Merge branch '2.1.x'

Closes gh-16992
pull/17002/head
Phillip Webb 6 years ago
commit 6e9f2e42af

@ -61,6 +61,7 @@ import org.springframework.session.web.http.CookieHttpSessionIdResolver;
import org.springframework.session.web.http.CookieSerializer;
import org.springframework.session.web.http.DefaultCookieSerializer;
import org.springframework.session.web.http.HttpSessionIdResolver;
import org.springframework.util.ClassUtils;
/**
* {@link EnableAutoConfiguration Auto-configuration} for Spring Session.
@ -83,6 +84,8 @@ import org.springframework.session.web.http.HttpSessionIdResolver;
@AutoConfigureBefore(HttpHandlerAutoConfiguration.class)
public class SessionAutoConfiguration {
private static final String REMEMBER_ME_SERVICES_CLASS = "org.springframework.security.web.authentication.RememberMeServices";
@Configuration(proxyBeanMethods = false)
@ConditionalOnWebApplication(type = Type.SERVLET)
@Import({ ServletSessionRepositoryValidator.class,
@ -91,8 +94,8 @@ public class SessionAutoConfiguration {
@Bean
@Conditional(DefaultCookieSerializerCondition.class)
public DefaultCookieSerializer cookieSerializer(ServerProperties serverProperties,
ObjectProvider<SpringSessionRememberMeServices> springSessionRememberMeServices) {
public DefaultCookieSerializer cookieSerializer(
ServerProperties serverProperties) {
Cookie cookie = serverProperties.getServlet().getSession().getCookie();
DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
@ -103,9 +106,11 @@ public class SessionAutoConfiguration {
map.from(cookie::getSecure).to(cookieSerializer::setUseSecureCookie);
map.from(cookie::getMaxAge).to((maxAge) -> cookieSerializer
.setCookieMaxAge((int) maxAge.getSeconds()));
springSessionRememberMeServices.ifAvailable((
rememberMeServices) -> cookieSerializer.setRememberMeRequestAttribute(
SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR));
if (ClassUtils.isPresent(REMEMBER_ME_SERVICES_CLASS,
getClass().getClassLoader())) {
new RememberMeServicesCookieSerializerCustomizer()
.apply(cookieSerializer);
}
return cookieSerializer;
}
@ -134,6 +139,19 @@ public class SessionAutoConfiguration {
}
/**
* Customization log for {@link SpringSessionRememberMeServices} that is only
* instantiated when Spring Security is on the classpath.
*/
static class RememberMeServicesCookieSerializerCustomizer {
public void apply(DefaultCookieSerializer cookieSerializer) {
cookieSerializer.setRememberMeRequestAttribute(
SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR);
}
}
/**
* Condition to trigger the creation of a {@link DefaultCookieSerializer}. This kicks
* in if either no {@link HttpSessionIdResolver} and {@link CookieSerializer} beans

@ -1,5 +1,5 @@
/*
* Copyright 2012-2018 the original author or authors.
* Copyright 2012-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -16,10 +16,16 @@
package org.springframework.boot.autoconfigure.session;
import java.util.Collections;
import org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext;
import org.springframework.boot.test.context.assertj.AssertableWebApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.session.MapSessionRepository;
import org.springframework.session.ReactiveSessionRepository;
import org.springframework.session.SessionRepository;
import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
import org.springframework.session.web.http.SessionRepositoryFilter;
import org.springframework.web.server.session.WebSessionManager;
@ -51,4 +57,15 @@ public abstract class AbstractSessionAutoConfigurationTests {
return type.cast(repository);
}
@Configuration
@EnableSpringHttpSession
static class SessionRepositoryConfiguration {
@Bean
public MapSessionRepository mySessionRepository() {
return new MapSessionRepository(Collections.emptyMap());
}
}
}

@ -0,0 +1,55 @@
/*
* Copyright 2012-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.boot.autoconfigure.session;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
import org.springframework.boot.testsupport.runner.classpath.ClassPathExclusions;
import org.springframework.boot.testsupport.runner.classpath.ModifiedClassPathRunner;
import org.springframework.session.web.http.DefaultCookieSerializer;
import static org.assertj.core.api.Assertions.assertThat;
/**
* Tests for {@link SessionAutoConfiguration} when Spring Security is not on the
* classpath.
*
* @author Vedran Pavic
*/
@RunWith(ModifiedClassPathRunner.class)
@ClassPathExclusions("spring-security-*")
public class SessionAutoConfigurationWithoutSecurityTests
extends AbstractSessionAutoConfigurationTests {
private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(SessionAutoConfiguration.class));
@Test
public void sessionCookieConfigurationIsAppliedToAutoConfiguredCookieSerializer() {
this.contextRunner.withUserConfiguration(SessionRepositoryConfiguration.class)
.run((context) -> {
DefaultCookieSerializer cookieSerializer = context
.getBean(DefaultCookieSerializer.class);
assertThat(cookieSerializer).hasFieldOrPropertyWithValue(
"rememberMeRequestAttribute", null);
});
}
}
Loading…
Cancel
Save