From 5e0254119589059ca6b1550b46d5ee9307716bf0 Mon Sep 17 00:00:00 2001 From: Vedran Pavic Date: Wed, 10 Apr 2019 18:32:50 +0200 Subject: [PATCH 1/2] Improve DefaultCookieSerializer auto-configuration Spring Session's own configuration support (i.e. SpringHttpSessionConfiguration) will configure the default DefaultCookieSerializer with rememberMeRequestAttribute if SpringSessionRememberMeServices bean has been detected in the application context. In contrast, Spring Boot's auto-configured DefaultCookieSerializer does not do this which results in a different out-of-the-box experience for users that rely on Spring Session's remember-me integration. This commit improves Spring Session DefaultCookieSerializer auto-configuration to match Spring Session's behavior and make the auto-configured DefaultCookieSerializer aware of SpringSessionRememberMeServices bean. See gh-16513 --- .../session/SessionAutoConfiguration.java | 13 ++++++++++ .../SessionAutoConfigurationTests.java | 26 +++++++++++++++++++ 2 files changed, 39 insertions(+) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java index 4ecd4bd824..62ae10c4c9 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java @@ -56,6 +56,7 @@ import org.springframework.core.type.AnnotationMetadata; import org.springframework.session.ReactiveSessionRepository; import org.springframework.session.Session; import org.springframework.session.SessionRepository; +import org.springframework.session.security.web.authentication.SpringSessionRememberMeServices; import org.springframework.session.web.http.CookieHttpSessionIdResolver; import org.springframework.session.web.http.CookieSerializer; import org.springframework.session.web.http.DefaultCookieSerializer; @@ -89,6 +90,14 @@ public class SessionAutoConfiguration { SessionRepositoryFilterConfiguration.class }) static class ServletSessionConfiguration { + private final SpringSessionRememberMeServices springSessionRememberMeServices; + + ServletSessionConfiguration( + ObjectProvider springSessionRememberMeServices) { + this.springSessionRememberMeServices = springSessionRememberMeServices + .getIfAvailable(); + } + @Bean @Conditional(DefaultCookieSerializerCondition.class) public DefaultCookieSerializer cookieSerializer( @@ -103,6 +112,10 @@ public class SessionAutoConfiguration { map.from(cookie::getSecure).to(cookieSerializer::setUseSecureCookie); map.from(cookie::getMaxAge).to((maxAge) -> cookieSerializer .setCookieMaxAge((int) maxAge.getSeconds())); + if (this.springSessionRememberMeServices != null) { + cookieSerializer.setRememberMeRequestAttribute( + SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR); + } return cookieSerializer; } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java index 3190142de5..d9c2ad0244 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java @@ -34,6 +34,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.session.MapSessionRepository; import org.springframework.session.SessionRepository; import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession; +import org.springframework.session.security.web.authentication.SpringSessionRememberMeServices; import org.springframework.session.web.http.CookieHttpSessionIdResolver; import org.springframework.session.web.http.DefaultCookieSerializer; import org.springframework.session.web.http.HeaderHttpSessionIdResolver; @@ -245,6 +246,19 @@ public class SessionAutoConfigurationTests extends AbstractSessionAutoConfigurat context.getBeansOfType(DefaultCookieSerializer.class)).isEmpty()); } + @Test + public void autoConfiguredCookieSerializerIsConfiguredWithRememberMeRequestAttribute() { + this.contextRunner + .withUserConfiguration(SpringSessionRememberMeServicesConfiguration.class) + .run((context) -> { + DefaultCookieSerializer cookieSerializer = context + .getBean(DefaultCookieSerializer.class); + assertThat(cookieSerializer).hasFieldOrPropertyWithValue( + "rememberMeRequestAttribute", + SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR); + }); + } + @Configuration @EnableSpringHttpSession static class SessionRepositoryConfiguration { @@ -309,4 +323,16 @@ public class SessionAutoConfigurationTests extends AbstractSessionAutoConfigurat } + @Configuration + @EnableSpringHttpSession + static class SpringSessionRememberMeServicesConfiguration + extends SessionRepositoryConfiguration { + + @Bean + public SpringSessionRememberMeServices rememberMeServices() { + return new SpringSessionRememberMeServices(); + } + + } + } From 7b9471836b5f947a56189fafd01da3e203632094 Mon Sep 17 00:00:00 2001 From: Stephane Nicoll Date: Fri, 19 Apr 2019 15:53:45 +0200 Subject: [PATCH 2/2] Polish "Improve DefaultCookieSerializer auto-configuration" Closes gh-16513 --- .../session/SessionAutoConfiguration.java | 21 ++++++------------- .../SessionAutoConfigurationTests.java | 2 +- 2 files changed, 7 insertions(+), 16 deletions(-) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java index 62ae10c4c9..688e66158e 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2018 the original author or authors. + * Copyright 2012-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -90,18 +90,10 @@ public class SessionAutoConfiguration { SessionRepositoryFilterConfiguration.class }) static class ServletSessionConfiguration { - private final SpringSessionRememberMeServices springSessionRememberMeServices; - - ServletSessionConfiguration( - ObjectProvider springSessionRememberMeServices) { - this.springSessionRememberMeServices = springSessionRememberMeServices - .getIfAvailable(); - } - @Bean @Conditional(DefaultCookieSerializerCondition.class) - public DefaultCookieSerializer cookieSerializer( - ServerProperties serverProperties) { + public DefaultCookieSerializer cookieSerializer(ServerProperties serverProperties, + ObjectProvider springSessionRememberMeServices) { Cookie cookie = serverProperties.getServlet().getSession().getCookie(); DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer(); PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull(); @@ -112,10 +104,9 @@ public class SessionAutoConfiguration { map.from(cookie::getSecure).to(cookieSerializer::setUseSecureCookie); map.from(cookie::getMaxAge).to((maxAge) -> cookieSerializer .setCookieMaxAge((int) maxAge.getSeconds())); - if (this.springSessionRememberMeServices != null) { - cookieSerializer.setRememberMeRequestAttribute( - SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR); - } + springSessionRememberMeServices.ifAvailable(( + rememberMeServices) -> cookieSerializer.setRememberMeRequestAttribute( + SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR)); return cookieSerializer; } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java index d9c2ad0244..b22c82d9f1 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2018 the original author or authors. + * Copyright 2012-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License.