Auto-configure Spring Session's cookie serializer

vpavic · vpavic · commit a4899a928ca5 · 2018-11-13T22:16:21.000+01:00
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java
@@ -39,16 +39,23 @@
 import org.springframework.boot.autoconfigure.hazelcast.HazelcastAutoConfiguration;
 import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
 import org.springframework.boot.autoconfigure.jdbc.JdbcTemplateAutoConfiguration;
+import org.springframework.boot.autoconfigure.web.ServerProperties;
 import org.springframework.boot.autoconfigure.web.reactive.HttpHandlerAutoConfiguration;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.context.properties.PropertyMapper;
+import org.springframework.boot.web.servlet.server.Session.Cookie;
 import org.springframework.context.ApplicationContext;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.context.annotation.ImportSelector;
 import org.springframework.core.type.AnnotationMetadata;
 import org.springframework.session.ReactiveSessionRepository;
 import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
+import org.springframework.session.web.http.CookieSerializer;
+import org.springframework.session.web.http.DefaultCookieSerializer;
+import org.springframework.session.web.http.HeaderHttpSessionIdResolver;
 import org.springframework.util.StringUtils;
 
 /**
@@ -64,7 +71,7 @@
 @Configuration
 @ConditionalOnClass(Session.class)
 @ConditionalOnWebApplication
-@EnableConfigurationProperties(SessionProperties.class)
+@EnableConfigurationProperties({ ServerProperties.class, SessionProperties.class })
 @AutoConfigureAfter({ DataSourceAutoConfiguration.class, HazelcastAutoConfiguration.class,
 		JdbcTemplateAutoConfiguration.class, MongoDataAutoConfiguration.class,
 		MongoReactiveDataAutoConfiguration.class, RedisAutoConfiguration.class,
@@ -78,6 +85,29 @@ public class SessionAutoConfiguration {
 			SessionRepositoryFilterConfiguration.class })
 	static class ServletSessionConfiguration {
 
+		private final ServerProperties serverProperties;
+
+		ServletSessionConfiguration(ServerProperties serverProperties) {
+			this.serverProperties = serverProperties;
+		}
+
+		@Bean
+		@ConditionalOnMissingBean({ CookieSerializer.class,
+				HeaderHttpSessionIdResolver.class })
+		public DefaultCookieSerializer cookieSerializer() {
+			Cookie cookie = this.serverProperties.getServlet().getSession().getCookie();
+			DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
+			PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
+			map.from(cookie::getName).to(cookieSerializer::setCookieName);
+			map.from(cookie::getDomain).to(cookieSerializer::setDomainName);
+			map.from(cookie::getPath).to(cookieSerializer::setCookiePath);
+			map.from(cookie::getHttpOnly).to(cookieSerializer::setUseHttpOnlyCookie);
+			map.from(cookie::getSecure).to(cookieSerializer::setUseSecureCookie);
+			map.from(cookie::getMaxAge).to((maxAge) -> cookieSerializer
+					.setCookieMaxAge((int) maxAge.getSeconds()));
+			return cookieSerializer;
+		}
+
 		@Configuration
 		@ConditionalOnMissingBean(SessionRepository.class)
 		@Import({ ServletSessionRepositoryImplementationValidator.class,
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java
@@ -38,6 +38,7 @@
 import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
 import org.springframework.session.web.http.CookieHttpSessionIdResolver;
 import org.springframework.session.web.http.DefaultCookieSerializer;
+import org.springframework.session.web.http.HeaderHttpSessionIdResolver;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.util.ReflectionTestUtils;
 
@@ -185,6 +186,65 @@ public void sessionCookieConfigurationIsPickedUp() {
 		});
 	}
 
+	@Test
+	public void autoConfiguredCookieSerializerConfiguration() {
+		this.contextRunner.withUserConfiguration(SessionRepositoryConfiguration.class)
+				.withPropertyValues("server.servlet.session.cookie.name=sid",
+						"server.servlet.session.cookie.domain=spring",
+						"server.servlet.session.cookie.path=/test",
+						"server.servlet.session.cookie.httpOnly=false",
+						"server.servlet.session.cookie.secure=false",
+						"server.servlet.session.cookie.maxAge=10s")
+				.run((context) -> {
+					DefaultCookieSerializer cookieSerializer = context
+							.getBean(DefaultCookieSerializer.class);
+					assertThat(cookieSerializer).hasFieldOrPropertyWithValue("cookieName",
+							"sid");
+					assertThat(cookieSerializer).hasFieldOrPropertyWithValue("domainName",
+							"spring");
+					assertThat(cookieSerializer).hasFieldOrPropertyWithValue("cookiePath",
+							"/test");
+					assertThat(cookieSerializer)
+							.hasFieldOrPropertyWithValue("useHttpOnlyCookie", false);
+					assertThat(cookieSerializer)
+							.hasFieldOrPropertyWithValue("useSecureCookie", false);
+					assertThat(cookieSerializer)
+							.hasFieldOrPropertyWithValue("cookieMaxAge", 10);
+				});
+	}
+
+	@Test
+	public void userProvidedCookieSerializerConfiguration() {
+		this.contextRunner
+				.withUserConfiguration(UserProvidedCookieSerializerConfiguration.class)
+				.withPropertyValues("server.servlet.session.cookie.name=sid")
+				.run((context) -> {
+					DefaultCookieSerializer cookieSerializer = context
+							.getBean(DefaultCookieSerializer.class);
+					assertThat(cookieSerializer).hasFieldOrPropertyWithValue("cookieName",
+							"SESSION");
+				});
+	}
+
+	@Test
+	public void userProvidedCookieHttpSessionStrategyConfiguration() {
+		this.contextRunner
+				.withUserConfiguration(
+						UserProvidedCookieHttpSessionStrategyConfiguration.class)
+				.run((context) -> assertThat(
+						context.getBeansOfType(DefaultCookieSerializer.class))
+								.isNotEmpty());
+	}
+
+	@Test
+	public void userProvidedHeaderHttpSessionStrategyConfiguration() {
+		this.contextRunner
+				.withUserConfiguration(
+						UserProvidedHeaderHttpSessionStrategyConfiguration.class)
+				.run((context) -> assertThat(
+						context.getBeansOfType(DefaultCookieSerializer.class)).isEmpty());
+	}
+
 	@Configuration
 	@EnableSpringHttpSession
 	static class SessionRepositoryConfiguration {
@@ -201,4 +261,40 @@ static class ServerPropertiesConfiguration {
 
 	}
 
+	@Configuration
+	@EnableSpringHttpSession
+	static class UserProvidedCookieSerializerConfiguration
+			extends SessionRepositoryConfiguration {
+
+		@Bean
+		public DefaultCookieSerializer myCookieSerializer() {
+			return new DefaultCookieSerializer();
+		}
+
+	}
+
+	@Configuration
+	@EnableSpringHttpSession
+	static class UserProvidedCookieHttpSessionStrategyConfiguration
+			extends SessionRepositoryConfiguration {
+
+		@Bean
+		public CookieHttpSessionIdResolver httpSessionStrategy() {
+			return new CookieHttpSessionIdResolver();
+		}
+
+	}
+
+	@Configuration
+	@EnableSpringHttpSession
+	static class UserProvidedHeaderHttpSessionStrategyConfiguration
+			extends SessionRepositoryConfiguration {
+
+		@Bean
+		public HeaderHttpSessionIdResolver httpSessionStrategy() {
+			return HeaderHttpSessionIdResolver.xAuthToken();
+		}
+
+	}
+
 }
