Merge pull request #20961 from vpavic

* gh-20961: Polish "Add support for customizing Spring Session's cookie serializer" Add support for customizing Spring Session's cookie serializer Closes gh-20961
5 years ago · 18a9a229b1
parent f3d717e97a d65d951318
commit 18a9a229b1
3 changed files with 89 additions and 19 deletions
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/CookieSerializerCustomizer.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/CookieSerializerCustomizer.java
@ -0,0 +1,37 @@
+/*
+ * Copyright 2012-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.autoconfigure.session;
+
+import org.springframework.session.web.http.DefaultCookieSerializer;
+
+/**
+ * Callback interface that can be implemented by beans wishing to customize the
+ * {@link DefaultCookieSerializer} configuration.
+ *
+ * @author Vedran Pavic
+ * @since 2.3.0
+ */
+@FunctionalInterface
+public interface CookieSerializerCustomizer {
+
+	/**
+	 * Customize the cookie serializer.
+	 * @param cookieSerializer the {@code CookieSerializer} to customize
+	 */
+	void customize(DefaultCookieSerializer cookieSerializer);
+
+}
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java
@ -53,6 +53,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.context.annotation.ImportSelector;
 import org.springframework.core.type.AnnotationMetadata;
+import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.session.ReactiveSessionRepository;
 import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
@ -61,7 +62,6 @@ import org.springframework.session.web.http.CookieHttpSessionIdResolver;
 import org.springframework.session.web.http.CookieSerializer;
 import org.springframework.session.web.http.DefaultCookieSerializer;
 import org.springframework.session.web.http.HttpSessionIdResolver;
-import org.springframework.util.ClassUtils;

 /**
 * {@link EnableAutoConfiguration Auto-configuration} for Spring Session.
@ -83,8 +83,6 @@ import org.springframework.util.ClassUtils;
@AutoConfigureBefore(HttpHandlerAutoConfiguration.class)
 public class SessionAutoConfiguration {

-	private static final String REMEMBER_ME_SERVICES_CLASS = "org.springframework.security.web.authentication.RememberMeServices";
-
 	@Configuration(proxyBeanMethods = false)
 	@ConditionalOnWebApplication(type = Type.SERVLET)
 	@Import({ ServletSessionRepositoryValidator.class, SessionRepositoryFilterConfiguration.class })
@ -92,7 +90,8 @@ public class SessionAutoConfiguration {

 		@Bean
 		@Conditional(DefaultCookieSerializerCondition.class)
-		DefaultCookieSerializer cookieSerializer(ServerProperties serverProperties) {
+		DefaultCookieSerializer cookieSerializer(ServerProperties serverProperties,
+				ObjectProvider<CookieSerializerCustomizer> cookieSerializerCustomizers) {
 			Cookie cookie = serverProperties.getServlet().getSession().getCookie();
 			DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
 			PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
@ -102,12 +101,22 @@ public class SessionAutoConfiguration {
 			map.from(cookie::getHttpOnly).to(cookieSerializer::setUseHttpOnlyCookie);
 			map.from(cookie::getSecure).to(cookieSerializer::setUseSecureCookie);
 			map.from(cookie::getMaxAge).to((maxAge) -> cookieSerializer.setCookieMaxAge((int) maxAge.getSeconds()));
-			if (ClassUtils.isPresent(REMEMBER_ME_SERVICES_CLASS, getClass().getClassLoader())) {
-				new RememberMeServicesCookieSerializerCustomizer().apply(cookieSerializer);
-			}
+			cookieSerializerCustomizers.orderedStream().forEach((customizer) -> customizer.customize(cookieSerializer));
 			return cookieSerializer;
 		}

+		@Configuration(proxyBeanMethods = false)
+		@ConditionalOnClass(RememberMeServices.class)
+		static class RememberMeServicesConfiguration {
+
+			@Bean
+			CookieSerializerCustomizer rememberMeServicesCookieSerializerCustomizer() {
+				return (cookieSerializer) -> cookieSerializer
+						.setRememberMeRequestAttribute(SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR);
+			}
+
+		}
+
 		@Configuration(proxyBeanMethods = false)
 		@ConditionalOnMissingBean(SessionRepository.class)
 		@Import({ ServletSessionRepositoryImplementationValidator.class,
@ -133,18 +142,6 @@ public class SessionAutoConfiguration {

 	}

-	/**
-	 * Customization for {@link SpringSessionRememberMeServices} that is only instantiated
-	 * when Spring Security is on the classpath.
-	 */
-	static class RememberMeServicesCookieSerializerCustomizer {
-
-		void apply(DefaultCookieSerializer cookieSerializer) {
-			cookieSerializer.setRememberMeRequestAttribute(SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR);
-		}
-
-	}
-
 	/**
 	 * Condition to trigger the creation of a {@link DefaultCookieSerializer}. This kicks
 	 * in if either no {@link HttpSessionIdResolver} and {@link CookieSerializer} beans
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java
@ -22,6 +22,7 @@ import java.util.EnumSet;
 import javax.servlet.DispatcherType;

 import org.junit.jupiter.api.Test;
+import org.mockito.InOrder;

 import org.springframework.boot.autoconfigure.AutoConfigurations;
 import org.springframework.boot.autoconfigure.web.ServerProperties;
@ -30,6 +31,7 @@ import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 import org.springframework.session.MapSessionRepository;
 import org.springframework.session.SessionRepository;
 import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
@ -42,6 +44,8 @@ import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.util.ReflectionTestUtils;

 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.inOrder;
 import static org.mockito.Mockito.mock;

 /**
@ -205,6 +209,16 @@ class SessionAutoConfigurationTests extends AbstractSessionAutoConfigurationTest
 		});
 	}

+	@Test
+	void cookieSerializerCustomization() {
+		this.contextRunner.withBean(CookieSerializerCustomization.class).run((context) -> {
+			CookieSerializerCustomization customization = context.getBean(CookieSerializerCustomization.class);
+			InOrder inOrder = inOrder(customization.customizer1, customization.customizer2);
+			inOrder.verify(customization.customizer1).customize(any());
+			inOrder.verify(customization.customizer2).customize(any());
+		});
+	}
+
 	@Configuration(proxyBeanMethods = false)
 	@EnableSpringHttpSession
 	static class SessionRepositoryConfiguration {
@ -276,4 +290,26 @@ class SessionAutoConfigurationTests extends AbstractSessionAutoConfigurationTest

 	}

+	@Configuration(proxyBeanMethods = false)
+	@EnableSpringHttpSession
+	static class CookieSerializerCustomization extends SessionRepositoryConfiguration {
+
+		private final CookieSerializerCustomizer customizer1 = mock(CookieSerializerCustomizer.class);
+
+		private final CookieSerializerCustomizer customizer2 = mock(CookieSerializerCustomizer.class);
+
+		@Bean
+		@Order(1)
+		CookieSerializerCustomizer customizer1() {
+			return this.customizer1;
+		}
+
+		@Bean
+		@Order(2)
+		CookieSerializerCustomizer customizer2() {
+			return this.customizer2;
+		}
+
+	}
+
 }