Commit Graph

83 Commits

Author SHA1 Message Date
Rob Winch
cc1d3a7e9e Add test for Redis onMessage w/ custom serializer
Issue gh-309
2016-02-04 14:12:24 -06:00
Rob Winch
bda5c85acf Cookie Value now sessionId + "." jvmRoute
If jvmRoute is set on DefaultCookieSerializer, then it sets the cookie
value to be:

sessionId + "." jvmRoute

Fixes gh-326
2016-01-29 16:50:22 -06:00
Rob Winch
f20acbf9b9 Automatically Index SecurityContext
Fixes gh-266
2016-01-29 16:27:19 -06:00
Rob Winch
ad09b498a3 FindByPrincipalNameSessionRepository -> FindByIndexNameSessionRepository
Fixes gh-342
2016-01-29 13:54:11 -06:00
Rob Winch
7a3bf533b3 Remove Compiler Warnings
Fixes gh-346
2016-01-29 12:13:03 -06:00
Rob Winch
22f6f9dd72 Polish GemFire
* Remove Compile Warnings
* Correct @since
* Add tests
* Add to What's New in documentation
2016-01-28 16:34:40 -06:00
John Blum
019e0083b0 Add GemFire Support
Fixes GH PR #148 and PR #308 implementing a GemFire Adapter to support
clustered HttpSessions in Spring Session.

* Resolve SGF-373 - Implement a Spring Session Adapter for GemFire backing
a HttpSession similar to the Redis support.
* Add Spring Session annotation to enable GemFire support with
@EnableGemFireHttpSession.
* Add extesion of SpringHttpSessionConfiguration to configure GemFire using
GemFireHttpSessionConfiguration.
* Add implementation of SessionRepository to access clustered, replicated
HttpSession state in GemFire with GemFireOperationsSessionRepository.
* Utilize GemFire Data Serialization framework to both replicate
HttpSession state information as well as handle deltas.
* Utilize GemFire OQL query to lookup arbitrary Session attributes by name,
and in particular the user authenticated principal name.
* Implment unit and integration tests, and in particular, tests for both
peer-to-peer (p2p) and client/server topologies.
* Set initial Spring Data GemFire version to 1.7.2.RELEASE, which depends
on Pivotal GemFire 8.1.0.
* Add documentation, Javadoc and samples along with additional Integration
Tests.

Fixes gh-148
2016-01-28 16:17:54 -06:00
Rob Winch
5dff0ff37b Migrate from fest-assert to assertj
Fixes gh-338
2016-01-25 19:41:54 -06:00
Rob Winch
969053fa87 SessionRepositoryMessageInterceptor updates lastAccessedTime
Fixes gh-325
2015-12-08 08:37:50 -06:00
Rob Winch
eb646ef5d8 SessionRepositoryFilter sets maxInactiveIntervalInSeconds on create
Fixes gh-324
2015-12-04 15:44:52 -06:00
Rob Winch
f14942edb0 Add Tests for Lazy Updates of Spring Session
Ensure that the session is only modified if it is accessed. This allows for
optimizations to ensure that for things like static resources there is
no need for hitting a data store.
2015-12-04 15:44:52 -06:00
Rob Winch
18a07abeb4 Merge pull request #316 from tsachev/gh-315
Don't send expirations del events when expiration time does not change.
2015-12-03 16:57:51 -06:00
Rob Winch
e766ad774d Make ServletContext Optional
Fixes gh-318
2015-12-03 16:46:41 -06:00
Rob Winch
b38cc74764 Include alias unless single id and default alias
Fixes gh-321
2015-12-03 14:38:25 -06:00
Vladimir Tsanev
d85624c58e Don't send expirations del events when expiration time does not change.
Expiration time is rounded up, so in case of many request per second from a
single session we can skip sending of delete event to reduce the traffic.
This is good because actually at the moment the redis repository is subscribed
for this events, even though it ignores them.

Fix gh-315
2015-11-26 14:43:31 +02:00
Rob Winch
41298c490e Remove warnings 2015-11-17 11:03:36 -06:00
Rob Winch
ee09a9e863 Add ExpiringSession setLastAccessedTime
Previously SessionRepository had to update the lastAccessTime when it was
loaded. This prevented inspecting the last access time. For example,
listing all the sessions for a specific user. Furthermore, it is
unintuitive that a read operation would update attributes on the domain
model.

This change introduces ExpiringSession setLastAccessedTime to allow setting
the expiration on the interface. This means that the SessionRepositoryFilter
can update the last accessed time.

Fixes gh-272
2015-11-17 10:47:42 -06:00
Rob Winch
8bd29c1ab2 HttpSessionListener sessionCreated id contains invalid ':'
Fixes gh-305
2015-11-16 16:12:35 -06:00
Rob Winch
8a5cba914b RedisOperationsSessionRepsitory only deletes once
Previously RedisOperationsSessionRepository incorrectly:

* Deleted the session
* Added the session
* Set the expiration to be 0

This commit ensures that if the expiration is 0 that the sesson is only
deleted.

Fixes gh-292
2015-11-16 10:52:39 -06:00
Rob Winch
2e82b311ee Fix custom MultiHttpSessionStrategy configuration
Fixes gh-303
2015-11-11 15:27:01 -06:00
Rob Winch
8c07537bec Add CookieSerializer Strategy
This allows for custom seralization of the Cookie.

Fixes gh-299
2015-11-11 15:25:27 -06:00
Rob Winch
489a26c14c Allow default RedisSerializer to be specified
Fixes gh-283
2015-08-31 10:26:48 -05:00
Rob Winch
5fd2c71559 Minimize MapSession's use of Secure Random
Previously when creating a MapSession from an existing session required
that UUID.randomUUID() be invoked. This could slow down the system
since it requires entropy.

MapSession now has a constructor that accepts the id which prevents
Secure random from being used when the session is already known.

Fixes gh-271
2015-08-19 11:38:17 -05:00
Rob Winch
db45698e25 Support application specific prefix
Fixes gh-166
2015-08-17 14:44:22 -05:00
Rob Winch
6234dd5681 Refactor tests
Prepare the tests for supporting an application prefix to ensure
there are no regressions.

Issue gh-166
2015-08-17 14:44:22 -05:00
Rob Winch
881ca7c2d4 Support querying for sessions by user identifier
Fixes gh-7
2015-08-17 14:41:55 -05:00
Rob Winch
21065b23c0 Add HttpSessionListener Support
Fixes gh-4
2015-08-12 16:55:01 -05:00
Rob Winch
6e1ecadcc4 Add Sesison to SessionExpiredEvent
Fixes gh-260
2015-08-12 16:49:10 -05:00
Rob Winch
690fbc8d3f RedisOperations<String,ExpiringSession> -> RedisOperations<Object,Object>
The RedisOperations manages more than just ExpiringSessions, so we need
to make this more generice.

Fixes gh-259
2015-08-12 16:37:56 -05:00
Rob Winch
3ba07ec0a8 Polish add SessionDeletedEvent & SessionExpiredEvent
* Add @author Mark Anderson for proper credit
* SessionDestroyedEvent no longer abstract to preserve passivity

Issue gh-258
2015-08-12 16:34:35 -05:00
Mark Anderson
7518306975 Add SessionExpiredEvent and SessionDeletedEvent
Fixes gh-258
2015-08-12 16:24:18 -05:00
Rob Winch
3a17a84434 Re-run Tests against Spring 3
Fixes gh-120
2015-07-29 11:18:51 -05:00
Rob Winch
d5484e15ca CookieHttpSessionStrategy only writes same Session once
If SessionRepositoryRequestWrapper.commitSession() is invoked twice
when a new session is created, then CookieHttpSessionStrategy will
add the same cookie twice. A couple examples of how this could happen:

* The response is committed and
  SessionRepositoryResponseWrapper.onResponseCommitted() invokes
  SessionRepositoryRequestWrapper.commitSession(). Then the finally
  block in SessionRepositoryFilter invokes
  SessionRepositoryRequestWrapper.commitSession() again.
* The new session is initialized and an Exception is thrown (i.e.
  gh-229). The SessionRepositoryFilter invokes
  SessionRepositoryRequestWrapper.commitSession() in the REQUEST
  dispatch. Then in the ERROR dispatch SessionRepositoryFilter invokes
  SessionRepositoryRequestWrapper.commitSession() invokes it again.

This commit ensures if the same Session is passed into
CookieHttpSessionStrategy multiple times within the same HttpServletRequest
it is only written once by keeping track of the sessions on a request
attribute.

Fixes gh-251
2015-07-28 15:01:51 -05:00
Rob Winch
3d93f2cf56 currentSession saved on HttpServletRequest attribute
Previously, if the following happened:

* New Session Created
* Exception thrown
* Exception processed by error handler within Servlet
* Error Handler used a session

The result would be two sessions were created. This means the
data from the first session was also lost. This happend
because ERROR dispatch is a separate Filter invocation where
the request is no longer wrapped.

This commit ensures that currentSession is saved on a
HttpServletRequest attribute so that the ERROR dispatch sees
that a session was already created.

Fixes: gh-229
2015-07-27 17:23:34 -05:00
Rob Winch
8929e85fb1 Fix Tests
These tests passed, but were technically incorrect. The
invalid tests were noticed when fixing gh-229.

Issue: gh-229
2015-07-27 17:11:04 -05:00
Rob Winch
b79913240d HttpServletRequest.changeSessionId() impacts previous references
Previously, if a user had a reference to an existing HttpSession and
changed the session id, it would not work. For example:

HttpSession s = request.getSession();
request.changeSessionId();
s.setAttribute(...);

This commit fixes holding on to a reference of an HttpSession when
the session id is changed.

Fixes gh-227
2015-07-27 15:25:58 -05:00
Rob Winch
4c24384243 Remove generic type from SpringSessionRepositoryFilterTests
If there is a generic type in tests, Eclipse cannot figure out that
it is a test. This makes it difficult to run in the IDE.
2015-07-27 15:13:49 -05:00
Rob Winch
1635ea90ca enableRedisKeyspaceNotificationsInitializer return type InitializingBean
Previously RedisHttpSessionConfiguration
enableRedisKeyspaceNotificationsInitializer return type was a package
protected class. This meant if someone extended
RedisHttpSessionConfiguration they got IllegalAccessErrors.

This changes the return type to InitializingBean.

Fixes gh-109
2015-07-25 08:09:51 -05:00
Rob Winch
1bee69ef15 Add tests for SessionRepositoryFilter set HttpSessionStrategy null
Issue gh-224
2015-07-24 16:53:00 -05:00
Rob Winch
23afc1b354 Fix RedisSessionExpirationPolicy to properly cleanup expired sessions
Previously forcibly cleaning up sessions was not working. All the cleanup
was done by Redis expiration. This meant that sessions would be kept alive
until Redis cleaned them up (non deterministic).

This commit resolves the mapping of expiration to session ids.

Fixes gh-169
2015-04-15 15:25:50 -05:00
Rob Winch
f711876347 Add test assert SessionRepository not invoked unless neededwq 2015-04-15 12:45:54 -05:00
Rob Winch
5879d15692 Valid HTTP session no longer invalidated when HttpSession not accessed
Fixes gh-188
2015-04-15 12:33:34 -05:00
Rob Winch
d2e5005fa0 Allow disabling configuration of Redis
Fixes gh-124
2015-04-14 22:34:01 -05:00
Rob Winch
4631b57531 Make Servlet 2.5 compatible
Fixes gh-111 gh-182
2015-04-07 22:12:40 -05:00
Rob Winch
9ac570cba7 Update to Spring IO version
- Update Spring Boot 1.2.3.RELEASE
- Update Spring Security 4.0.0.RELEASE
- Update Spring 4.1.6.RELEASE
- Update Groovy 2.3.8
- Update Jackson 2.4.5
- Update Jedis 2.5.2
- Update Spring Data Redis 1.4.2

Fixes gh-126
2015-04-07 16:30:57 -05:00
Rob Winch
3d1cd9fae4 Implement changeSessionId()
Fixes gh-152
2015-04-03 17:07:21 -05:00
Rob Winch
3c72828500 SessionRepositoryFilterTests better setup of next request 2015-04-03 16:11:41 -05:00
Rob Winch
eddb10d52c Make RedisHttpSessionConfiguration more XML friendly
* add setMaxInactiveIntervalInSeconds
* add default value for maxInactiveIntervalInSeconds

Fixes gh-105
2015-04-03 13:00:27 -05:00
Rob Winch
4dedb4d10a Spaces to tabs and license cleanup 2015-04-03 11:13:13 -05:00
Rob Winch
2d8664d841 OnCommittedResponseWrapper tracks getOutputStream().write(byte[]) properly
Fixes gh-171
2015-03-10 00:29:26 -05:00