SessionManagerTest.java

/*
 * RHQ Management Platform
 * Copyright 2011, Red Hat Middleware LLC, and individual contributors
 * as indicated by the @author tags. See the copyright.txt file in the
 * distribution for a full listing of individual contributors.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation version 2 of the License.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */

package org.rhq.enterprise.server.auth;

import java.util.Random;

import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

import org.rhq.core.domain.auth.Subject;

@Test
public class SessionManagerTest {
    private static final String TEST_USERNAME = "SessionManagerTestUsername";
    private SessionManager sessionManager = SessionManager.getInstance();

    private int initialSessionCount;

    // because the SessionManager is a singleton, some outside tests in other test classes/suites
    // might have added sessions to our manager previously. So get the number that we start with.
    @BeforeMethod
    public void getInitialSessionCount() {
        sessionManager.purgeTimedOutSessions();
        initialSessionCount = sessionManager.getSessionCount();
    }

    public void testLoginAndInvalidateBySessionId() throws Exception {
        Subject subject = sessionManager.put(getTestSubject());
        assert subject != null;
        assert subject.getSessionId() != null;
        assert (initialSessionCount + 1) == sessionManager.getSessionCount();

        Integer sessionId = subject.getSessionId();
        assert sessionManager.getLastAccess(sessionId) > 0;

        Subject subject2 = sessionManager.getSubject(subject.getSessionId());
        assert subject.equals(subject2);
        assert subject2.getSessionId() == subject.getSessionId();

        sessionManager.invalidate(sessionId); // invalidate by session ID

        try {
            sessionManager.getSubject(sessionId);
            assert false : "The session should be been invalidated";
        } catch (SessionNotFoundException ok) {
            // to be expected
        }

        assert sessionManager.getLastAccess(sessionId) == -1;
        assert initialSessionCount == sessionManager.getSessionCount(); // back to where we were
    }

    public void testLoginAndInvalidateBySubject() throws Exception {
        Subject subject = sessionManager.put(getTestSubject());
        assert subject != null;
        assert subject.getSessionId() != null;
        assert (initialSessionCount + 1) == sessionManager.getSessionCount();

        Integer sessionId = subject.getSessionId();
        assert sessionManager.getLastAccess(sessionId) > 0;

        Subject subject2 = sessionManager.getSubject(subject.getSessionId());
        assert subject.equals(subject2);
        assert subject2.getSessionId() == subject.getSessionId();

        sessionManager.invalidate(subject2.getName()); // invalidate by subject name

        try {
            sessionManager.getSubject(sessionId);
            assert false : "The session should be been invalidated";
        } catch (SessionNotFoundException ok) {
            // to be expected
        }

        assert sessionManager.getLastAccess(sessionId) == -1;
        assert initialSessionCount == sessionManager.getSessionCount(); // back to where we were
    }

    public void testTimeout() throws Exception {
        Subject subject = sessionManager.put(getTestSubject(), 1000L);
        assert null != sessionManager.getSubject(subject.getSessionId());
        assert (initialSessionCount + 1) == sessionManager.getSessionCount();

        Thread.sleep(1200L);

        try {
            sessionManager.getSubject(subject.getSessionId());
            assert false : "The session should have timed out";
        } catch (SessionTimeoutException e) {
            // to be expected
        }

        assert sessionManager.getLastAccess(subject.getSessionId()) == -1;
        assert initialSessionCount == sessionManager.getSessionCount(); // back to where we were
    }

    public void testTimeoutSomeSessions() throws Exception {
        Subject subject = sessionManager.put(getTestSubject(), 1000L);
        assert null != sessionManager.getSubject(subject.getSessionId());
        Subject subject2 = sessionManager.put(getNewSubject("longLivedUser"), 60000L);
        assert null != sessionManager.getSubject(subject2.getSessionId());
        assert (initialSessionCount + 2) == sessionManager.getSessionCount();
        Thread.sleep(1200L);

        try {
            sessionManager.getSubject(subject.getSessionId());
            assert false : "The session should have timed out";
        } catch (SessionTimeoutException e) {
            // to be expected
        }

        assert sessionManager.getLastAccess(subject.getSessionId()) == -1;

        // second subject should still have a valid session
        assert null != sessionManager.getSubject(subject2.getSessionId());
        assert sessionManager.getLastAccess(subject2.getSessionId()) > 0;
        assert (initialSessionCount + 1) == sessionManager.getSessionCount();

        sessionManager.invalidate(subject2.getSessionId()); // clean up test
        assert initialSessionCount == sessionManager.getSessionCount(); // back to where we were
    }

    public void testPurge() throws Exception {
        Subject subject1 = sessionManager.put(getNewSubject("shortLivedUser1"), 1000L);
        assert null != sessionManager.getSubject(subject1.getSessionId());
        Subject subject2 = sessionManager.put(getNewSubject("shortLivedUser2"), 1200L);
        assert null != sessionManager.getSubject(subject2.getSessionId());
        Subject subject3 = sessionManager.put(getNewSubject("longLivedUser"), 60000L);
        assert null != sessionManager.getSubject(subject3.getSessionId());
        assert (initialSessionCount + 3) == sessionManager.getSessionCount();
        Thread.sleep(1500L);

        sessionManager.purgeTimedOutSessions();
        assert (initialSessionCount + 1) == sessionManager.getSessionCount(); // 2 should have been purged, 1 should still be valid

        try {
            sessionManager.getSubject(subject1.getSessionId());
            assert false : "The session should not have been found - it should have been purged!";
        } catch (SessionNotFoundException e) {
            // to be expected
        }

        try {
            sessionManager.getSubject(subject2.getSessionId());
            assert false : "The session should not have been found - it should have been purged!!";
        } catch (SessionNotFoundException e) {
            // to be expected
        }

        // third subject should still have a valid session
        assert null != sessionManager.getSubject(subject3.getSessionId());

        // last access time should be -1 for the purged sessions
        assert sessionManager.getLastAccess(subject1.getSessionId()) == -1;
        assert sessionManager.getLastAccess(subject2.getSessionId()) == -1;
        assert sessionManager.getLastAccess(subject3.getSessionId()) > 0;

        // clean up test
        sessionManager.invalidate(subject3.getSessionId());
        assert initialSessionCount == sessionManager.getSessionCount(); // back to where we were
    }

    private Subject getTestSubject() {
        return getNewSubject(TEST_USERNAME);
    }

    private Subject getNewSubject(String username) {
        Subject s = new Subject(username, true, false);
        s.setId(new Random(System.currentTimeMillis()).nextInt());
        return s;
    }
}