From 7657209523cbafb2e16fbd8901d3cb487985958b Mon Sep 17 00:00:00 2001 From: Vedran Pavic Date: Tue, 13 Nov 2018 17:58:49 +0100 Subject: [PATCH 1/2] Auto-configure Spring Session's cookie serializer --- .../session/SessionAutoConfiguration.java | 32 ++++++- .../SessionAutoConfigurationTests.java | 96 +++++++++++++++++++ 2 files changed, 127 insertions(+), 1 deletion(-) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java index 45da379fd386..d05b5e59f4ab 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java @@ -39,9 +39,13 @@ import org.springframework.boot.autoconfigure.hazelcast.HazelcastAutoConfiguration; import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; import org.springframework.boot.autoconfigure.jdbc.JdbcTemplateAutoConfiguration; +import org.springframework.boot.autoconfigure.web.ServerProperties; import org.springframework.boot.autoconfigure.web.reactive.HttpHandlerAutoConfiguration; import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.boot.context.properties.PropertyMapper; +import org.springframework.boot.web.servlet.server.Session.Cookie; import org.springframework.context.ApplicationContext; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.context.annotation.ImportSelector; @@ -49,6 +53,9 @@ import org.springframework.session.ReactiveSessionRepository; import org.springframework.session.Session; import org.springframework.session.SessionRepository; +import org.springframework.session.web.http.CookieSerializer; +import org.springframework.session.web.http.DefaultCookieSerializer; +import org.springframework.session.web.http.HeaderHttpSessionIdResolver; import org.springframework.util.StringUtils; /** @@ -64,7 +71,7 @@ @Configuration @ConditionalOnClass(Session.class) @ConditionalOnWebApplication -@EnableConfigurationProperties(SessionProperties.class) +@EnableConfigurationProperties({ ServerProperties.class, SessionProperties.class }) @AutoConfigureAfter({ DataSourceAutoConfiguration.class, HazelcastAutoConfiguration.class, JdbcTemplateAutoConfiguration.class, MongoDataAutoConfiguration.class, MongoReactiveDataAutoConfiguration.class, RedisAutoConfiguration.class, @@ -78,6 +85,29 @@ public class SessionAutoConfiguration { SessionRepositoryFilterConfiguration.class }) static class ServletSessionConfiguration { + private final ServerProperties serverProperties; + + ServletSessionConfiguration(ServerProperties serverProperties) { + this.serverProperties = serverProperties; + } + + @Bean + @ConditionalOnMissingBean({ CookieSerializer.class, + HeaderHttpSessionIdResolver.class }) + public DefaultCookieSerializer cookieSerializer() { + Cookie cookie = this.serverProperties.getServlet().getSession().getCookie(); + DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer(); + PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull(); + map.from(cookie::getName).to(cookieSerializer::setCookieName); + map.from(cookie::getDomain).to(cookieSerializer::setDomainName); + map.from(cookie::getPath).to(cookieSerializer::setCookiePath); + map.from(cookie::getHttpOnly).to(cookieSerializer::setUseHttpOnlyCookie); + map.from(cookie::getSecure).to(cookieSerializer::setUseSecureCookie); + map.from(cookie::getMaxAge).to((maxAge) -> cookieSerializer + .setCookieMaxAge((int) maxAge.getSeconds())); + return cookieSerializer; + } + @Configuration @ConditionalOnMissingBean(SessionRepository.class) @Import({ ServletSessionRepositoryImplementationValidator.class, diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java index 590dd98c9372..94e19040f628 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java @@ -38,6 +38,7 @@ import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession; import org.springframework.session.web.http.CookieHttpSessionIdResolver; import org.springframework.session.web.http.DefaultCookieSerializer; +import org.springframework.session.web.http.HeaderHttpSessionIdResolver; import org.springframework.session.web.http.SessionRepositoryFilter; import org.springframework.test.util.ReflectionTestUtils; @@ -185,6 +186,65 @@ public void sessionCookieConfigurationIsPickedUp() { }); } + @Test + public void autoConfiguredCookieSerializerConfiguration() { + this.contextRunner.withUserConfiguration(SessionRepositoryConfiguration.class) + .withPropertyValues("server.servlet.session.cookie.name=sid", + "server.servlet.session.cookie.domain=spring", + "server.servlet.session.cookie.path=/test", + "server.servlet.session.cookie.httpOnly=false", + "server.servlet.session.cookie.secure=false", + "server.servlet.session.cookie.maxAge=10s") + .run((context) -> { + DefaultCookieSerializer cookieSerializer = context + .getBean(DefaultCookieSerializer.class); + assertThat(cookieSerializer).hasFieldOrPropertyWithValue("cookieName", + "sid"); + assertThat(cookieSerializer).hasFieldOrPropertyWithValue("domainName", + "spring"); + assertThat(cookieSerializer).hasFieldOrPropertyWithValue("cookiePath", + "/test"); + assertThat(cookieSerializer) + .hasFieldOrPropertyWithValue("useHttpOnlyCookie", false); + assertThat(cookieSerializer) + .hasFieldOrPropertyWithValue("useSecureCookie", false); + assertThat(cookieSerializer) + .hasFieldOrPropertyWithValue("cookieMaxAge", 10); + }); + } + + @Test + public void userProvidedCookieSerializerConfiguration() { + this.contextRunner + .withUserConfiguration(UserProvidedCookieSerializerConfiguration.class) + .withPropertyValues("server.servlet.session.cookie.name=sid") + .run((context) -> { + DefaultCookieSerializer cookieSerializer = context + .getBean(DefaultCookieSerializer.class); + assertThat(cookieSerializer).hasFieldOrPropertyWithValue("cookieName", + "SESSION"); + }); + } + + @Test + public void userProvidedCookieHttpSessionStrategyConfiguration() { + this.contextRunner + .withUserConfiguration( + UserProvidedCookieHttpSessionStrategyConfiguration.class) + .run((context) -> assertThat( + context.getBeansOfType(DefaultCookieSerializer.class)) + .isNotEmpty()); + } + + @Test + public void userProvidedHeaderHttpSessionStrategyConfiguration() { + this.contextRunner + .withUserConfiguration( + UserProvidedHeaderHttpSessionStrategyConfiguration.class) + .run((context) -> assertThat( + context.getBeansOfType(DefaultCookieSerializer.class)).isEmpty()); + } + @Configuration @EnableSpringHttpSession static class SessionRepositoryConfiguration { @@ -201,4 +261,40 @@ static class ServerPropertiesConfiguration { } + @Configuration + @EnableSpringHttpSession + static class UserProvidedCookieSerializerConfiguration + extends SessionRepositoryConfiguration { + + @Bean + public DefaultCookieSerializer myCookieSerializer() { + return new DefaultCookieSerializer(); + } + + } + + @Configuration + @EnableSpringHttpSession + static class UserProvidedCookieHttpSessionStrategyConfiguration + extends SessionRepositoryConfiguration { + + @Bean + public CookieHttpSessionIdResolver httpSessionStrategy() { + return new CookieHttpSessionIdResolver(); + } + + } + + @Configuration + @EnableSpringHttpSession + static class UserProvidedHeaderHttpSessionStrategyConfiguration + extends SessionRepositoryConfiguration { + + @Bean + public HeaderHttpSessionIdResolver httpSessionStrategy() { + return HeaderHttpSessionIdResolver.xAuthToken(); + } + + } + } From 6e9f3e3c219cc911e035869ec4c796e97a8c79a8 Mon Sep 17 00:00:00 2001 From: Vedran Pavic Date: Tue, 20 Nov 2018 21:36:39 +0100 Subject: [PATCH 2/2] Improve cookie serializer conditions --- .../session/SessionAutoConfiguration.java | 34 +++++++++++++++++-- .../SessionAutoConfigurationTests.java | 23 +++++++++++++ 2 files changed, 54 insertions(+), 3 deletions(-) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java index d05b5e59f4ab..2c98b498c8a1 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java @@ -28,6 +28,8 @@ import org.springframework.boot.autoconfigure.AutoConfigureAfter; import org.springframework.boot.autoconfigure.AutoConfigureBefore; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.boot.autoconfigure.condition.AnyNestedCondition; +import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; @@ -46,6 +48,7 @@ import org.springframework.boot.web.servlet.server.Session.Cookie; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Conditional; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.context.annotation.ImportSelector; @@ -53,9 +56,10 @@ import org.springframework.session.ReactiveSessionRepository; import org.springframework.session.Session; import org.springframework.session.SessionRepository; +import org.springframework.session.web.http.CookieHttpSessionIdResolver; import org.springframework.session.web.http.CookieSerializer; import org.springframework.session.web.http.DefaultCookieSerializer; -import org.springframework.session.web.http.HeaderHttpSessionIdResolver; +import org.springframework.session.web.http.HttpSessionIdResolver; import org.springframework.util.StringUtils; /** @@ -92,8 +96,7 @@ static class ServletSessionConfiguration { } @Bean - @ConditionalOnMissingBean({ CookieSerializer.class, - HeaderHttpSessionIdResolver.class }) + @Conditional(DefaultCookieSerializerCondition.class) public DefaultCookieSerializer cookieSerializer() { Cookie cookie = this.serverProperties.getServlet().getSession().getCookie(); DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer(); @@ -133,6 +136,31 @@ static class ReactiveSessionRepositoryConfiguration { } + /** + * Condition to trigger the creation of a {@link DefaultCookieSerializer}. This kicks + * in if either no {@link HttpSessionIdResolver} and {@link CookieSerializer} beans + * are registered, or if {@link CookieHttpSessionIdResolver} is registered but + * {@link CookieSerializer} is not. + */ + static class DefaultCookieSerializerCondition extends AnyNestedCondition { + + DefaultCookieSerializerCondition() { + super(ConfigurationPhase.REGISTER_BEAN); + } + + @ConditionalOnMissingBean({ HttpSessionIdResolver.class, CookieSerializer.class }) + static class NoComponentsAvailable { + + } + + @ConditionalOnBean(CookieHttpSessionIdResolver.class) + @ConditionalOnMissingBean(CookieSerializer.class) + static class CookieHttpSessionIdResolverAvailable { + + } + + } + /** * {@link ImportSelector} base class to add {@link StoreType} configuration classes. */ diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java index 94e19040f628..184893d82bf7 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java @@ -39,10 +39,12 @@ import org.springframework.session.web.http.CookieHttpSessionIdResolver; import org.springframework.session.web.http.DefaultCookieSerializer; import org.springframework.session.web.http.HeaderHttpSessionIdResolver; +import org.springframework.session.web.http.HttpSessionIdResolver; import org.springframework.session.web.http.SessionRepositoryFilter; import org.springframework.test.util.ReflectionTestUtils; import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; /** * Tests for {@link SessionAutoConfiguration}. @@ -245,6 +247,15 @@ public void userProvidedHeaderHttpSessionStrategyConfiguration() { context.getBeansOfType(DefaultCookieSerializer.class)).isEmpty()); } + @Test + public void userProvidedCustomHttpSessionStrategyConfiguration() { + this.contextRunner + .withUserConfiguration( + UserProvidedCustomHttpSessionStrategyConfiguration.class) + .run((context) -> assertThat( + context.getBeansOfType(DefaultCookieSerializer.class)).isEmpty()); + } + @Configuration @EnableSpringHttpSession static class SessionRepositoryConfiguration { @@ -297,4 +308,16 @@ public HeaderHttpSessionIdResolver httpSessionStrategy() { } + @Configuration + @EnableSpringHttpSession + static class UserProvidedCustomHttpSessionStrategyConfiguration + extends SessionRepositoryConfiguration { + + @Bean + public HttpSessionIdResolver httpSessionStrategy() { + return mock(HttpSessionIdResolver.class); + } + + } + }