Phillip Webb
commit
6e9f2e42af
|
|
@ -61,6 +61,7 @@ import org.springframework.session.web.http.CookieHttpSessionIdResolver;
|
||||||
import org.springframework.session.web.http.CookieSerializer;
|
import org.springframework.session.web.http.CookieSerializer;
|
||||||
import org.springframework.session.web.http.DefaultCookieSerializer;
|
import org.springframework.session.web.http.DefaultCookieSerializer;
|
||||||
import org.springframework.session.web.http.HttpSessionIdResolver;
|
import org.springframework.session.web.http.HttpSessionIdResolver;
|
||||||
|
import org.springframework.util.ClassUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@link EnableAutoConfiguration Auto-configuration} for Spring Session.
|
* {@link EnableAutoConfiguration Auto-configuration} for Spring Session.
|
||||||
|
|
@ -83,6 +84,8 @@ import org.springframework.session.web.http.HttpSessionIdResolver;
|
||||||
@AutoConfigureBefore(HttpHandlerAutoConfiguration.class)
|
@AutoConfigureBefore(HttpHandlerAutoConfiguration.class)
|
||||||
public class SessionAutoConfiguration {
|
public class SessionAutoConfiguration {
|
||||||
|
|
||||||
|
private static final String REMEMBER_ME_SERVICES_CLASS = "org.springframework.security.web.authentication.RememberMeServices";
|
||||||
|
|
||||||
@Configuration(proxyBeanMethods = false)
|
@Configuration(proxyBeanMethods = false)
|
||||||
@ConditionalOnWebApplication(type = Type.SERVLET)
|
@ConditionalOnWebApplication(type = Type.SERVLET)
|
||||||
@Import({ ServletSessionRepositoryValidator.class,
|
@Import({ ServletSessionRepositoryValidator.class,
|
||||||
|
|
@ -91,8 +94,8 @@ public class SessionAutoConfiguration {
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@Conditional(DefaultCookieSerializerCondition.class)
|
@Conditional(DefaultCookieSerializerCondition.class)
|
||||||
public DefaultCookieSerializer cookieSerializer(ServerProperties serverProperties,
|
public DefaultCookieSerializer cookieSerializer(
|
||||||
ObjectProvider<SpringSessionRememberMeServices> springSessionRememberMeServices) {
|
ServerProperties serverProperties) {
|
||||||
Cookie cookie = serverProperties.getServlet().getSession().getCookie();
|
Cookie cookie = serverProperties.getServlet().getSession().getCookie();
|
||||||
DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
|
DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
|
||||||
PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
|
PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
|
||||||
|
|
@ -103,9 +106,11 @@ public class SessionAutoConfiguration {
|
||||||
map.from(cookie::getSecure).to(cookieSerializer::setUseSecureCookie);
|
map.from(cookie::getSecure).to(cookieSerializer::setUseSecureCookie);
|
||||||
map.from(cookie::getMaxAge).to((maxAge) -> cookieSerializer
|
map.from(cookie::getMaxAge).to((maxAge) -> cookieSerializer
|
||||||
.setCookieMaxAge((int) maxAge.getSeconds()));
|
.setCookieMaxAge((int) maxAge.getSeconds()));
|
||||||
springSessionRememberMeServices.ifAvailable((
|
if (ClassUtils.isPresent(REMEMBER_ME_SERVICES_CLASS,
|
||||||
rememberMeServices) -> cookieSerializer.setRememberMeRequestAttribute(
|
getClass().getClassLoader())) {
|
||||||
SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR));
|
new RememberMeServicesCookieSerializerCustomizer()
|
||||||
|
.apply(cookieSerializer);
|
||||||
|
}
|
||||||
return cookieSerializer;
|
return cookieSerializer;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -134,6 +139,19 @@ public class SessionAutoConfiguration {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Customization log for {@link SpringSessionRememberMeServices} that is only
|
||||||
|
* instantiated when Spring Security is on the classpath.
|
||||||
|
*/
|
||||||
|
static class RememberMeServicesCookieSerializerCustomizer {
|
||||||
|
|
||||||
|
public void apply(DefaultCookieSerializer cookieSerializer) {
|
||||||
|
cookieSerializer.setRememberMeRequestAttribute(
|
||||||
|
SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Condition to trigger the creation of a {@link DefaultCookieSerializer}. This kicks
|
* Condition to trigger the creation of a {@link DefaultCookieSerializer}. This kicks
|
||||||
* in if either no {@link HttpSessionIdResolver} and {@link CookieSerializer} beans
|
* in if either no {@link HttpSessionIdResolver} and {@link CookieSerializer} beans
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2012-2018 the original author or authors.
|
* Copyright 2012-2019 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
|
@ -16,10 +16,16 @@
|
||||||
|
|
||||||
package org.springframework.boot.autoconfigure.session;
|
package org.springframework.boot.autoconfigure.session;
|
||||||
|
|
||||||
|
import java.util.Collections;
|
||||||
|
|
||||||
import org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext;
|
import org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext;
|
||||||
import org.springframework.boot.test.context.assertj.AssertableWebApplicationContext;
|
import org.springframework.boot.test.context.assertj.AssertableWebApplicationContext;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.session.MapSessionRepository;
|
||||||
import org.springframework.session.ReactiveSessionRepository;
|
import org.springframework.session.ReactiveSessionRepository;
|
||||||
import org.springframework.session.SessionRepository;
|
import org.springframework.session.SessionRepository;
|
||||||
|
import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
|
||||||
import org.springframework.session.web.http.SessionRepositoryFilter;
|
import org.springframework.session.web.http.SessionRepositoryFilter;
|
||||||
import org.springframework.web.server.session.WebSessionManager;
|
import org.springframework.web.server.session.WebSessionManager;
|
||||||
|
|
||||||
|
|
@ -51,4 +57,15 @@ public abstract class AbstractSessionAutoConfigurationTests {
|
||||||
return type.cast(repository);
|
return type.cast(repository);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
@EnableSpringHttpSession
|
||||||
|
static class SessionRepositoryConfiguration {
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public MapSessionRepository mySessionRepository() {
|
||||||
|
return new MapSessionRepository(Collections.emptyMap());
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,55 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2012-2019 the original author or authors.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.springframework.boot.autoconfigure.session;
|
||||||
|
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.junit.runner.RunWith;
|
||||||
|
|
||||||
|
import org.springframework.boot.autoconfigure.AutoConfigurations;
|
||||||
|
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
|
||||||
|
import org.springframework.boot.testsupport.runner.classpath.ClassPathExclusions;
|
||||||
|
import org.springframework.boot.testsupport.runner.classpath.ModifiedClassPathRunner;
|
||||||
|
import org.springframework.session.web.http.DefaultCookieSerializer;
|
||||||
|
|
||||||
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests for {@link SessionAutoConfiguration} when Spring Security is not on the
|
||||||
|
* classpath.
|
||||||
|
*
|
||||||
|
* @author Vedran Pavic
|
||||||
|
*/
|
||||||
|
@RunWith(ModifiedClassPathRunner.class)
|
||||||
|
@ClassPathExclusions("spring-security-*")
|
||||||
|
public class SessionAutoConfigurationWithoutSecurityTests
|
||||||
|
extends AbstractSessionAutoConfigurationTests {
|
||||||
|
|
||||||
|
private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
|
||||||
|
.withConfiguration(AutoConfigurations.of(SessionAutoConfiguration.class));
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void sessionCookieConfigurationIsAppliedToAutoConfiguredCookieSerializer() {
|
||||||
|
this.contextRunner.withUserConfiguration(SessionRepositoryConfiguration.class)
|
||||||
|
.run((context) -> {
|
||||||
|
DefaultCookieSerializer cookieSerializer = context
|
||||||
|
.getBean(DefaultCookieSerializer.class);
|
||||||
|
assertThat(cookieSerializer).hasFieldOrPropertyWithValue(
|
||||||
|
"rememberMeRequestAttribute", null);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue