@Override public void start() throws Exception { Router router = Router.router(vertx); router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx))); router.route().handler(routingContext -> { Session session = routingContext.session(); Integer cnt = session.get("hitcount"); cnt = (cnt == null ? 0 : cnt) + 1; session.put("hitcount", cnt); routingContext.response().putHeader("content-type", "text/html") .end("<html><body><h1>Hitcount: " + cnt + "</h1></body></html>"); }); vertx.createHttpServer().requestHandler(router).listen(8080); } }
router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx)));
router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx)));
router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx)));
router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx)));
@Test public void testLastAccessed1() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store)); AtomicReference<Session> rid = new AtomicReference<>(); long start = System.currentTimeMillis(); router.route().handler(rc -> { rid.set(rc.session()); rc.response().end(); }); testRequest(HttpMethod.GET, "/", 200, "OK"); assertTrue(rid.get().lastAccessed() - start < 500); start = System.currentTimeMillis(); Thread.sleep(1000); testRequest(HttpMethod.GET, "/", 200, "OK"); assertTrue(rid.get().lastAccessed() - start >= 1000); }
@Test public void testLastAccessed2() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store)); AtomicReference<Session> rid = new AtomicReference<>(); router.route().handler(rc -> { rid.set(rc.session()); rc.session().put("foo", "bar"); vertx.setTimer(1000, tid -> rc.response().end()); }); testRequest(HttpMethod.GET, "/", 200, "OK"); // accessed() is called after request too assertTrue(rid.get().lastAccessed() - System.currentTimeMillis() < 500); }
@Test public void testIssue172_setnull() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store)); AtomicReference<Session> rid = new AtomicReference<>(); router.route().handler(rc -> { rid.set(rc.session()); rc.session().put("foo", null); vertx.setTimer(1000, tid -> rc.response().end()); }); testRequest(HttpMethod.GET, "/", 200, "OK"); }
@Test public void testSendRequiresAuthorityHasnotAuthority() throws Exception { sockJSHandler.bridge(defaultOptions.addInboundPermitted(new PermittedOptions().setAddress(addr).setRequiredAuthority("pick_nose"))); router.clear(); router.route().handler(CookieHandler.create()); SessionStore store = LocalSessionStore.create(vertx); router.route().handler(SessionHandler.create(store)); JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); addLoginHandler(router, authProvider); router.route("/eventbus/*").handler(sockJSHandler); testError(new JsonObject().put("type", "send").put("address", addr).put("body", "foo"), "access_denied"); }
@Test public void testSessionCookieSecureFlagAndHttpOnlyFlags() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setCookieSecureFlag(true).setCookieHttpOnlyFlag(true)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("; Secure")); assertTrue(setCookie.contains("; HTTPOnly")); }, 200, "OK", null); }
@Test public void testSessionCookieSecureFlag() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setCookieSecureFlag(true)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("; Secure")); }, 200, "OK", null); }
@Test public void testSessionCookiePath() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setSessionCookiePath("/path")); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("Path=/path")); }, 200, "OK", null); }
@Test public void testSessionCookieHttpOnlyFlag() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setCookieHttpOnlyFlag(true)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("; HTTPOnly")); }, 200, "OK", null); }
@Test public void testSessionCookieName() throws Exception { router.route().handler(CookieHandler.create()); String sessionCookieName = "acme.sillycookie"; router.route().handler(SessionHandler.create(store).setSessionCookieName(sessionCookieName)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.startsWith(sessionCookieName + "=")); }, 200, "OK", null); }
@Test public void testSessionFields() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store)); AtomicReference<String> rid = new AtomicReference<>(); router.route().handler(rc -> { Session sess = rc.session(); assertNotNull(sess); assertTrue(System.currentTimeMillis() - sess.lastAccessed() < 500); assertNotNull(sess.id()); rid.set(sess.value()); assertFalse(sess.isDestroyed()); assertEquals(SessionHandler.DEFAULT_SESSION_TIMEOUT, sess.timeout()); rc.response().end(); }); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.startsWith(SessionHandler.DEFAULT_SESSION_COOKIE_NAME + "=")); int pos = setCookie.indexOf("; Path=" + SessionHandler.DEFAULT_SESSION_COOKIE_PATH); String sessID = setCookie.substring(18, pos); assertEquals(rid.get(), sessID); }, 200, "OK", null); }
router.route().handler(CookieHandler.create()); SessionStore store = getSessionStore(); router.route().handler(SessionHandler.create(store));
@Test public void testSessionIdLength() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store)); router.route("/1").handler(rc -> { // previous id must match assertFalse("abc".equals(rc.session().id())); rc.response().end(); }); testRequest(HttpMethod.GET, "/1", req -> req.putHeader("cookie", "vertx-web.session=abc; Path=/"), resp -> { String setCookie = resp.headers().get("set-cookie"); assertNotNull(setCookie); }, 200, "OK", null); }
@Override public void setUp() throws Exception { super.setUp(); JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); // create a chain chain = ChainAuthHandler.create(); chain .append(JWTAuthHandler.create(null)) .append(BasicAuthHandler.create(authProvider)) .append(RedirectAuthHandler.create(authProvider)); router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx))); router.route().handler(chain); router.route().handler(ctx -> ctx.response().end()); }
@Test public void testSendRequiresAuthorityHasAuthority() throws Exception { sockJSHandler.bridge(defaultOptions.addInboundPermitted(new PermittedOptions().setAddress(addr).setRequiredAuthority("bang_sticks"))); router.clear(); router.route().handler(CookieHandler.create()); SessionStore store = LocalSessionStore.create(vertx); router.route().handler(SessionHandler.create(store)); JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); addLoginHandler(router, authProvider); router.route("/eventbus/*").handler(sockJSHandler); testSend("foo"); }
@Test public void testSessionCookieAttack() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store)); // faking that there was some auth error router.route().handler(rc -> rc.fail(401)); testRequest(HttpMethod.GET, "/", null, resp -> assertNull(resp.headers().get("set-cookie")), 401, "Unauthorized", null); }