From 3f4873f0eb95d37056597b7edc44ae0885459dbe Mon Sep 17 00:00:00 2001 From: Vedran Pavic Date: Fri, 3 Aug 2018 22:57:14 +0200 Subject: [PATCH] Simplify tests related to SameSite cookie directive support Closes gh-1147 --- .../RememberMeSecurityConfigurationTests.java | 15 +-- ...memberMeSecurityConfigurationXmlTests.java | 15 +-- .../java/sample/FindByUsernameTests.java | 73 --------------- .../java/sample/BootTests.java | 80 ---------------- .../java/sample/HttpRedisJsonTest.java | 71 --------------- .../java/sample/BootTests.java | 73 --------------- .../CookieHttpSessionIdResolverTests.java | 21 ++--- .../http/DefaultCookieSerializerTests.java | 31 ++++--- .../web/http/ResponseCookieParser.java | 91 ------------------- .../http/SessionRepositoryFilterTests.java | 39 +++----- 10 files changed, 39 insertions(+), 470 deletions(-) delete mode 100644 spring-session-core/src/test/java/org/springframework/session/web/http/ResponseCookieParser.java diff --git a/docs/src/test/java/docs/security/RememberMeSecurityConfigurationTests.java b/docs/src/test/java/docs/security/RememberMeSecurityConfigurationTests.java index a3c00299..3140cae2 100644 --- a/docs/src/test/java/docs/security/RememberMeSecurityConfigurationTests.java +++ b/docs/src/test/java/docs/security/RememberMeSecurityConfigurationTests.java @@ -16,18 +16,16 @@ package docs.security; -import java.net.HttpCookie; import java.time.Duration; import java.util.Base64; -import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.Cookie; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpHeaders; import org.springframework.session.Session; import org.springframework.session.SessionRepository; import org.springframework.session.web.http.SessionRepositoryFilter; @@ -81,7 +79,7 @@ public class RememberMeSecurityConfigurationTests { .andReturn(); // @formatter:on - HttpCookie cookie = getSessionCookie(result.getResponse()); + Cookie cookie = result.getResponse().getCookie("SESSION"); assertThat(cookie.getMaxAge()).isEqualTo(Integer.MAX_VALUE); T session = this.sessions .findById(new String(Base64.getDecoder().decode(cookie.getValue()))); @@ -90,14 +88,5 @@ public class RememberMeSecurityConfigurationTests { } - private HttpCookie getSessionCookie(HttpServletResponse response) { - for (HttpCookie cookie : HttpCookie.parse(response.getHeader(HttpHeaders.SET_COOKIE))) { - if ("SESSION".equals(cookie.getName())) { - return cookie; - } - } - return null; - } - } // end::class[] diff --git a/docs/src/test/java/docs/security/RememberMeSecurityConfigurationXmlTests.java b/docs/src/test/java/docs/security/RememberMeSecurityConfigurationXmlTests.java index c937a7c4..6e6237c1 100644 --- a/docs/src/test/java/docs/security/RememberMeSecurityConfigurationXmlTests.java +++ b/docs/src/test/java/docs/security/RememberMeSecurityConfigurationXmlTests.java @@ -16,18 +16,16 @@ package docs.security; -import java.net.HttpCookie; import java.time.Duration; import java.util.Base64; -import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.Cookie; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpHeaders; import org.springframework.session.Session; import org.springframework.session.SessionRepository; import org.springframework.session.web.http.SessionRepositoryFilter; @@ -81,7 +79,7 @@ public class RememberMeSecurityConfigurationXmlTests { .andReturn(); // @formatter:on - HttpCookie cookie = getSessionCookie(result.getResponse()); + Cookie cookie = result.getResponse().getCookie("SESSION"); assertThat(cookie.getMaxAge()).isEqualTo(Integer.MAX_VALUE); T session = this.sessions .findById(new String(Base64.getDecoder().decode(cookie.getValue()))); @@ -90,14 +88,5 @@ public class RememberMeSecurityConfigurationXmlTests { } - private HttpCookie getSessionCookie(HttpServletResponse response) { - for (HttpCookie cookie : HttpCookie.parse(response.getHeader(HttpHeaders.SET_COOKIE))) { - if ("SESSION".equals(cookie.getName())) { - return cookie; - } - } - return null; - } - } // end::class[] diff --git a/samples/boot/findbyusername/src/integration-test/java/sample/FindByUsernameTests.java b/samples/boot/findbyusername/src/integration-test/java/sample/FindByUsernameTests.java index 0cd39b68..8cb00a8c 100644 --- a/samples/boot/findbyusername/src/integration-test/java/sample/FindByUsernameTests.java +++ b/samples/boot/findbyusername/src/integration-test/java/sample/FindByUsernameTests.java @@ -16,20 +16,6 @@ package sample; -import java.io.IOException; -import java.net.HttpCookie; -import java.util.List; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpServletResponseWrapper; - import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -44,11 +30,8 @@ import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMock import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; import org.springframework.boot.test.context.TestConfiguration; -import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; -import org.springframework.core.Ordered; import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory; -import org.springframework.http.HttpHeaders; import org.springframework.test.context.junit4.SpringRunner; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder; @@ -113,62 +96,6 @@ public class FindByUsernameTests { redisContainer().getFirstMappedPort()); } - @Bean - public FilterRegistrationBean testFilter() { - FilterRegistrationBean registrationBean = new FilterRegistrationBean<>( - new SetCookieHandlerFilter()); - registrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); - return registrationBean; - } - - } - - private static class SetCookieHandlerFilter implements Filter { - - @Override - public void init(FilterConfig filterConfig) { - } - - @Override - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws IOException, ServletException { - final HttpServletResponse httpServletResponse = (HttpServletResponse) response; - HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper( - httpServletResponse) { - - @Override - public void addHeader(String name, String value) { - if (HttpHeaders.SET_COOKIE.equals(name)) { - List cookies = HttpCookie.parse(value); - if (!cookies.isEmpty()) { - addCookie(toServletCookie(cookies.get(0))); - } - } - super.setHeader(name, value); - } - - }; - - chain.doFilter(request, responseWrapper); - } - - @Override - public void destroy() { - } - - private static Cookie toServletCookie(HttpCookie httpCookie) { - Cookie cookie = new Cookie(httpCookie.getName(), httpCookie.getValue()); - String domain = httpCookie.getDomain(); - if (domain != null) { - cookie.setDomain(domain); - } - cookie.setMaxAge((int) httpCookie.getMaxAge()); - cookie.setPath(httpCookie.getPath()); - cookie.setSecure(httpCookie.getSecure()); - cookie.setHttpOnly(httpCookie.isHttpOnly()); - return cookie; - } - } } diff --git a/samples/boot/jdbc/src/integration-test/java/sample/BootTests.java b/samples/boot/jdbc/src/integration-test/java/sample/BootTests.java index d1ceb09d..29e95d23 100644 --- a/samples/boot/jdbc/src/integration-test/java/sample/BootTests.java +++ b/samples/boot/jdbc/src/integration-test/java/sample/BootTests.java @@ -16,20 +16,6 @@ package sample; -import java.io.IOException; -import java.net.HttpCookie; -import java.util.List; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpServletResponseWrapper; - import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -42,11 +28,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; -import org.springframework.boot.test.context.TestConfiguration; -import org.springframework.boot.web.servlet.FilterRegistrationBean; -import org.springframework.context.annotation.Bean; -import org.springframework.core.Ordered; -import org.springframework.http.HttpHeaders; import org.springframework.test.context.junit4.SpringRunner; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder; @@ -99,65 +80,4 @@ public class BootTests { login.assertAt(); } - @TestConfiguration - static class Config { - - @Bean - public FilterRegistrationBean testFilter() { - FilterRegistrationBean registrationBean = new FilterRegistrationBean<>( - new SetCookieHandlerFilter()); - registrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); - return registrationBean; - } - - } - - private static class SetCookieHandlerFilter implements Filter { - - @Override - public void init(FilterConfig filterConfig) { - } - - @Override - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws IOException, ServletException { - final HttpServletResponse httpServletResponse = (HttpServletResponse) response; - HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper( - httpServletResponse) { - - @Override - public void addHeader(String name, String value) { - if (HttpHeaders.SET_COOKIE.equals(name)) { - List cookies = HttpCookie.parse(value); - if (!cookies.isEmpty()) { - addCookie(toServletCookie(cookies.get(0))); - } - } - super.setHeader(name, value); - } - - }; - - chain.doFilter(request, responseWrapper); - } - - @Override - public void destroy() { - } - - private static Cookie toServletCookie(HttpCookie httpCookie) { - Cookie cookie = new Cookie(httpCookie.getName(), httpCookie.getValue()); - String domain = httpCookie.getDomain(); - if (domain != null) { - cookie.setDomain(domain); - } - cookie.setMaxAge((int) httpCookie.getMaxAge()); - cookie.setPath(httpCookie.getPath()); - cookie.setSecure(httpCookie.getSecure()); - cookie.setHttpOnly(httpCookie.isHttpOnly()); - return cookie; - } - - } - } diff --git a/samples/boot/redis-json/src/integration-test/java/sample/HttpRedisJsonTest.java b/samples/boot/redis-json/src/integration-test/java/sample/HttpRedisJsonTest.java index 7201ee3b..df607165 100644 --- a/samples/boot/redis-json/src/integration-test/java/sample/HttpRedisJsonTest.java +++ b/samples/boot/redis-json/src/integration-test/java/sample/HttpRedisJsonTest.java @@ -16,20 +16,8 @@ package sample; -import java.io.IOException; -import java.net.HttpCookie; import java.util.List; -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpServletResponseWrapper; - import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -45,11 +33,8 @@ import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMock import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; import org.springframework.boot.test.context.TestConfiguration; -import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; -import org.springframework.core.Ordered; import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory; -import org.springframework.http.HttpHeaders; import org.springframework.test.context.junit4.SpringRunner; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder; @@ -135,62 +120,6 @@ public class HttpRedisJsonTest { redisContainer().getFirstMappedPort()); } - @Bean - public FilterRegistrationBean testFilter() { - FilterRegistrationBean registrationBean = new FilterRegistrationBean<>( - new SetCookieHandlerFilter()); - registrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); - return registrationBean; - } - - } - - private static class SetCookieHandlerFilter implements Filter { - - @Override - public void init(FilterConfig filterConfig) { - } - - @Override - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws IOException, ServletException { - final HttpServletResponse httpServletResponse = (HttpServletResponse) response; - HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper( - httpServletResponse) { - - @Override - public void addHeader(String name, String value) { - if (HttpHeaders.SET_COOKIE.equals(name)) { - List cookies = HttpCookie.parse(value); - if (!cookies.isEmpty()) { - addCookie(toServletCookie(cookies.get(0))); - } - } - super.setHeader(name, value); - } - - }; - - chain.doFilter(request, responseWrapper); - } - - @Override - public void destroy() { - } - - private static Cookie toServletCookie(HttpCookie httpCookie) { - Cookie cookie = new Cookie(httpCookie.getName(), httpCookie.getValue()); - String domain = httpCookie.getDomain(); - if (domain != null) { - cookie.setDomain(domain); - } - cookie.setMaxAge((int) httpCookie.getMaxAge()); - cookie.setPath(httpCookie.getPath()); - cookie.setSecure(httpCookie.getSecure()); - cookie.setHttpOnly(httpCookie.isHttpOnly()); - return cookie; - } - } } diff --git a/samples/boot/redis/src/integration-test/java/sample/BootTests.java b/samples/boot/redis/src/integration-test/java/sample/BootTests.java index 60b4af4d..7127d22f 100644 --- a/samples/boot/redis/src/integration-test/java/sample/BootTests.java +++ b/samples/boot/redis/src/integration-test/java/sample/BootTests.java @@ -16,20 +16,6 @@ package sample; -import java.io.IOException; -import java.net.HttpCookie; -import java.util.List; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpServletResponseWrapper; - import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -44,11 +30,8 @@ import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMock import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; import org.springframework.boot.test.context.TestConfiguration; -import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; -import org.springframework.core.Ordered; import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory; -import org.springframework.http.HttpHeaders; import org.springframework.test.context.junit4.SpringRunner; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder; @@ -119,62 +102,6 @@ public class BootTests { redisContainer().getFirstMappedPort()); } - @Bean - public FilterRegistrationBean testFilter() { - FilterRegistrationBean registrationBean = new FilterRegistrationBean<>( - new SetCookieHandlerFilter()); - registrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); - return registrationBean; - } - - } - - private static class SetCookieHandlerFilter implements Filter { - - @Override - public void init(FilterConfig filterConfig) { - } - - @Override - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws IOException, ServletException { - final HttpServletResponse httpServletResponse = (HttpServletResponse) response; - HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper( - httpServletResponse) { - - @Override - public void addHeader(String name, String value) { - if (HttpHeaders.SET_COOKIE.equals(name)) { - List cookies = HttpCookie.parse(value); - if (!cookies.isEmpty()) { - addCookie(toServletCookie(cookies.get(0))); - } - } - super.setHeader(name, value); - } - - }; - - chain.doFilter(request, responseWrapper); - } - - @Override - public void destroy() { - } - - private static Cookie toServletCookie(HttpCookie httpCookie) { - Cookie cookie = new Cookie(httpCookie.getName(), httpCookie.getValue()); - String domain = httpCookie.getDomain(); - if (domain != null) { - cookie.setDomain(domain); - } - cookie.setMaxAge((int) httpCookie.getMaxAge()); - cookie.setPath(httpCookie.getPath()); - cookie.setSecure(httpCookie.getSecure()); - cookie.setHttpOnly(httpCookie.isHttpOnly()); - return cookie; - } - } } diff --git a/spring-session-core/src/test/java/org/springframework/session/web/http/CookieHttpSessionIdResolverTests.java b/spring-session-core/src/test/java/org/springframework/session/web/http/CookieHttpSessionIdResolverTests.java index b13187bd..622815cc 100644 --- a/spring-session-core/src/test/java/org/springframework/session/web/http/CookieHttpSessionIdResolverTests.java +++ b/spring-session-core/src/test/java/org/springframework/session/web/http/CookieHttpSessionIdResolverTests.java @@ -18,14 +18,12 @@ package org.springframework.session.web.http; import java.util.Base64; import java.util.Collections; -import java.util.List; import javax.servlet.http.Cookie; import org.junit.Before; import org.junit.Test; -import org.springframework.http.ResponseCookie; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.session.MapSession; @@ -85,7 +83,7 @@ public class CookieHttpSessionIdResolverTests { this.strategy.setSessionId(this.request, this.response, this.session.getId()); this.strategy.setSessionId(this.request, this.response, this.session.getId()); - assertThat(this.response.getHeaders("Set-Cookie")).hasSize(1); + assertThat(this.response.getCookies()).hasSize(1); } @Test @@ -95,12 +93,11 @@ public class CookieHttpSessionIdResolverTests { this.strategy.setSessionId(this.request, this.response, this.session.getId()); this.strategy.setSessionId(this.request, this.response, newSession.getId()); - List cookies = ResponseCookieParser.parse(this.response); + Cookie[] cookies = this.response.getCookies(); assertThat(cookies).hasSize(2); - assertThat(base64Decode(cookies.get(0).getValue())) - .isEqualTo(this.session.getId()); - assertThat(base64Decode(cookies.get(1).getValue())).isEqualTo(newSession.getId()); + assertThat(base64Decode(cookies[0].getValue())).isEqualTo(this.session.getId()); + assertThat(base64Decode(cookies[1].getValue())).isEqualTo(newSession.getId()); } @Test @@ -108,7 +105,7 @@ public class CookieHttpSessionIdResolverTests { this.request.setContextPath("/somethingunique"); this.strategy.setSessionId(this.request, this.response, this.session.getId()); - ResponseCookie sessionCookie = getCookie(); + Cookie sessionCookie = this.response.getCookie(this.cookieName); assertThat(sessionCookie.getPath()) .isEqualTo(this.request.getContextPath() + "/"); } @@ -131,7 +128,7 @@ public class CookieHttpSessionIdResolverTests { this.request.setContextPath("/somethingunique"); this.strategy.expireSession(this.request, this.response); - ResponseCookie sessionCookie = getCookie(); + Cookie sessionCookie = this.response.getCookie(this.cookieName); assertThat(sessionCookie.getPath()) .isEqualTo(this.request.getContextPath() + "/"); } @@ -176,12 +173,8 @@ public class CookieHttpSessionIdResolverTests { this.request.setCookies(new Cookie(this.cookieName, base64Encode(value))); } - private ResponseCookie getCookie() { - return ResponseCookieParser.parse(this.response, this.cookieName); - } - private String getSessionId() { - return base64Decode(getCookie().getValue()); + return base64Decode(this.response.getCookie(this.cookieName).getValue()); } private static String base64Encode(String value) { diff --git a/spring-session-core/src/test/java/org/springframework/session/web/http/DefaultCookieSerializerTests.java b/spring-session-core/src/test/java/org/springframework/session/web/http/DefaultCookieSerializerTests.java index 97c8a176..ad22e16a 100644 --- a/spring-session-core/src/test/java/org/springframework/session/web/http/DefaultCookieSerializerTests.java +++ b/spring-session-core/src/test/java/org/springframework/session/web/http/DefaultCookieSerializerTests.java @@ -26,7 +26,7 @@ import org.junit.runner.RunWith; import org.junit.runners.Parameterized; import org.junit.runners.Parameterized.Parameters; -import org.springframework.http.ResponseCookie; +import org.springframework.mock.web.MockCookie; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.session.web.http.CookieSerializer.CookieValue; @@ -325,7 +325,7 @@ public class DefaultCookieSerializerTests { public void writeCookieCookieMaxAgeDefault() { this.serializer.writeCookieValue(cookieValue(this.sessionId)); - assertThat(getCookie().getMaxAge().getSeconds()).isEqualTo(-1); + assertThat(getCookie().getMaxAge()).isEqualTo(-1); } @Test @@ -334,7 +334,7 @@ public class DefaultCookieSerializerTests { this.serializer.writeCookieValue(cookieValue(this.sessionId)); - assertThat(getCookie().getMaxAge().getSeconds()).isEqualTo(100); + assertThat(getCookie().getMaxAge()).isEqualTo(100); } @Test @@ -343,7 +343,7 @@ public class DefaultCookieSerializerTests { this.serializer.writeCookieValue(cookieValue("")); - assertThat(getCookie().getMaxAge().getSeconds()).isEqualTo(0); + assertThat(getCookie().getMaxAge()).isEqualTo(0); } @Test @@ -353,7 +353,7 @@ public class DefaultCookieSerializerTests { this.serializer.writeCookieValue(cookieValue); - assertThat(getCookie().getMaxAge().getSeconds()).isEqualTo(100); + assertThat(getCookie().getMaxAge()).isEqualTo(100); } // --- secure --- @@ -362,7 +362,7 @@ public class DefaultCookieSerializerTests { public void writeCookieDefaultInsecureRequest() { this.serializer.writeCookieValue(cookieValue(this.sessionId)); - assertThat(getCookie().isSecure()).isFalse(); + assertThat(getCookie().getSecure()).isFalse(); } @Test @@ -372,7 +372,7 @@ public class DefaultCookieSerializerTests { this.serializer.writeCookieValue(cookieValue(this.sessionId)); - assertThat(getCookie().isSecure()).isTrue(); + assertThat(getCookie().getSecure()).isTrue(); } @Test @@ -381,7 +381,7 @@ public class DefaultCookieSerializerTests { this.serializer.writeCookieValue(cookieValue(this.sessionId)); - assertThat(getCookie().isSecure()).isTrue(); + assertThat(getCookie().getSecure()).isTrue(); } @Test @@ -391,7 +391,7 @@ public class DefaultCookieSerializerTests { this.serializer.writeCookieValue(cookieValue(this.sessionId)); - assertThat(getCookie().isSecure()).isFalse(); + assertThat(getCookie().getSecure()).isFalse(); } @Test @@ -400,7 +400,7 @@ public class DefaultCookieSerializerTests { this.serializer.writeCookieValue(cookieValue(this.sessionId)); - assertThat(getCookie().isSecure()).isFalse(); + assertThat(getCookie().getSecure()).isFalse(); } // --- jvmRoute --- @@ -453,7 +453,7 @@ public class DefaultCookieSerializerTests { this.serializer.setRememberMeRequestAttribute("rememberMe"); this.serializer.writeCookieValue(cookieValue(this.sessionId)); - assertThat(getCookie().getMaxAge().getSeconds()).isEqualTo(Integer.MAX_VALUE); + assertThat(getCookie().getMaxAge()).isEqualTo(Integer.MAX_VALUE); } @Test @@ -464,7 +464,7 @@ public class DefaultCookieSerializerTests { cookieValue.setCookieMaxAge(100); this.serializer.writeCookieValue(cookieValue); - assertThat(getCookie().getMaxAge().getSeconds()).isEqualTo(100); + assertThat(getCookie().getMaxAge()).isEqualTo(100); } // --- sameSite --- @@ -512,8 +512,8 @@ public class DefaultCookieSerializerTests { return new Cookie(name, value); } - private ResponseCookie getCookie() { - return ResponseCookieParser.parse(this.response, this.cookieName); + private MockCookie getCookie() { + return (MockCookie) this.response.getCookie(this.cookieName); } private String getCookieValue() { @@ -521,6 +521,9 @@ public class DefaultCookieSerializerTests { if (!this.useBase64Encoding) { return value; } + if (value == null) { + return null; + } return new String(Base64.getDecoder().decode(value)); } diff --git a/spring-session-core/src/test/java/org/springframework/session/web/http/ResponseCookieParser.java b/spring-session-core/src/test/java/org/springframework/session/web/http/ResponseCookieParser.java deleted file mode 100644 index a9abe5cc..00000000 --- a/spring-session-core/src/test/java/org/springframework/session/web/http/ResponseCookieParser.java +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright 2014-2018 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.session.web.http; - -import java.util.ArrayList; -import java.util.List; - -import javax.servlet.http.HttpServletResponse; - -import org.springframework.http.HttpHeaders; -import org.springframework.http.ResponseCookie; -import org.springframework.lang.NonNull; - -final class ResponseCookieParser { - - private ResponseCookieParser() { - } - - static List parse(HttpServletResponse response) { - return doParse(response, null); - } - - static ResponseCookie parse(HttpServletResponse response, String cookieName) { - List responseCookies = doParse(response, cookieName); - return (!responseCookies.isEmpty() ? responseCookies.get(0) : null); - } - - @NonNull - private static List doParse(HttpServletResponse response, - String cookieName) { - List responseCookies = new ArrayList<>(); - for (String setCookieHeader : response.getHeaders(HttpHeaders.SET_COOKIE)) { - String[] cookieParts = setCookieHeader.split("\\s*=\\s*", 2); - if (cookieParts.length != 2) { - return null; - } - String name = cookieParts[0]; - if (cookieName != null && !name.equals(cookieName)) { - continue; - } - String[] valueAndDirectives = cookieParts[1].split("\\s*;\\s*", 2); - String value = valueAndDirectives[0]; - String[] directives = valueAndDirectives[1].split("\\s*;\\s*"); - String domain = null; - int maxAge = -1; - String path = null; - boolean secure = false; - boolean httpOnly = false; - String sameSite = null; - for (String directive : directives) { - if (directive.startsWith("Domain")) { - domain = directive.split("=")[1]; - } - if (directive.startsWith("Max-Age")) { - maxAge = Integer.parseInt(directive.split("=")[1]); - } - if (directive.startsWith("Path")) { - path = directive.split("=")[1]; - } - if (directive.startsWith("Secure")) { - secure = true; - } - if (directive.startsWith("HttpOnly")) { - httpOnly = true; - } - if (directive.startsWith("SameSite")) { - sameSite = directive.split("=")[1]; - } - } - responseCookies.add(ResponseCookie.from(name, value).maxAge(maxAge).path(path) - .domain(domain).secure(secure).httpOnly(httpOnly).sameSite(sameSite) - .build()); - } - return responseCookies; - } - -} diff --git a/spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java b/spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java index 42e8e1c1..cd1fad20 100644 --- a/spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java +++ b/spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java @@ -51,7 +51,6 @@ import org.mockito.junit.MockitoJUnitRunner; import org.springframework.core.Ordered; import org.springframework.core.annotation.AnnotationAwareOrderComparator; -import org.springframework.http.ResponseCookie; import org.springframework.mock.web.MockFilterChain; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; @@ -424,7 +423,7 @@ public class SessionRepositoryFilterTests { } }); - assertThat(getSessionCookie()).isNull(); + assertThat(this.response.getCookie("SESSION")).isNull(); } @Test @@ -442,7 +441,7 @@ public class SessionRepositoryFilterTests { wrappedRequest.getSession(); } }); - assertThat(getSessionCookie()).isNotNull(); + assertThat(this.response.getCookie("SESSION")).isNotNull(); nextRequest(); @@ -454,7 +453,7 @@ public class SessionRepositoryFilterTests { } }); - assertThat(getSessionCookie()).isNotNull(); + assertThat(this.response.getCookie("SESSION")).isNotNull(); } @Test @@ -654,10 +653,10 @@ public class SessionRepositoryFilterTests { } }); - ResponseCookie session = getSessionCookie(); + Cookie session = getSessionCookie(); assertThat(session.isHttpOnly()).describedAs("Session Cookie should be HttpOnly") .isTrue(); - assertThat(session.isSecure()) + assertThat(session.getSecure()) .describedAs("Session Cookie should be marked as Secure").isTrue(); } @@ -1510,13 +1509,13 @@ public class SessionRepositoryFilterTests { // --- helper methods private void assertNewSession() { - ResponseCookie cookie = getSessionCookie(); + Cookie cookie = getSessionCookie(); assertThat(cookie).isNotNull(); - assertThat(cookie.getMaxAge().getSeconds()).isEqualTo(-1); + assertThat(cookie.getMaxAge()).isEqualTo(-1); assertThat(cookie.getValue()).isNotEqualTo("INVALID"); assertThat(cookie.isHttpOnly()).describedAs("Cookie is expected to be HTTP Only") .isTrue(); - assertThat(cookie.isSecure()) + assertThat(cookie.getSecure()) .describedAs( "Cookie secured is expected to be " + this.request.isSecure()) .isEqualTo(this.request.isSecure()); @@ -1526,15 +1525,15 @@ public class SessionRepositoryFilterTests { } private void assertNoSession() { - ResponseCookie cookie = getSessionCookie(); + Cookie cookie = getSessionCookie(); assertThat(cookie).isNull(); assertThat(this.request.getSession(false)) .describedAs("The original HttpServletRequest HttpSession should be null") .isNull(); } - private ResponseCookie getSessionCookie() { - return ResponseCookieParser.parse(this.response, "SESSION"); + private Cookie getSessionCookie() { + return this.response.getCookie("SESSION"); } private void setSessionCookie(String sessionId) { @@ -1557,9 +1556,6 @@ public class SessionRepositoryFilterTests { for (Cookie cookie : this.response.getCookies()) { nameToCookie.put(cookie.getName(), cookie); } - ResponseCookieParser.parse(this.response) - .forEach((responseCookie) -> nameToCookie.put(responseCookie.getName(), - toServletCookie(responseCookie))); Cookie[] nextRequestCookies = new ArrayList<>(nameToCookie.values()) .toArray(new Cookie[0]); @@ -1590,19 +1586,6 @@ public class SessionRepositoryFilterTests { return new String(Base64.getDecoder().decode(value)); } - private static Cookie toServletCookie(ResponseCookie responseCookie) { - Cookie cookie = new Cookie(responseCookie.getName(), responseCookie.getValue()); - String domain = responseCookie.getDomain(); - if (domain != null) { - cookie.setDomain(domain); - } - cookie.setMaxAge((int) responseCookie.getMaxAge().getSeconds()); - cookie.setPath(responseCookie.getPath()); - cookie.setSecure(responseCookie.isSecure()); - cookie.setHttpOnly(responseCookie.isHttpOnly()); - return cookie; - } - private static class SessionRepositoryFilterDefaultOrder implements Ordered { @Override