Merge branch '2.1.x'

Closes gh-16992
6 years ago · 6e9f2e42af
parent c080a4c7f2 a51996fc10
commit 6e9f2e42af
3 changed files with 96 additions and 6 deletions
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java
@ -61,6 +61,7 @@ import org.springframework.session.web.http.CookieHttpSessionIdResolver;
 import org.springframework.session.web.http.CookieSerializer;
 import org.springframework.session.web.http.DefaultCookieSerializer;
 import org.springframework.session.web.http.HttpSessionIdResolver;
 import org.springframework.util.ClassUtils;
 /**
 * {@link EnableAutoConfiguration Auto-configuration} for Spring Session.
@ -83,6 +84,8 @@ import org.springframework.session.web.http.HttpSessionIdResolver;
@AutoConfigureBefore(HttpHandlerAutoConfiguration.class)
 public class SessionAutoConfiguration {
 	private static final String REMEMBER_ME_SERVICES_CLASS = "org.springframework.security.web.authentication.RememberMeServices";
 	@Configuration(proxyBeanMethods = false)
 	@ConditionalOnWebApplication(type = Type.SERVLET)
 	@Import({ ServletSessionRepositoryValidator.class,
@ -91,8 +94,8 @@ public class SessionAutoConfiguration {
 		@Bean
 		@Conditional(DefaultCookieSerializerCondition.class)
-		public DefaultCookieSerializer cookieSerializer(ServerProperties serverProperties,
+		public DefaultCookieSerializer cookieSerializer(
-				ObjectProvider<SpringSessionRememberMeServices> springSessionRememberMeServices) {
+				ServerProperties serverProperties) {
 			Cookie cookie = serverProperties.getServlet().getSession().getCookie();
 			DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
 			PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
@ -103,9 +106,11 @@ public class SessionAutoConfiguration {
 			map.from(cookie::getSecure).to(cookieSerializer::setUseSecureCookie);
 			map.from(cookie::getMaxAge).to((maxAge) -> cookieSerializer
 					.setCookieMaxAge((int) maxAge.getSeconds()));
-			springSessionRememberMeServices.ifAvailable((
+			if (ClassUtils.isPresent(REMEMBER_ME_SERVICES_CLASS,
-					rememberMeServices) -> cookieSerializer.setRememberMeRequestAttribute(
+					getClass().getClassLoader())) {
-							SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR));
+				new RememberMeServicesCookieSerializerCustomizer()
 						.apply(cookieSerializer);
 			}
 			return cookieSerializer;
 		}
@ -134,6 +139,19 @@ public class SessionAutoConfiguration {
 	}
 	/**
 	 * Customization log for {@link SpringSessionRememberMeServices} that is only
 	 * instantiated when Spring Security is on the classpath.
 	 */
 	static class RememberMeServicesCookieSerializerCustomizer {
 		public void apply(DefaultCookieSerializer cookieSerializer) {
 			cookieSerializer.setRememberMeRequestAttribute(
 					SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR);
 		}
 	}
 	/**
 	 * Condition to trigger the creation of a {@link DefaultCookieSerializer}. This kicks
 	 * in if either no {@link HttpSessionIdResolver} and {@link CookieSerializer} beans
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/AbstractSessionAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/AbstractSessionAutoConfigurationTests.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2018 the original author or authors.
+ * Copyright 2012-2019 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -16,10 +16,16 @@
 package org.springframework.boot.autoconfigure.session;
 import java.util.Collections;
 import org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext;
 import org.springframework.boot.test.context.assertj.AssertableWebApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.session.MapSessionRepository;
 import org.springframework.session.ReactiveSessionRepository;
 import org.springframework.session.SessionRepository;
 import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.web.server.session.WebSessionManager;
@ -51,4 +57,15 @@ public abstract class AbstractSessionAutoConfigurationTests {
 		return type.cast(repository);
 	}
 	@Configuration
 	@EnableSpringHttpSession
 	static class SessionRepositoryConfiguration {
 		@Bean
 		public MapSessionRepository mySessionRepository() {
 			return new MapSessionRepository(Collections.emptyMap());
 		}
 	}
 }
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationWithoutSecurityTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationWithoutSecurityTests.java
@ -0,0 +1,55 @@
 /*
 * Copyright 2012-2019 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.boot.autoconfigure.session;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.boot.autoconfigure.AutoConfigurations;
 import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
 import org.springframework.boot.testsupport.runner.classpath.ClassPathExclusions;
 import org.springframework.boot.testsupport.runner.classpath.ModifiedClassPathRunner;
 import org.springframework.session.web.http.DefaultCookieSerializer;
 import static org.assertj.core.api.Assertions.assertThat;
 /**
 * Tests for {@link SessionAutoConfiguration} when Spring Security is not on the
 * classpath.
 *
 * @author Vedran Pavic
 */
@RunWith(ModifiedClassPathRunner.class)
@ClassPathExclusions("spring-security-*")
 public class SessionAutoConfigurationWithoutSecurityTests
 		extends AbstractSessionAutoConfigurationTests {
 	private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
 			.withConfiguration(AutoConfigurations.of(SessionAutoConfiguration.class));
 	@Test
 	public void sessionCookieConfigurationIsAppliedToAutoConfiguredCookieSerializer() {
 		this.contextRunner.withUserConfiguration(SessionRepositoryConfiguration.class)
 				.run((context) -> {
 					DefaultCookieSerializer cookieSerializer = context
 							.getBean(DefaultCookieSerializer.class);
 					assertThat(cookieSerializer).hasFieldOrPropertyWithValue(
 							"rememberMeRequestAttribute", null);
 				});
 	}
 }