Move server.session.* to server.servlet.session.*

Closes gh-11589

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionProperties.java

@@ -23,7 +23,7 @@ import java.util.Set;
 
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.boot.autoconfigure.web.ServerProperties;
-import org.springframework.boot.autoconfigure.web.ServerProperties.Session;
+import org.springframework.boot.autoconfigure.web.ServerProperties.Servlet.Session;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.web.servlet.DispatcherType;
 import org.springframework.session.web.http.SessionRepositoryFilter;
@@ -53,7 +53,7 @@ public class SessionProperties {
 
 	public SessionProperties(ObjectProvider<ServerProperties> serverProperties) {
 		ServerProperties properties = serverProperties.getIfUnique();
-		Session session = (properties == null ? null : properties.getSession());
+		Session session = (properties == null ? null : properties.getServlet().getSession());
 		this.timeout = (session == null ? null : session.getTimeout());
 	}
 
@@ -68,7 +68,7 @@ public class SessionProperties {
 	/**
 	 * Return the session timeout.
 	 * @return the session timeout
-	 * @see ServerProperties#getSession()
+	 * @see ServerProperties.Servlet#getSession()
 	 */
 	public Duration getTimeout() {
 		return this.timeout;

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java

@@ -98,8 +98,6 @@ public class ServerProperties {
 	 */
 	private Duration connectionTimeout;
 
-	private final Session session = new Session();
-
 	@NestedConfigurationProperty
 	private Ssl ssl;
 
@@ -177,10 +175,6 @@ public class ServerProperties {
 		return this.error;
 	}
 
-	public Session getSession() {
-		return this.session;
-	}
-
 	public Ssl getSsl() {
 		return this.ssl;
 	}
@@ -236,6 +230,8 @@ public class ServerProperties {
 		@NestedConfigurationProperty
 		private final Jsp jsp = new Jsp();
 
+		private final Session session = new Session();
+
 		public String getContextPath() {
 			return this.contextPath;
 		}
@@ -268,6 +264,10 @@ public class ServerProperties {
 			return this.jsp;
 		}
 
+		public Session getSession() {
+			return this.session;
+		}
+
 		public String getServletMapping() {
 			if (this.path.equals("") || this.path.equals("/")) {
 				return "/";
@@ -319,196 +319,196 @@ public class ServerProperties {
 			return result;
 		}
 
-	}
-
-	/**
-	 * Session properties.
-	 */
-	public static class Session {
-
 		/**
-		 * Session timeout. If a duration suffix is not specified, seconds will be used.
+		 * Session properties.
 		 */
-		@DefaultDurationUnit(ChronoUnit.SECONDS)
+		public static class Session {
-		private Duration timeout;
-
-		/**
-		 * Session tracking modes (one or more of the following: "cookie", "url", "ssl").
-		 */
-		private Set<SessionTrackingMode> trackingModes;
-
-		/**
-		 * Whether to persist session data between restarts.
-		 */
-		private boolean persistent;
-
-		/**
-		 * Directory used to store session data.
-		 */
-		private File storeDir;
-
-		private final Cookie cookie = new Cookie();
-
-		public Cookie getCookie() {
-			return this.cookie;
-		}
-
-		public Duration getTimeout() {
-			return this.timeout;
-		}
-
-		public void setTimeout(Duration timeout) {
-			this.timeout = timeout;
-		}
-
-		public Set<SessionTrackingMode> getTrackingModes() {
-			return this.trackingModes;
-		}
-
-		public void setTrackingModes(Set<SessionTrackingMode> trackingModes) {
-			this.trackingModes = trackingModes;
-		}
-
-		public boolean isPersistent() {
-			return this.persistent;
-		}
-
-		public void setPersistent(boolean persistent) {
-			this.persistent = persistent;
-		}
-
-		public File getStoreDir() {
-			return this.storeDir;
-		}
-
-		public void setStoreDir(File storeDir) {
-			this.storeDir = storeDir;
-		}
-
-		/**
-		 * Cookie properties.
-		 */
-		public static class Cookie {
 
 			/**
-			 * Session cookie name.
+			 * Session timeout. If a duration suffix is not specified, seconds will be used.
-			 */
-			private String name;
-
-			/**
-			 * Domain for the session cookie.
-			 */
-			private String domain;
-
-			/**
-			 * Path of the session cookie.
-			 */
-			private String path;
-
-			/**
-			 * Comment for the session cookie.
-			 */
-			private String comment;
-
-			/**
-			 * "HttpOnly" flag for the session cookie.
-			 */
-			private Boolean httpOnly;
-
-			/**
-			 * "Secure" flag for the session cookie.
-			 */
-			private Boolean secure;
-
-			/**
-			 * Maximum age of the session cookie.
 			 */
 			@DefaultDurationUnit(ChronoUnit.SECONDS)
-			private Duration maxAge;
+			private Duration timeout;
 
-			public String getName() {
+			/**
-				return this.name;
+			 * Session tracking modes (one or more of the following: "cookie", "url", "ssl").
+			 */
+			private Set<SessionTrackingMode> trackingModes;
+
+			/**
+			 * Whether to persist session data between restarts.
+			 */
+			private boolean persistent;
+
+			/**
+			 * Directory used to store session data.
+			 */
+			private File storeDir;
+
+			private final Cookie cookie = new Cookie();
+
+			public Cookie getCookie() {
+				return this.cookie;
 			}
 
-			public void setName(String name) {
+			public Duration getTimeout() {
-				this.name = name;
+				return this.timeout;
 			}
 
-			public String getDomain() {
+			public void setTimeout(Duration timeout) {
-				return this.domain;
+				this.timeout = timeout;
 			}
 
-			public void setDomain(String domain) {
+			public Set<SessionTrackingMode> getTrackingModes() {
-				this.domain = domain;
+				return this.trackingModes;
 			}
 
-			public String getPath() {
+			public void setTrackingModes(Set<SessionTrackingMode> trackingModes) {
-				return this.path;
+				this.trackingModes = trackingModes;
 			}
 
-			public void setPath(String path) {
+			public boolean isPersistent() {
-				this.path = path;
+				return this.persistent;
 			}
 
-			public String getComment() {
+			public void setPersistent(boolean persistent) {
-				return this.comment;
+				this.persistent = persistent;
 			}
 
-			public void setComment(String comment) {
+			public File getStoreDir() {
-				this.comment = comment;
+				return this.storeDir;
 			}
 
-			public Boolean getHttpOnly() {
+			public void setStoreDir(File storeDir) {
-				return this.httpOnly;
+				this.storeDir = storeDir;
 			}
 
-			public void setHttpOnly(Boolean httpOnly) {
+			/**
-				this.httpOnly = httpOnly;
+			 * Cookie properties.
+			 */
+			public static class Cookie {
+
+				/**
+				 * Session cookie name.
+				 */
+				private String name;
+
+				/**
+				 * Domain for the session cookie.
+				 */
+				private String domain;
+
+				/**
+				 * Path of the session cookie.
+				 */
+				private String path;
+
+				/**
+				 * Comment for the session cookie.
+				 */
+				private String comment;
+
+				/**
+				 * "HttpOnly" flag for the session cookie.
+				 */
+				private Boolean httpOnly;
+
+				/**
+				 * "Secure" flag for the session cookie.
+				 */
+				private Boolean secure;
+
+				/**
+				 * Maximum age of the session cookie.
+				 */
+				@DefaultDurationUnit(ChronoUnit.SECONDS)
+				private Duration maxAge;
+
+				public String getName() {
+					return this.name;
+				}
+
+				public void setName(String name) {
+					this.name = name;
+				}
+
+				public String getDomain() {
+					return this.domain;
+				}
+
+				public void setDomain(String domain) {
+					this.domain = domain;
+				}
+
+				public String getPath() {
+					return this.path;
+				}
+
+				public void setPath(String path) {
+					this.path = path;
+				}
+
+				public String getComment() {
+					return this.comment;
+				}
+
+				public void setComment(String comment) {
+					this.comment = comment;
+				}
+
+				public Boolean getHttpOnly() {
+					return this.httpOnly;
+				}
+
+				public void setHttpOnly(Boolean httpOnly) {
+					this.httpOnly = httpOnly;
+				}
+
+				public Boolean getSecure() {
+					return this.secure;
+				}
+
+				public void setSecure(Boolean secure) {
+					this.secure = secure;
+				}
+
+				public Duration getMaxAge() {
+					return this.maxAge;
+				}
+
+				public void setMaxAge(Duration maxAge) {
+					this.maxAge = maxAge;
+				}
+
 			}
 
-			public Boolean getSecure() {
+			/**
-				return this.secure;
+			 * Available session tracking modes (mirrors
-			}
+			 * {@link javax.servlet.SessionTrackingMode}.
+			 */
+			public enum SessionTrackingMode {
 
-			public void setSecure(Boolean secure) {
+				/**
-				this.secure = secure;
+				 * Send a cookie in response to the client's first request.
-			}
+				 */
+				COOKIE,
 
-			public Duration getMaxAge() {
+				/**
-				return this.maxAge;
+				 * Rewrite the URL to append a session ID.
-			}
+				 */
+				URL,
+
+				/**
+				 * Use SSL build-in mechanism to track the session.
+				 */
+				SSL
 
-			public void setMaxAge(Duration maxAge) {
-				this.maxAge = maxAge;
 			}
 
 		}
-
-		/**
-		 * Available session tracking modes (mirrors
-		 * {@link javax.servlet.SessionTrackingMode}.
-		 */
-		public enum SessionTrackingMode {
-
-			/**
-			 * Send a cookie in response to the client's first request.
-			 */
-			COOKIE,
-
-			/**
-			 * Rewrite the URL to append a session ID.
-			 */
-			URL,
-
-			/**
-			 * Use SSL build-in mechanism to track the session.
-			 */
-			SSL
-
-		}
-
 	}
 
+
 	/**
 	 * Tomcat properties.
 	 */

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/servlet/DefaultServletWebServerFactoryCustomizer.java

@@ -24,7 +24,7 @@ import javax.servlet.ServletException;
 import javax.servlet.SessionCookieConfig;
 
 import org.springframework.boot.autoconfigure.web.ServerProperties;
-import org.springframework.boot.autoconfigure.web.ServerProperties.Session;
+import org.springframework.boot.autoconfigure.web.ServerProperties.Servlet.Session;
 import org.springframework.boot.autoconfigure.web.embedded.jetty.JettyCustomizer;
 import org.springframework.boot.autoconfigure.web.embedded.tomcat.TomcatCustomizer;
 import org.springframework.boot.autoconfigure.web.embedded.undertow.UndertowCustomizer;
@@ -89,11 +89,11 @@ public class DefaultServletWebServerFactoryCustomizer
 		if (this.serverProperties.getDisplayName() != null) {
 			factory.setDisplayName(this.serverProperties.getDisplayName());
 		}
-		if (this.serverProperties.getSession().getTimeout() != null) {
+		if (this.serverProperties.getServlet().getSession().getTimeout() != null) {
-			factory.setSessionTimeout(this.serverProperties.getSession().getTimeout());
+			factory.setSessionTimeout(this.serverProperties.getServlet().getSession().getTimeout());
 		}
-		factory.setPersistSession(this.serverProperties.getSession().isPersistent());
+		factory.setPersistSession(this.serverProperties.getServlet().getSession().isPersistent());
-		factory.setSessionStoreDir(this.serverProperties.getSession().getStoreDir());
+		factory.setSessionStoreDir(this.serverProperties.getServlet().getSession().getStoreDir());
 		if (this.serverProperties.getSsl() != null) {
 			factory.setSsl(this.serverProperties.getSsl());
 		}
@@ -121,7 +121,7 @@ public class DefaultServletWebServerFactoryCustomizer
 					(UndertowServletWebServerFactory) factory);
 		}
 		factory.addInitializers(
-				new SessionConfiguringInitializer(this.serverProperties.getSession()));
+				new SessionConfiguringInitializer(this.serverProperties.getServlet().getSession()));
 		factory.addInitializers(new InitParameterConfiguringServletContextInitializer(
 				this.serverProperties.getServlet().getContextParameters()));
 	}

spring-boot-project/spring-boot-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json

@@ -1020,6 +1020,96 @@
         "level": "error"
       }
     },
+    {
+      "name" : "server.session.cookie.comment",
+      "type" : "java.lang.String",
+      "description" : "Comment for the session cookie.",
+      "deprecation" : {
+        "replacement" : "server.servlet.session.cookie.comment",
+        "level" : "error"
+      }
+    }, {
+      "name" : "server.session.cookie.domain",
+      "type" : "java.lang.String",
+      "description" : "Domain for the session cookie.",
+      "deprecation" : {
+        "replacement" : "server.servlet.session.cookie.domain",
+        "level" : "error"
+      }
+    }, {
+      "name" : "server.session.cookie.http-only",
+      "type" : "java.lang.Boolean",
+      "description" : "\"HttpOnly\" flag for the session cookie.",
+      "deprecation" : {
+        "replacement" : "server.servlet.session.cookie.http-only",
+        "level" : "error"
+      }
+    }, {
+      "name" : "server.session.cookie.max-age",
+      "type" : "java.time.Duration",
+      "description" : "Maximum age of the session cookie.",
+      "deprecation" : {
+        "replacement" : "server.servlet.session.cookie.max-age",
+        "level" : "error"
+      }
+    }, {
+      "name" : "server.session.cookie.name",
+      "type" : "java.lang.String",
+      "description" : "Session cookie name.",
+      "deprecation" : {
+        "replacement" : "server.servlet.session.cookie.name",
+        "level" : "error"
+      }
+    }, {
+      "name" : "server.session.cookie.path",
+      "type" : "java.lang.String",
+      "description" : "Path of the session cookie.",
+      "deprecation" : {
+        "replacement" : "server.servlet.session.cookie.path",
+        "level" : "error"
+      }
+    }, {
+      "name" : "server.session.cookie.secure",
+      "type" : "java.lang.Boolean",
+      "description" : "\"Secure\" flag for the session cookie.",
+      "deprecation" : {
+        "replacement" : "server.servlet.session.cookie.secure",
+        "level" : "error"
+      }
+    }, {
+      "name" : "server.session.persistent",
+      "type" : "java.lang.Boolean",
+      "description" : "Whether to persist session data between restarts.",
+      "defaultValue" : false,
+      "deprecation" : {
+        "replacement" : "server.servlet.session.persistent",
+        "level" : "error"
+      }
+    }, {
+      "name" : "server.session.store-dir",
+      "type" : "java.io.File",
+      "description" : "Directory used to store session data.",
+      "deprecation" : {
+        "replacement" : "server.servlet.session.store-dir",
+        "level" : "error"
+      }
+    }, {
+      "name" : "server.session.timeout",
+      "type" : "java.time.Duration",
+      "description" : "Session timeout. If a duration suffix is not specified, seconds will be used.",
+      "deprecation" : {
+        "replacement" : "server.servlet.session.timeout",
+        "level" : "error"
+      }
+    }, {
+      "name" : "server.session.tracking-modes",
+      "type" : "java.util.Set<org.springframework.boot.autoconfigure.web.ServerProperties.Session.SessionTrackingMode>",
+      "description" : "Session tracking modes (one or more of the following: \"cookie\", \"url\", \"ssl\").",
+      "deprecation" : {
+        "replacement" : "server.servlet.session.tracking-modes",
+        "level" : "error"
+      }
+    },
     {
       "name": "server.undertow.buffers-per-region",
       "type": "java.lang.Integer",

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/servlet/DefaultServletWebServerFactoryCustomizerTests.java

@@ -212,15 +212,15 @@ public class DefaultServletWebServerFactoryCustomizerTests {
 	@Test
 	public void customizeSessionProperties() throws Exception {
 		Map<String, String> map = new HashMap<>();
-		map.put("server.session.timeout", "123");
+		map.put("server.servlet.session.timeout", "123");
-		map.put("server.session.tracking-modes", "cookie,url");
+		map.put("server.servlet.session.tracking-modes", "cookie,url");
-		map.put("server.session.cookie.name", "testname");
+		map.put("server.servlet.session.cookie.name", "testname");
-		map.put("server.session.cookie.domain", "testdomain");
+		map.put("server.servlet.session.cookie.domain", "testdomain");
-		map.put("server.session.cookie.path", "/testpath");
+		map.put("server.servlet.session.cookie.path", "/testpath");
-		map.put("server.session.cookie.comment", "testcomment");
+		map.put("server.servlet.session.cookie.comment", "testcomment");
-		map.put("server.session.cookie.http-only", "true");
+		map.put("server.servlet.session.cookie.http-only", "true");
-		map.put("server.session.cookie.secure", "true");
+		map.put("server.servlet.session.cookie.secure", "true");
-		map.put("server.session.cookie.max-age", "60");
+		map.put("server.servlet.session.cookie.max-age", "60");
 		bindProperties(map);
 		ConfigurableServletWebServerFactory factory = mock(
 				ConfigurableServletWebServerFactory.class);
@@ -536,7 +536,7 @@ public class DefaultServletWebServerFactoryCustomizerTests {
 	@Test
 	public void sessionStoreDir() {
 		Map<String, String> map = new HashMap<>();
-		map.put("server.session.store-dir", "myfolder");
+		map.put("server.servlet.session.store-dir", "myfolder");
 		bindProperties(map);
 		JettyServletWebServerFactory factory = spy(new JettyServletWebServerFactory());
 		this.customizer.customize(factory);

spring-boot-project/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/env/DevToolsPropertyDefaultsPostProcessor.java

@@ -50,7 +50,7 @@ public class DevToolsPropertyDefaultsPostProcessor implements EnvironmentPostPro
 		devToolsProperties.put("spring.freemarker.cache", "false");
 		devToolsProperties.put("spring.groovy.template.cache", "false");
 		devToolsProperties.put("spring.mustache.cache", "false");
-		devToolsProperties.put("server.session.persistent", "true");
+		devToolsProperties.put("server.servlet.session.persistent", "true");
 		devToolsProperties.put("spring.h2.console.enabled", "true");
 		devToolsProperties.put("spring.resources.cache.period", "0");
 		devToolsProperties.put("spring.resources.chain.cache", "false");

spring-boot-project/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc

@@ -194,17 +194,17 @@ content into your application. Rather, pick only the properties that you need.
 	server.servlet.jsp.init-parameters.*= # Init parameters used to configure the JSP servlet.
 	server.servlet.jsp.registered=true # Whether the JSP servlet is registered.
 	server.servlet.path=/ # Path of the main dispatcher servlet.
-	server.session.cookie.comment= # Comment for the session cookie.
+	server.servlet.session.cookie.comment= # Comment for the session cookie.
-	server.session.cookie.domain= # Domain for the session cookie.
+	server.servlet.session.cookie.domain= # Domain for the session cookie.
-	server.session.cookie.http-only= # "HttpOnly" flag for the session cookie.
+	server.servlet.session.cookie.http-only= # "HttpOnly" flag for the session cookie.
-	server.session.cookie.max-age= # Maximum age of the session cookie. If a duration suffix is not specified, seconds will be used.
+	server.servlet.session.cookie.max-age= # Maximum age of the session cookie. If a duration suffix is not specified, seconds will be used.
-	server.session.cookie.name= # Session cookie name.
+	server.servlet.session.cookie.name= # Session cookie name.
-	server.session.cookie.path= # Path of the session cookie.
+	server.servlet.session.cookie.path= # Path of the session cookie.
-	server.session.cookie.secure= # "Secure" flag for the session cookie.
+	server.servlet.session.cookie.secure= # "Secure" flag for the session cookie.
-	server.session.persistent=false # Whether to persist session data between restarts.
+	server.servlet.session.persistent=false # Whether to persist session data between restarts.
-	server.session.store-dir= # Directory used to store session data.
+	server.servlet.session.store-dir= # Directory used to store session data.
-	server.session.timeout= # Session timeout. If a duration suffix is not specified, seconds will be used.
+	server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds will be used.
-	server.session.tracking-modes= # Session tracking modes (one or more of the following: "cookie", "url", "ssl").
+	server.servlet.session.tracking-modes= # Session tracking modes (one or more of the following: "cookie", "url", "ssl").
 	server.ssl.ciphers= # Supported SSL ciphers.
 	server.ssl.client-auth= # Whether client authentication is wanted ("want") or needed ("need"). Requires a trust store.
 	server.ssl.enabled= # Enable SSL support.

spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc

@@ -2809,10 +2809,10 @@ Common server settings include:
 
 * Network settings: Listen port for incoming HTTP requests (`server.port`), interface
 address to bind to `server.address`, and so on.
-* Session settings: Whether the session is persistent (`server.session.persistence`),
+* Session settings: Whether the session is persistent (`server.servlet.session.persistence`),
-session timeout (`server.session.timeout`), location of session data
+session timeout (`server.servlet.session.timeout`), location of session data
-(`server.session.store-dir`), and session-cookie configuration
+(`server.servlet.session.store-dir`), and session-cookie configuration
-(`server.session.cookie.*`).
+(`server.servlet.session.cookie.*`).
 * Error management: Location of the error page (`server.error.path`) and so on.
 * <<howto.adoc#howto-configure-ssl,SSL>>
 * <<howto.adoc#how-to-enable-http-response-compression,HTTP compression>>

spring-boot-samples/spring-boot-sample-session-webflux/src/test/java/sample/session/SampleSessionWebFluxApplicationTests.java

@@ -38,7 +38,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest(properties = "server.session.timeout:2", webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@SpringBootTest(properties = "server.servlet.session.timeout:2", webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
 public class SampleSessionWebFluxApplicationTests {
 
 	@LocalServerPort

spring-boot-samples/spring-boot-sample-session/src/test/java/sample/session/SampleSessionApplicationTests.java

@@ -59,7 +59,7 @@ public class SampleSessionApplicationTests {
 	private ConfigurableApplicationContext createContext() {
 		ConfigurableApplicationContext context = new SpringApplicationBuilder()
 				.sources(SampleSessionApplication.class)
-				.properties("server.port:0", "server.session.timeout:1")
+				.properties("server.port:0", "server.servlet.session.timeout:1")
 				.initializers(new ServerPortInfoApplicationContextInitializer()).run();
 		return context;
 	}