Skip to content

S
spring-boot
Commit ab8e4d59 authored by Andy Wilkinson's avatar Andy Wilkinson
Browse files
Options

Merge pull request #15163 from Vedran Pavic 

* gh-15163:
  Polish "Auto-configure Spring Session's cookie serializer"
  Auto-configure Spring Session's cookie serializer
parents 516d0eff 9553d4f6
Hide whitespace changes
Inline Side-by-side
Showing with 182 additions and 22 deletions
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java
View file @ ab8e4d59
...@@ -28,6 +28,8 @@ import org.springframework.boot.WebApplicationType; ...@@ -28,6 +28,8 @@ import org.springframework.boot.WebApplicationType;
import org.springframework.boot.autoconfigure.AutoConfigureAfter; import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.AutoConfigureBefore; import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.condition.AnyNestedCondition;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
...@@ -39,9 +41,14 @@ import org.springframework.boot.autoconfigure.data.redis.RedisReactiveAutoConfig ...@@ -39,9 +41,14 @@ import org.springframework.boot.autoconfigure.data.redis.RedisReactiveAutoConfig
import org.springframework.boot.autoconfigure.hazelcast.HazelcastAutoConfiguration; import org.springframework.boot.autoconfigure.hazelcast.HazelcastAutoConfiguration;
import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
import org.springframework.boot.autoconfigure.jdbc.JdbcTemplateAutoConfiguration; import org.springframework.boot.autoconfigure.jdbc.JdbcTemplateAutoConfiguration;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.autoconfigure.web.reactive.HttpHandlerAutoConfiguration; import org.springframework.boot.autoconfigure.web.reactive.HttpHandlerAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.context.properties.PropertyMapper;
import org.springframework.boot.web.servlet.server.Session.Cookie;
import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import; import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.ImportSelector; import org.springframework.context.annotation.ImportSelector;
...@@ -49,6 +56,10 @@ import org.springframework.core.type.AnnotationMetadata; ...@@ -49,6 +56,10 @@ import org.springframework.core.type.AnnotationMetadata;
import org.springframework.session.ReactiveSessionRepository; import org.springframework.session.ReactiveSessionRepository;
import org.springframework.session.Session; import org.springframework.session.Session;
import org.springframework.session.SessionRepository; import org.springframework.session.SessionRepository;
import org.springframework.session.web.http.CookieHttpSessionIdResolver;
import org.springframework.session.web.http.CookieSerializer;
import org.springframework.session.web.http.DefaultCookieSerializer;
import org.springframework.session.web.http.HttpSessionIdResolver;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
/** /**
...@@ -64,7 +75,7 @@ import org.springframework.util.StringUtils; ...@@ -64,7 +75,7 @@ import org.springframework.util.StringUtils;
@Configuration @Configuration
@ConditionalOnClass(Session.class) @ConditionalOnClass(Session.class)
@ConditionalOnWebApplication @ConditionalOnWebApplication
@EnableConfigurationProperties(SessionProperties.class) @EnableConfigurationProperties({ ServerProperties.class, SessionProperties.class })
@AutoConfigureAfter({ DataSourceAutoConfiguration.class, HazelcastAutoConfiguration.class, @AutoConfigureAfter({ DataSourceAutoConfiguration.class, HazelcastAutoConfiguration.class,
JdbcTemplateAutoConfiguration.class, MongoDataAutoConfiguration.class, JdbcTemplateAutoConfiguration.class, MongoDataAutoConfiguration.class,
MongoReactiveDataAutoConfiguration.class, RedisAutoConfiguration.class, MongoReactiveDataAutoConfiguration.class, RedisAutoConfiguration.class,
...@@ -78,6 +89,23 @@ public class SessionAutoConfiguration { ...@@ -78,6 +89,23 @@ public class SessionAutoConfiguration {
SessionRepositoryFilterConfiguration.class }) SessionRepositoryFilterConfiguration.class })
static class ServletSessionConfiguration { static class ServletSessionConfiguration {
@Bean
@Conditional(DefaultCookieSerializerCondition.class)
public DefaultCookieSerializer cookieSerializer(
ServerProperties serverProperties) {
Cookie cookie = serverProperties.getServlet().getSession().getCookie();
DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
map.from(cookie::getName).to(cookieSerializer::setCookieName);
map.from(cookie::getDomain).to(cookieSerializer::setDomainName);
map.from(cookie::getPath).to(cookieSerializer::setCookiePath);
map.from(cookie::getHttpOnly).to(cookieSerializer::setUseHttpOnlyCookie);
map.from(cookie::getSecure).to(cookieSerializer::setUseSecureCookie);
map.from(cookie::getMaxAge).to((maxAge) -> cookieSerializer
.setCookieMaxAge((int) maxAge.getSeconds()));
return cookieSerializer;
}
@Configuration @Configuration
@ConditionalOnMissingBean(SessionRepository.class) @ConditionalOnMissingBean(SessionRepository.class)
@Import({ ServletSessionRepositoryImplementationValidator.class, @Import({ ServletSessionRepositoryImplementationValidator.class,
...@@ -103,6 +131,31 @@ public class SessionAutoConfiguration { ...@@ -103,6 +131,31 @@ public class SessionAutoConfiguration {
} }
/**
* Condition to trigger the creation of a {@link DefaultCookieSerializer}. This kicks
* in if either no {@link HttpSessionIdResolver} and {@link CookieSerializer} beans
* are registered, or if {@link CookieHttpSessionIdResolver} is registered but
* {@link CookieSerializer} is not.
*/
static class DefaultCookieSerializerCondition extends AnyNestedCondition {
DefaultCookieSerializerCondition() {
super(ConfigurationPhase.REGISTER_BEAN);
}
@ConditionalOnMissingBean({ HttpSessionIdResolver.class, CookieSerializer.class })
static class NoComponentsAvailable {
}
@ConditionalOnBean(CookieHttpSessionIdResolver.class)
@ConditionalOnMissingBean(CookieSerializer.class)
static class CookieHttpSessionIdResolverAvailable {
}
}
/** /**
* {@link ImportSelector} base class to add {@link StoreType} configuration classes. * {@link ImportSelector} base class to add {@link StoreType} configuration classes.
*/ */
......
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java
View file @ ab8e4d59
...@@ -26,11 +26,9 @@ import org.junit.Test; ...@@ -26,11 +26,9 @@ import org.junit.Test;
import org.springframework.boot.autoconfigure.AutoConfigurations; import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.autoconfigure.web.ServerProperties; import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.autoconfigure.web.servlet.ServletWebServerFactoryAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.runner.WebApplicationContextRunner; import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.session.MapSessionRepository; import org.springframework.session.MapSessionRepository;
...@@ -38,10 +36,13 @@ import org.springframework.session.SessionRepository; ...@@ -38,10 +36,13 @@ import org.springframework.session.SessionRepository;
import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession; import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
import org.springframework.session.web.http.CookieHttpSessionIdResolver; import org.springframework.session.web.http.CookieHttpSessionIdResolver;
import org.springframework.session.web.http.DefaultCookieSerializer; import org.springframework.session.web.http.DefaultCookieSerializer;
import org.springframework.session.web.http.HeaderHttpSessionIdResolver;
import org.springframework.session.web.http.HttpSessionIdResolver;
import org.springframework.session.web.http.SessionRepositoryFilter; import org.springframework.session.web.http.SessionRepositoryFilter;
import org.springframework.test.util.ReflectionTestUtils; import org.springframework.test.util.ReflectionTestUtils;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
/** /**
* Tests for {@link SessionAutoConfiguration}. * Tests for {@link SessionAutoConfiguration}.
...@@ -165,25 +166,83 @@ public class SessionAutoConfigurationTests extends AbstractSessionAutoConfigurat ...@@ -165,25 +166,83 @@ public class SessionAutoConfigurationTests extends AbstractSessionAutoConfigurat
} }
@Test @Test
public void sessionCookieConfigurationIsPickedUp() { public void sessionCookieConfigurationIsAppliedToAutoConfiguredCookieSerializer() {
WebApplicationContextRunner webRunner = new WebApplicationContextRunner( this.contextRunner.withUserConfiguration(SessionRepositoryConfiguration.class)
AnnotationConfigServletWebServerApplicationContext::new) .withPropertyValues("server.servlet.session.cookie.name=sid",
.withConfiguration(AutoConfigurations "server.servlet.session.cookie.domain=spring",
.of(ServletWebServerFactoryAutoConfiguration.class)) "server.servlet.session.cookie.path=/test",
.withUserConfiguration(SessionRepositoryConfiguration.class) "server.servlet.session.cookie.httpOnly=false",
.withPropertyValues("server.port=0", "server.servlet.session.cookie.secure=false",
"server.servlet.session.cookie.name=testname"); "server.servlet.session.cookie.maxAge=10s")
webRunner.run((context) -> { .run((context) -> {
SessionRepositoryFilter<?> filter = context DefaultCookieSerializer cookieSerializer = context
.getBean(SessionRepositoryFilter.class); .getBean(DefaultCookieSerializer.class);
CookieHttpSessionIdResolver sessionIdResolver = (CookieHttpSessionIdResolver) ReflectionTestUtils assertThat(cookieSerializer).hasFieldOrPropertyWithValue("cookieName",
.getField(filter, "httpSessionIdResolver"); "sid");
DefaultCookieSerializer cookieSerializer = (DefaultCookieSerializer) ReflectionTestUtils assertThat(cookieSerializer).hasFieldOrPropertyWithValue("domainName",
.getField(sessionIdResolver, "cookieSerializer"); "spring");
String cookieName = (String) ReflectionTestUtils.getField(cookieSerializer, assertThat(cookieSerializer).hasFieldOrPropertyWithValue("cookiePath",
"cookieName"); "/test");
assertThat(cookieName).isEqualTo("testname"); assertThat(cookieSerializer)
}); .hasFieldOrPropertyWithValue("useHttpOnlyCookie", false);
assertThat(cookieSerializer)
.hasFieldOrPropertyWithValue("useSecureCookie", false);
assertThat(cookieSerializer)
.hasFieldOrPropertyWithValue("cookieMaxAge", 10);
});
}
@Test
public void autoConfiguredCookieSerializerIsUsedBySessionRepositoryFilter() {
this.contextRunner.withUserConfiguration(SessionRepositoryConfiguration.class)
.withPropertyValues("server.port=0").run((context) -> {
SessionRepositoryFilter<?> filter = context
.getBean(SessionRepositoryFilter.class);
CookieHttpSessionIdResolver sessionIdResolver = (CookieHttpSessionIdResolver) ReflectionTestUtils
.getField(filter, "httpSessionIdResolver");
DefaultCookieSerializer cookieSerializer = (DefaultCookieSerializer) ReflectionTestUtils
.getField(sessionIdResolver, "cookieSerializer");
assertThat(cookieSerializer)
.isSameAs(context.getBean(DefaultCookieSerializer.class));
});
}
@Test
public void autoConfiguredCookieSerializerBacksOffWhenUserConfiguresACookieSerializer() {
this.contextRunner
.withUserConfiguration(UserProvidedCookieSerializerConfiguration.class)
.run((context) -> {
assertThat(context).hasSingleBean(DefaultCookieSerializer.class);
assertThat(context).hasBean("myCookieSerializer");
});
}
@Test
public void cookiesSerializerIsAutoConfiguredWhenUserConfiguresCookieHttpSessionIdResolver() {
this.contextRunner
.withUserConfiguration(
UserProvidedCookieHttpSessionStrategyConfiguration.class)
.run((context) -> assertThat(
context.getBeansOfType(DefaultCookieSerializer.class))
.isNotEmpty());
}
@Test
public void autoConfiguredCookieSerializerBacksOffWhenUserConfiguresHeaderHttpSessionIdResolver() {
this.contextRunner
.withUserConfiguration(
UserProvidedHeaderHttpSessionStrategyConfiguration.class)
.run((context) -> assertThat(
context.getBeansOfType(DefaultCookieSerializer.class)).isEmpty());
}
@Test
public void autoConfiguredCookieSerializerBacksOffWhenUserConfiguresCustomHttpSessionIdResolver() {
this.contextRunner
.withUserConfiguration(
UserProvidedCustomHttpSessionStrategyConfiguration.class)
.run((context) -> assertThat(
context.getBeansOfType(DefaultCookieSerializer.class)).isEmpty());
} }
@Configuration @Configuration
...@@ -202,4 +261,52 @@ public class SessionAutoConfigurationTests extends AbstractSessionAutoConfigurat ...@@ -202,4 +261,52 @@ public class SessionAutoConfigurationTests extends AbstractSessionAutoConfigurat
} }
@Configuration
@EnableSpringHttpSession
static class UserProvidedCookieSerializerConfiguration
extends SessionRepositoryConfiguration {
@Bean
public DefaultCookieSerializer myCookieSerializer() {
return new DefaultCookieSerializer();
}
}
@Configuration
@EnableSpringHttpSession
static class UserProvidedCookieHttpSessionStrategyConfiguration
extends SessionRepositoryConfiguration {
@Bean
public CookieHttpSessionIdResolver httpSessionStrategy() {
return new CookieHttpSessionIdResolver();
}
}
@Configuration
@EnableSpringHttpSession
static class UserProvidedHeaderHttpSessionStrategyConfiguration
extends SessionRepositoryConfiguration {
@Bean
public HeaderHttpSessionIdResolver httpSessionStrategy() {
return HeaderHttpSessionIdResolver.xAuthToken();
}
}
@Configuration
@EnableSpringHttpSession
static class UserProvidedCustomHttpSessionStrategyConfiguration
extends SessionRepositoryConfiguration {
@Bean
public HttpSessionIdResolver httpSessionStrategy() {
return mock(HttpSessionIdResolver.class);
}
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment