1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.shiro.spring.remoting;
20
21 import org.aopalliance.intercept.MethodInvocation;
22 import org.apache.shiro.session.mgt.DefaultSessionKey;
23 import org.apache.shiro.session.mgt.SessionKey;
24 import org.apache.shiro.session.mgt.SessionManager;
25 import org.apache.shiro.util.ThreadContext;
26 import org.junit.After;
27 import org.junit.Before;
28 import org.junit.Test;
29 import org.springframework.remoting.support.RemoteInvocation;
30
31 import java.lang.reflect.Method;
32 import java.util.UUID;
33
34 import static org.easymock.EasyMock.*;
35 import static org.junit.Assert.assertEquals;
36 import static org.junit.Assert.assertNull;
37
38
39
40
41
42 public class SecureRemoteInvocationFactoryTest {
43
44 @Before
45 public void setup() {
46 ThreadContext.remove();
47 }
48
49 @After
50 public void tearDown() {
51 ThreadContext.remove();
52 }
53
54 protected Method getMethod(String name, Class clazz) {
55 Method[] methods = clazz.getMethods();
56 for (Method method : methods) {
57 if (method.getName().equals(name)) {
58 return method;
59 }
60 }
61 throw new IllegalStateException("'" + name + "' method should exist.");
62 }
63
64 @Test
65 public void testSessionManagerProxyStartRemoteInvocation() throws Exception {
66
67 SecureRemoteInvocationFactory factory = new SecureRemoteInvocationFactory();
68
69 MethodInvocation mi = createMock(MethodInvocation.class);
70 Method startMethod = getMethod("start", SessionManager.class);
71 expect(mi.getMethod()).andReturn(startMethod).anyTimes();
72
73 Object[] args = {"localhost"};
74 expect(mi.getArguments()).andReturn(args).anyTimes();
75
76 replay(mi);
77
78 RemoteInvocation ri = factory.createRemoteInvocation(mi);
79
80 verify(mi);
81
82 assertNull(ri.getAttribute(SecureRemoteInvocationFactory.SESSION_ID_KEY));
83 }
84
85 @Test
86 public void testSessionManagerProxyNonStartRemoteInvocation() throws Exception {
87
88 SecureRemoteInvocationFactory factory = new SecureRemoteInvocationFactory();
89
90 MethodInvocation mi = createMock(MethodInvocation.class);
91 Method method = getMethod("getSession", SessionManager.class);
92 expect(mi.getMethod()).andReturn(method).anyTimes();
93
94 String dummySessionId = UUID.randomUUID().toString();
95 SessionKey sessionKey = new DefaultSessionKey(dummySessionId);
96 Object[] args = {sessionKey};
97 expect(mi.getArguments()).andReturn(args).anyTimes();
98
99 replay(mi);
100
101 RemoteInvocation ri = factory.createRemoteInvocation(mi);
102
103 verify(mi);
104
105 assertEquals(dummySessionId, ri.getAttribute(SecureRemoteInvocationFactory.SESSION_ID_KEY));
106 }
107
108
109
110
111
112
113
114
115
116
117
118 }