From 948aca0a6fceb8d9bcd659bc13926d2b95ac395d Mon Sep 17 00:00:00 2001 From: Leif Åstrand Date: Fri, 19 Aug 2011 12:54:47 +0000 Subject: #6094 Add a way to switch session key svn changeset:20519/svn branch:6.7 --- .../tests/applicationcontext/ChangeSessionId.html | 37 ++++++++++++ .../tests/applicationcontext/ChangeSessionId.java | 69 ++++++++++++++++++++++ 2 files changed, 106 insertions(+) create mode 100644 tests/src/com/vaadin/tests/applicationcontext/ChangeSessionId.html create mode 100644 tests/src/com/vaadin/tests/applicationcontext/ChangeSessionId.java (limited to 'tests') diff --git a/tests/src/com/vaadin/tests/applicationcontext/ChangeSessionId.html b/tests/src/com/vaadin/tests/applicationcontext/ChangeSessionId.html new file mode 100644 index 0000000000..6d028f1fea --- /dev/null +++ b/tests/src/com/vaadin/tests/applicationcontext/ChangeSessionId.html @@ -0,0 +1,37 @@ + + + + + + +ChangeSessionId + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ChangeSessionId
open/run/com.vaadin.tests.applicationcontext.ChangeSessionId?restartApplication
clickvaadin=runcomvaadintestsapplicationcontextChangeSessionId::/VVerticalLayout[0]/ChildComponentContainer[1]/VButton[0]/domChild[0]/domChild[0]
clickvaadin=runcomvaadintestsapplicationcontextChangeSessionId::/VVerticalLayout[0]/ChildComponentContainer[2]/VButton[0]/domChild[0]/domChild[0]
assertTextvaadin=runcomvaadintestsapplicationcontextChangeSessionId::PID_SLog_row_12. Session id changed successfully from * to *
+ + diff --git a/tests/src/com/vaadin/tests/applicationcontext/ChangeSessionId.java b/tests/src/com/vaadin/tests/applicationcontext/ChangeSessionId.java new file mode 100644 index 0000000000..ddbbc49e68 --- /dev/null +++ b/tests/src/com/vaadin/tests/applicationcontext/ChangeSessionId.java @@ -0,0 +1,69 @@ +package com.vaadin.tests.applicationcontext; + +import com.vaadin.terminal.gwt.server.WebApplicationContext; +import com.vaadin.tests.components.AbstractTestCase; +import com.vaadin.tests.util.Log; +import com.vaadin.ui.Button; +import com.vaadin.ui.Button.ClickEvent; +import com.vaadin.ui.Button.ClickListener; +import com.vaadin.ui.Window; + +public class ChangeSessionId extends AbstractTestCase { + + private Log log = new Log(5); + Button loginButton = new Button("Change session"); + boolean requestSessionSwitch = false; + + @Override + public void init() { + Window mainWindow = new Window("Sestest Application"); + mainWindow.addComponent(log); + mainWindow.addComponent(loginButton); + mainWindow.addComponent(new Button("Show session id", + new Button.ClickListener() { + + public void buttonClick(ClickEvent event) { + logSessionId(); + } + })); + setMainWindow(mainWindow); + + loginButton.addListener(new ClickListener() { + public void buttonClick(ClickEvent event) { + WebApplicationContext context = ((WebApplicationContext) getContext()); + + String oldSessionId = context.getHttpSession().getId(); + context.reinitializeSession(); + String newSessionId = context.getHttpSession().getId(); + if (oldSessionId.equals(newSessionId)) { + log.log("FAILED! Both old and new session id is " + + newSessionId); + } else { + log.log("Session id changed successfully from " + + oldSessionId + " to " + newSessionId); + } + + } + }); + logSessionId(); + } + + private void logSessionId() { + log.log("Session id: " + getSessionId()); + } + + protected String getSessionId() { + return ((WebApplicationContext) getContext()).getHttpSession().getId(); + } + + @Override + protected String getDescription() { + return "Tests that the session id can be changed to prevent session fixation attacks"; + } + + @Override + protected Integer getTicketNumber() { + return 6094; + } + +} \ No newline at end of file -- cgit v1.2.3