@Override public void sessionDestroyed(HttpSessionEvent se) { if (authorizationManagers.isEmpty()) { return; } final User currentUser = (User) se.getSession().getAttribute(ServletSecurityAuthenticationService.USER_SESSION_ATTR_NAME); if (!ANONYMOUS.equals(currentUser)) { for (AuthorizationManager authorizationManager : authorizationManagers) { authorizationManager.invalidate(currentUser); } } } }
@Override public void sessionDestroyed(HttpSessionEvent se) { if (authorizationManagers.isEmpty()) { return; } final User currentUser = (User) se.getSession().getAttribute(ServletSecurityAuthenticationService.USER_SESSION_ATTR_NAME); if (!ANONYMOUS.equals(currentUser)) { for (AuthorizationManager authorizationManager : authorizationManagers) { authorizationManager.invalidate(currentUser); } } } }
@Test public void testSessionCleanup() { final AuthorizationManager authorizationManager1 = mock(AuthorizationManager.class); final AuthorizationManager authorizationManager2 = mock(AuthorizationManager.class); final Instance<AuthorizationManager> instances = mock(Instance.class); when(instances.iterator()).thenReturn(asList(authorizationManager1, authorizationManager2).iterator()); final CleanupSecurityCacheSessionListener listener = new CleanupSecurityCacheSessionListener(instances); final User user = new UserImpl("user", ImmutableSet.of(new RoleImpl("author"))); when(evt.getSession()).thenReturn(session); when(session.getAttribute(ServletSecurityAuthenticationService.USER_SESSION_ATTR_NAME)).thenReturn(user); listener.sessionDestroyed(evt); verify(authorizationManager1, times(1)).invalidate(user); verify(authorizationManager2, times(1)).invalidate(user); }
@Test public void testSessionCleanup() { final AuthorizationManager authorizationManager1 = mock(AuthorizationManager.class); final AuthorizationManager authorizationManager2 = mock(AuthorizationManager.class); final Instance<AuthorizationManager> instances = mock(Instance.class); when(instances.iterator()).thenReturn(asList(authorizationManager1, authorizationManager2).iterator()); final CleanupSecurityCacheSessionListener listener = new CleanupSecurityCacheSessionListener(instances); final User user = new UserImpl("user", ImmutableSet.of(new RoleImpl("author"))); when(evt.getSession()).thenReturn(session); when(session.getAttribute(ServletSecurityAuthenticationService.USER_SESSION_ATTR_NAME)).thenReturn(user); listener.sessionDestroyed(evt); verify(authorizationManager1, times(1)).invalidate(user); verify(authorizationManager2, times(1)).invalidate(user); }