diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java index 45da379fd38..e61c513f74f 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java @@ -28,6 +28,8 @@ import org.springframework.boot.WebApplicationType; import org.springframework.boot.autoconfigure.AutoConfigureAfter; import org.springframework.boot.autoconfigure.AutoConfigureBefore; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.boot.autoconfigure.condition.AnyNestedCondition; +import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; @@ -39,9 +41,14 @@ import org.springframework.boot.autoconfigure.data.redis.RedisReactiveAutoConfig import org.springframework.boot.autoconfigure.hazelcast.HazelcastAutoConfiguration; import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; import org.springframework.boot.autoconfigure.jdbc.JdbcTemplateAutoConfiguration; +import org.springframework.boot.autoconfigure.web.ServerProperties; import org.springframework.boot.autoconfigure.web.reactive.HttpHandlerAutoConfiguration; import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.boot.context.properties.PropertyMapper; +import org.springframework.boot.web.servlet.server.Session.Cookie; import org.springframework.context.ApplicationContext; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Conditional; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.context.annotation.ImportSelector; @@ -49,6 +56,10 @@ import org.springframework.core.type.AnnotationMetadata; import org.springframework.session.ReactiveSessionRepository; import org.springframework.session.Session; import org.springframework.session.SessionRepository; +import org.springframework.session.web.http.CookieHttpSessionIdResolver; +import org.springframework.session.web.http.CookieSerializer; +import org.springframework.session.web.http.DefaultCookieSerializer; +import org.springframework.session.web.http.HttpSessionIdResolver; import org.springframework.util.StringUtils; /** @@ -64,7 +75,7 @@ import org.springframework.util.StringUtils; @Configuration @ConditionalOnClass(Session.class) @ConditionalOnWebApplication -@EnableConfigurationProperties(SessionProperties.class) +@EnableConfigurationProperties({ ServerProperties.class, SessionProperties.class }) @AutoConfigureAfter({ DataSourceAutoConfiguration.class, HazelcastAutoConfiguration.class, JdbcTemplateAutoConfiguration.class, MongoDataAutoConfiguration.class, MongoReactiveDataAutoConfiguration.class, RedisAutoConfiguration.class, @@ -78,6 +89,23 @@ public class SessionAutoConfiguration { SessionRepositoryFilterConfiguration.class }) static class ServletSessionConfiguration { + @Bean + @Conditional(DefaultCookieSerializerCondition.class) + public DefaultCookieSerializer cookieSerializer( + ServerProperties serverProperties) { + Cookie cookie = serverProperties.getServlet().getSession().getCookie(); + DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer(); + PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull(); + map.from(cookie::getName).to(cookieSerializer::setCookieName); + map.from(cookie::getDomain).to(cookieSerializer::setDomainName); + map.from(cookie::getPath).to(cookieSerializer::setCookiePath); + map.from(cookie::getHttpOnly).to(cookieSerializer::setUseHttpOnlyCookie); + map.from(cookie::getSecure).to(cookieSerializer::setUseSecureCookie); + map.from(cookie::getMaxAge).to((maxAge) -> cookieSerializer + .setCookieMaxAge((int) maxAge.getSeconds())); + return cookieSerializer; + } + @Configuration @ConditionalOnMissingBean(SessionRepository.class) @Import({ ServletSessionRepositoryImplementationValidator.class, @@ -103,6 +131,31 @@ public class SessionAutoConfiguration { } + /** + * Condition to trigger the creation of a {@link DefaultCookieSerializer}. This kicks + * in if either no {@link HttpSessionIdResolver} and {@link CookieSerializer} beans + * are registered, or if {@link CookieHttpSessionIdResolver} is registered but + * {@link CookieSerializer} is not. + */ + static class DefaultCookieSerializerCondition extends AnyNestedCondition { + + DefaultCookieSerializerCondition() { + super(ConfigurationPhase.REGISTER_BEAN); + } + + @ConditionalOnMissingBean({ HttpSessionIdResolver.class, CookieSerializer.class }) + static class NoComponentsAvailable { + + } + + @ConditionalOnBean(CookieHttpSessionIdResolver.class) + @ConditionalOnMissingBean(CookieSerializer.class) + static class CookieHttpSessionIdResolverAvailable { + + } + + } + /** * {@link ImportSelector} base class to add {@link StoreType} configuration classes. */ diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java index ebef2df6069..58ec4ea9022 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java @@ -26,11 +26,9 @@ import org.junit.Test; import org.springframework.boot.autoconfigure.AutoConfigurations; import org.springframework.boot.autoconfigure.web.ServerProperties; -import org.springframework.boot.autoconfigure.web.servlet.ServletWebServerFactoryAutoConfiguration; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.boot.test.context.runner.WebApplicationContextRunner; import org.springframework.boot.web.servlet.FilterRegistrationBean; -import org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.session.MapSessionRepository; @@ -38,10 +36,13 @@ import org.springframework.session.SessionRepository; import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession; import org.springframework.session.web.http.CookieHttpSessionIdResolver; import org.springframework.session.web.http.DefaultCookieSerializer; +import org.springframework.session.web.http.HeaderHttpSessionIdResolver; +import org.springframework.session.web.http.HttpSessionIdResolver; import org.springframework.session.web.http.SessionRepositoryFilter; import org.springframework.test.util.ReflectionTestUtils; import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; /** * Tests for {@link SessionAutoConfiguration}. @@ -165,25 +166,83 @@ public class SessionAutoConfigurationTests extends AbstractSessionAutoConfigurat } @Test - public void sessionCookieConfigurationIsPickedUp() { - WebApplicationContextRunner webRunner = new WebApplicationContextRunner( - AnnotationConfigServletWebServerApplicationContext::new) - .withConfiguration(AutoConfigurations - .of(ServletWebServerFactoryAutoConfiguration.class)) - .withUserConfiguration(SessionRepositoryConfiguration.class) - .withPropertyValues("server.port=0", - "server.servlet.session.cookie.name=testname"); - webRunner.run((context) -> { - SessionRepositoryFilter filter = context - .getBean(SessionRepositoryFilter.class); - CookieHttpSessionIdResolver sessionIdResolver = (CookieHttpSessionIdResolver) ReflectionTestUtils - .getField(filter, "httpSessionIdResolver"); - DefaultCookieSerializer cookieSerializer = (DefaultCookieSerializer) ReflectionTestUtils - .getField(sessionIdResolver, "cookieSerializer"); - String cookieName = (String) ReflectionTestUtils.getField(cookieSerializer, - "cookieName"); - assertThat(cookieName).isEqualTo("testname"); - }); + public void sessionCookieConfigurationIsAppliedToAutoConfiguredCookieSerializer() { + this.contextRunner.withUserConfiguration(SessionRepositoryConfiguration.class) + .withPropertyValues("server.servlet.session.cookie.name=sid", + "server.servlet.session.cookie.domain=spring", + "server.servlet.session.cookie.path=/test", + "server.servlet.session.cookie.httpOnly=false", + "server.servlet.session.cookie.secure=false", + "server.servlet.session.cookie.maxAge=10s") + .run((context) -> { + DefaultCookieSerializer cookieSerializer = context + .getBean(DefaultCookieSerializer.class); + assertThat(cookieSerializer).hasFieldOrPropertyWithValue("cookieName", + "sid"); + assertThat(cookieSerializer).hasFieldOrPropertyWithValue("domainName", + "spring"); + assertThat(cookieSerializer).hasFieldOrPropertyWithValue("cookiePath", + "/test"); + assertThat(cookieSerializer) + .hasFieldOrPropertyWithValue("useHttpOnlyCookie", false); + assertThat(cookieSerializer) + .hasFieldOrPropertyWithValue("useSecureCookie", false); + assertThat(cookieSerializer) + .hasFieldOrPropertyWithValue("cookieMaxAge", 10); + }); + } + + @Test + public void autoConfiguredCookieSerializerIsUsedBySessionRepositoryFilter() { + this.contextRunner.withUserConfiguration(SessionRepositoryConfiguration.class) + .withPropertyValues("server.port=0").run((context) -> { + SessionRepositoryFilter filter = context + .getBean(SessionRepositoryFilter.class); + CookieHttpSessionIdResolver sessionIdResolver = (CookieHttpSessionIdResolver) ReflectionTestUtils + .getField(filter, "httpSessionIdResolver"); + DefaultCookieSerializer cookieSerializer = (DefaultCookieSerializer) ReflectionTestUtils + .getField(sessionIdResolver, "cookieSerializer"); + assertThat(cookieSerializer) + .isSameAs(context.getBean(DefaultCookieSerializer.class)); + }); + } + + @Test + public void autoConfiguredCookieSerializerBacksOffWhenUserConfiguresACookieSerializer() { + this.contextRunner + .withUserConfiguration(UserProvidedCookieSerializerConfiguration.class) + .run((context) -> { + assertThat(context).hasSingleBean(DefaultCookieSerializer.class); + assertThat(context).hasBean("myCookieSerializer"); + }); + } + + @Test + public void cookiesSerializerIsAutoConfiguredWhenUserConfiguresCookieHttpSessionIdResolver() { + this.contextRunner + .withUserConfiguration( + UserProvidedCookieHttpSessionStrategyConfiguration.class) + .run((context) -> assertThat( + context.getBeansOfType(DefaultCookieSerializer.class)) + .isNotEmpty()); + } + + @Test + public void autoConfiguredCookieSerializerBacksOffWhenUserConfiguresHeaderHttpSessionIdResolver() { + this.contextRunner + .withUserConfiguration( + UserProvidedHeaderHttpSessionStrategyConfiguration.class) + .run((context) -> assertThat( + context.getBeansOfType(DefaultCookieSerializer.class)).isEmpty()); + } + + @Test + public void autoConfiguredCookieSerializerBacksOffWhenUserConfiguresCustomHttpSessionIdResolver() { + this.contextRunner + .withUserConfiguration( + UserProvidedCustomHttpSessionStrategyConfiguration.class) + .run((context) -> assertThat( + context.getBeansOfType(DefaultCookieSerializer.class)).isEmpty()); } @Configuration @@ -202,4 +261,52 @@ public class SessionAutoConfigurationTests extends AbstractSessionAutoConfigurat } + @Configuration + @EnableSpringHttpSession + static class UserProvidedCookieSerializerConfiguration + extends SessionRepositoryConfiguration { + + @Bean + public DefaultCookieSerializer myCookieSerializer() { + return new DefaultCookieSerializer(); + } + + } + + @Configuration + @EnableSpringHttpSession + static class UserProvidedCookieHttpSessionStrategyConfiguration + extends SessionRepositoryConfiguration { + + @Bean + public CookieHttpSessionIdResolver httpSessionStrategy() { + return new CookieHttpSessionIdResolver(); + } + + } + + @Configuration + @EnableSpringHttpSession + static class UserProvidedHeaderHttpSessionStrategyConfiguration + extends SessionRepositoryConfiguration { + + @Bean + public HeaderHttpSessionIdResolver httpSessionStrategy() { + return HeaderHttpSessionIdResolver.xAuthToken(); + } + + } + + @Configuration + @EnableSpringHttpSession + static class UserProvidedCustomHttpSessionStrategyConfiguration + extends SessionRepositoryConfiguration { + + @Bean + public HttpSessionIdResolver httpSessionStrategy() { + return mock(HttpSessionIdResolver.class); + } + + } + }