Improve DefaultCookieSerializer auto-configuration

Spring Session's own configuration support (i.e. SpringHttpSessionConfiguration) will configure the default DefaultCookieSerializer with rememberMeRequestAttribute if SpringSessionRememberMeServices bean has been detected in the application context. In contrast, Spring Boot's auto-configured DefaultCookieSerializer does not do this which results in a different out-of-the-box experience for users that rely on Spring Session's remember-me integration. This commit improves Spring Session DefaultCookieSerializer auto-configuration to match Spring Session's behavior and make the auto-configured DefaultCookieSerializer aware of SpringSessionRememberMeServices bean. See gh-16513

Improve DefaultCookieSerializer auto-configuration
Spring Session's own configuration support (i.e. SpringHttpSessionConfiguration) will configure the default DefaultCookieSerializer with rememberMeRequestAttribute if SpringSessionRememberMeServices bean has been detected in the application context. In contrast, Spring Boot's auto-configured DefaultCookieSerializer does not do this which results in a different out-of-the-box experience for users that rely on Spring Session's remember-me integration. This commit improves Spring Session DefaultCookieSerializer auto-configuration to match Spring Session's behavior and make the auto-configured DefaultCookieSerializer aware of SpringSessionRememberMeServices bean. See gh-16513
5e025411 · Vedran Pavic · Stephane Nicoll · 50bcfd25 · 5e025411 · 5e025411
Commit 5e025411 authored Apr 10, 2019 by Vedran Pavic Committed by Stephane Nicoll Apr 19, 2019
Showing with 39 additions and 0 deletions

SessionAutoConfiguration.java .../boot/autoconfigure/session/SessionAutoConfiguration.java +13 -0

SessionAutoConfigurationTests.java .../autoconfigure/session/SessionAutoConfigurationTests.java +26 -0

No files found.
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java
@@ -56,6 +56,7 @@ import org.springframework.core.type.AnnotationMetadata;
 import org.springframework.session.ReactiveSessionRepository;
 import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
+import org.springframework.session.security.web.authentication.SpringSessionRememberMeServices;
 import org.springframework.session.web.http.CookieHttpSessionIdResolver;
 import org.springframework.session.web.http.CookieSerializer;
 import org.springframework.session.web.http.DefaultCookieSerializer;
@@ -89,6 +90,14 @@ public class SessionAutoConfiguration {
 			SessionRepositoryFilterConfiguration.class })
 	static class ServletSessionConfiguration {

+		private final SpringSessionRememberMeServices springSessionRememberMeServices;
+
+		ServletSessionConfiguration(
+				ObjectProvider<SpringSessionRememberMeServices> springSessionRememberMeServices) {
+			this.springSessionRememberMeServices = springSessionRememberMeServices
+					.getIfAvailable();
+		}
+
 		@Bean
 		@Conditional(DefaultCookieSerializerCondition.class)
 		public DefaultCookieSerializer cookieSerializer(
@@ -103,6 +112,10 @@ public class SessionAutoConfiguration {
 			map.from(cookie::getSecure).to(cookieSerializer::setUseSecureCookie);
 			map.from(cookie::getMaxAge).to((maxAge) -> cookieSerializer
 					.setCookieMaxAge((int) maxAge.getSeconds()));
+			if (this.springSessionRememberMeServices != null) {
+				cookieSerializer.setRememberMeRequestAttribute(
+						SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR);
+			}
 			return cookieSerializer;
 		}


--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java
@@ -34,6 +34,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.session.MapSessionRepository;
 import org.springframework.session.SessionRepository;
 import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
+import org.springframework.session.security.web.authentication.SpringSessionRememberMeServices;
 import org.springframework.session.web.http.CookieHttpSessionIdResolver;
 import org.springframework.session.web.http.DefaultCookieSerializer;
 import org.springframework.session.web.http.HeaderHttpSessionIdResolver;
@@ -245,6 +246,19 @@ public class SessionAutoConfigurationTests extends AbstractSessionAutoConfigurat
 						context.getBeansOfType(DefaultCookieSerializer.class)).isEmpty());
 	}

+	@Test
+	public void autoConfiguredCookieSerializerIsConfiguredWithRememberMeRequestAttribute() {
+		this.contextRunner
+				.withUserConfiguration(SpringSessionRememberMeServicesConfiguration.class)
+				.run((context) -> {
+					DefaultCookieSerializer cookieSerializer = context
+							.getBean(DefaultCookieSerializer.class);
+					assertThat(cookieSerializer).hasFieldOrPropertyWithValue(
+							"rememberMeRequestAttribute",
+							SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR);
+				});
+	}
+
 	@Configuration
 	@EnableSpringHttpSession
 	static class SessionRepositoryConfiguration {
@@ -309,4 +323,16 @@ public class SessionAutoConfigurationTests extends AbstractSessionAutoConfigurat

 	}

+	@Configuration
+	@EnableSpringHttpSession
+	static class SpringSessionRememberMeServicesConfiguration
+			extends SessionRepositoryConfiguration {
+
+		@Bean
+		public SpringSessionRememberMeServices rememberMeServices() {
+			return new SpringSessionRememberMeServices();
+		}
+
+	}
+
 }