addListener(new ClickListener() {
+            public void buttonClick(ClickEvent event) {
+                WebApplicationContext context = ((WebApplicationContext) getContext());
+
+                String oldSessionId = context.getHttpSession().getId();
+                context.reinitializeSession();
+                String newSessionId = context.getHttpSession().getId();
+                if (oldSessionId.equals(newSessionId)) {
+                    log.log("FAILED! Both old and new session id is "
+                            + newSessionId);
+                } else {
+                    log.log("Session id changed successfully from "
+                            + oldSessionId + " to " + newSessionId);
+                }
+
+            }
+        });
+        logSessionId();
+    }
+
+    private void logSessionId() {
+        log.log("Session id: " + getSessionId());
+    }
+
+    protected String getSessionId() {
+        return ((WebApplicationContext) getContext()).getHttpSession().getId();
+    }
+
+    @Override
+    protected String getDescription() {
+        return "Tests that the session id can be changed to prevent session fixation attacks";
+    }
+
+    @Override
+    protected Integer getTicketNumber() {
+        return 6094;
+    }
+
+}
+\ No newline at end of file
author	Leif Åstrand <leif@vaadin.com>	2011-08-19 12:54:47 +0000
committer	Leif Åstrand <leif@vaadin.com>	2011-08-19 12:54:47 +0000
commit	948aca0a6fceb8d9bcd659bc13926d2b95ac395d (patch)
tree	62346b168919d4d7b8cc5844443b4431caf2127c /tests
parent	2ff00c1bfdc5b62c7dca469d428fbef1a672ab52 (diff)
download	vaadin-framework-948aca0a6fceb8d9bcd659bc13926d2b95ac395d.tar.gz vaadin-framework-948aca0a6fceb8d9bcd659bc13926d2b95ac395d.zip