SEC-1318: Added integration test for custom concurrency setup.

itest/web/pom.xml

@@ -19,9 +19,9 @@
           <classifier>jdk15</classifier>
         </dependency>
         <dependency>
-            <groupId>jwebunit</groupId>
-            <artifactId>jwebunit</artifactId>
-            <version>1.2</version>
+            <groupId>net.sourceforge.jwebunit</groupId>
+            <artifactId>jwebunit-htmlunit-plugin</artifactId>
+            <version>2.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>

itest/web/src/main/webapp/WEB-INF/http-security-custom-concurrency.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+    xmlns:beans="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
+
+    <http entry-point-ref="aep">
+        <intercept-url pattern="/login.jsp" filters="none" />
+        <intercept-url pattern="/**" access="ROLE_DEVELOPER,ROLE_USER" />
+
+        <session-management session-authentication-strategy-ref="sas"/>
+
+        <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
+        <custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
+    </http>
+
+    <beans:bean id="aep" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
+        <beans:property name="loginFormUrl" value="/login.jsp" />
+    </beans:bean>
+
+    <beans:bean id="myAuthFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
+        <beans:property name="sessionAuthenticationStrategy" ref="sas" />
+        <beans:property name="authenticationManager" ref="authenticationManager" />
+    </beans:bean>
+
+    <beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
+        <beans:property name="sessionRegistry" ref="sessionRegistry" />
+        <beans:property name="expiredUrl" value="/session-expired.htm" />
+    </beans:bean>
+
+    <beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
+        <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
+        <beans:property name="maximumSessions" value="1" />
+        <beans:property name="exceptionIfMaximumExceeded" value="true" />
+    </beans:bean>
+
+    <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
+
+</beans:beans>

itest/web/src/test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java

@@ -1,22 +1,21 @@
 package org.springframework.security.integration;
 
-import org.springframework.web.context.ContextLoaderListener;
-import org.springframework.web.context.WebApplicationContext;
-import org.springframework.web.context.support.WebApplicationContextUtils;
-import org.springframework.web.servlet.DispatcherServlet;
-import org.springframework.util.StringUtils;
+import javax.servlet.ServletContext;
 
-import net.sourceforge.jwebunit.WebTester;
+import net.sourceforge.jwebunit.junit.WebTester;
 
 import org.mortbay.jetty.Server;
 import org.mortbay.jetty.servlet.ServletHolder;
 import org.mortbay.jetty.webapp.WebAppContext;
-
-import javax.servlet.ServletContext;
-
-import org.testng.annotations.*;
-
-import com.meterware.httpunit.WebConversation;
+import org.springframework.security.web.session.HttpSessionEventPublisher;
+import org.springframework.util.StringUtils;
+import org.springframework.web.context.ContextLoaderListener;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.servlet.DispatcherServlet;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeClass;
 
 /**
  * Base class which allows the application to be started with a particular Spring application
@@ -63,6 +62,7 @@ public abstract class AbstractWebServerIntegrationTests {
 
         if (StringUtils.hasText(getContextConfigLocations())) {
             webCtx.addEventListener(new ContextLoaderListener());
+            webCtx.addEventListener(new HttpSessionEventPublisher());
             webCtx.getInitParams().put("contextConfigLocation", getContextConfigLocations());
         }
 
@@ -86,10 +86,10 @@ public abstract class AbstractWebServerIntegrationTests {
 
     @AfterMethod
     public void resetWebConversation() {
-        tester.getTestContext().setWebClient(new WebConversation());
+        tester.closeBrowser();
     }
 
-    private final String getBaseUrl() {
+    protected final String getBaseUrl() {
         int port = server.getConnectors()[0].getLocalPort();
         return "http://localhost:" + port + getContextPath() + "/";
     }
@@ -117,8 +117,8 @@ public abstract class AbstractWebServerIntegrationTests {
         tester.beginAt(url);
     }
 
-    protected final void setFormElement(String name, String value) {
-        tester.setFormElement(name, value);
+    protected final void setTextField(String name, String value) {
+        tester.setTextField(name, value);
     }
 
     protected final void assertFormPresent() {
@@ -133,8 +133,8 @@ public abstract class AbstractWebServerIntegrationTests {
 
     protected void login(String username, String password) {
         assertFormPresent();
-        setFormElement("j_username", username);
-        setFormElement("j_password", password);
+        setTextField("j_username", username);
+        setTextField("j_password", password);
         submit();
     }
 }

itest/web/src/test/java/org/springframework/security/integration/CustomConcurrentSessionManagementTests.java

@@ -0,0 +1,34 @@
+package org.springframework.security.integration;
+
+import net.sourceforge.jwebunit.junit.WebTester;
+
+import org.junit.Assert;
+import org.testng.annotations.Test;
+
+/**
+ * @author Luke Taylor
+ * @version $Id: InMemoryProviderWebAppTests.java 3949 2009-10-11 15:24:17Z ltaylor $
+ */
+public class CustomConcurrentSessionManagementTests extends AbstractWebServerIntegrationTests {
+
+    protected String getContextConfigLocations() {
+        return "/WEB-INF/http-security-custom-concurrency.xml /WEB-INF/in-memory-provider.xml";
+    }
+
+    @Test
+    public void maxConcurrentLoginsValueIsRespected() throws Exception {
+        beginAt("secure/index.html");
+        login("jimi", "jimispassword");
+        // Login again
+        System.out.println("Client: ******* Second login ******* ");
+        WebTester tester2 = new WebTester();
+        tester2.getTestContext().setBaseUrl(getBaseUrl());
+        tester2.beginAt("secure/index.html");
+        tester2.setTextField("j_username", "jimi");
+        tester2.setTextField("j_password", "jimispassword");
+        tester2.setIgnoreFailingStatusCodes(true);
+        tester2.submit();
+        Assert.assertTrue(tester2.getServerResponse().contains("Maximum sessions of 1 for this principal exceeded"));
+    }
+
+}

itest/web/src/test/java/org/springframework/security/integration/InMemoryProviderWebAppTests.java

@@ -1,5 +1,7 @@
 package org.springframework.security.integration;
 
+import net.sourceforge.jwebunit.junit.WebTester;
+
 import org.testng.annotations.Test;
 
 /**
@@ -47,4 +49,26 @@ public class InMemoryProviderWebAppTests extends AbstractWebServerIntegrationTes
         assertTextPresent("I'm file?with?special?chars.htm");
     }
 
+    @Test
+    public void maxConcurrentLoginsValueIsRespected() throws Exception {
+        System.out.println("Client: ******* First login ******* ");
+        beginAt("secure/index.html");
+        login("jimi", "jimispassword");
+        // Login again
+        System.out.println("Client: ******* Second login ******* ");
+        WebTester tester2 = new WebTester();
+        tester2.getTestContext().setBaseUrl(getBaseUrl());
+        tester2.beginAt("secure/index.html");
+        // seems to be a bug in checking for form here (it fails)
+        //tester2.assertFormPresent();
+        tester2.setTextField("j_username", "jimi");
+        tester2.setTextField("j_password", "jimispassword");
+        // tester2.submit() also fails to detect the form
+        tester2.getTestingEngine().submit();
+        // Try an use the original
+        System.out.println("Client: ******* Retry Original Session ******* ");
+        tester.gotoPage("secure/index.html");
+        tester.assertTextPresent("This session has been expired");
+    }
+
 }