JAVA-12731: Move spring-session into spring-web-modules

spring-web-modules/spring-session/spring-session-redis/src/main/java/com/baeldung/spring/session/PasswordEncoderConfig.java

@@ -0,0 +1,15 @@
+package com.baeldung.spring.session;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class PasswordEncoderConfig {
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}

spring-web-modules/spring-session/spring-session-redis/src/main/java/com/baeldung/spring/session/SecurityConfig.java

@@ -0,0 +1,27 @@
+package com.baeldung.spring.session;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+    
+    @Autowired
+    public void configureGlobal(AuthenticationManagerBuilder auth, PasswordEncoder passwordEncoder) throws Exception {
+        auth.inMemoryAuthentication().withUser("admin").password(passwordEncoder.encode("password")).roles("ADMIN");
+    }
+    
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.httpBasic().and().authorizeRequests().antMatchers("/").hasRole("ADMIN").anyRequest().authenticated();
+    }
+    
+}

spring-web-modules/spring-session/spring-session-redis/src/main/java/com/baeldung/spring/session/SessionController.java

@@ -0,0 +1,12 @@
+package com.baeldung.spring.session;
+
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class SessionController {
+    @RequestMapping("/")
+    public String helloAdmin() {
+        return "hello admin";
+    }
+}

spring-web-modules/spring-session/spring-session-redis/src/main/java/com/baeldung/spring/session/SessionWebApplication.java

@@ -0,0 +1,11 @@
+package com.baeldung.spring.session;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class SessionWebApplication {
+    public static void main(String[] args) {
+        SpringApplication.run(SessionWebApplication.class, args);
+    }
+}

spring-web-modules/spring-session/spring-session-redis/src/main/resources/application.properties

@@ -0,0 +1,2 @@
+spring.redis.host=localhost
+spring.redis.port=6379

spring-web-modules/spring-session/spring-session-redis/src/main/resources/logback.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
+            </pattern>
+        </encoder>
+    </appender>
+
+    <root level="INFO">
+        <appender-ref ref="STDOUT" />
+    </root>
+</configuration>

spring-web-modules/spring-session/spring-session-redis/src/test/java/com/baeldung/SpringContextLiveTest.java

@@ -0,0 +1,21 @@
+package com.baeldung;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import com.baeldung.spring.session.SessionWebApplication;
+
+/**
+ * This live test requires:
+ * redis instance running on the environment
+ */
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = SessionWebApplication.class)
+public class SpringContextLiveTest {
+
+    @Test
+    public void whenSpringContextIsBootstrapped_thenNoExceptions() {
+    }
+}

spring-web-modules/spring-session/spring-session-redis/src/test/java/com/baeldung/spring/session/SessionControllerIntegrationTest.java

@@ -0,0 +1,98 @@
+package com.baeldung.spring.session;
+
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.test.context.junit4.SpringRunner;
+import redis.clients.jedis.Jedis;
+import redis.embedded.RedisServer;
+
+import java.io.IOException;
+import java.util.Set;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = SessionWebApplication.class, webEnvironment = WebEnvironment.RANDOM_PORT)
+public class SessionControllerIntegrationTest {
+
+    private static RedisServer redisServer;
+
+    @LocalServerPort
+    private int port;
+
+    private Jedis jedis;
+    private TestRestTemplate testRestTemplate;
+    private TestRestTemplate testRestTemplateWithAuth;
+
+    @BeforeClass
+    public static void startRedisServer() throws IOException {
+        redisServer = new RedisServer(6379);
+        redisServer.start();
+    }
+    
+    @AfterClass
+    public static void stopRedisServer() {
+        redisServer.stop();
+    }
+    
+    @Before
+    public void clearRedisData() {
+        
+        testRestTemplate = new TestRestTemplate();
+        testRestTemplateWithAuth = new TestRestTemplate("admin", "password");
+
+        jedis = new Jedis("localhost", 6379);
+        jedis.flushAll();
+    }
+
+    @Test
+    public void testRedisIsEmpty() {
+        Set<String> result = jedis.keys("*");
+        assertEquals(0, result.size());
+    }
+
+    @Test
+    public void testUnauthenticatedCantAccess() {
+        ResponseEntity<String> result = testRestTemplate.getForEntity(getTestUrl(), String.class);
+        assertEquals(HttpStatus.UNAUTHORIZED, result.getStatusCode());
+    }
+
+    @Test
+    public void testRedisControlsSession() {
+        ResponseEntity<String> result = testRestTemplateWithAuth.getForEntity(getTestUrl(), String.class);
+        assertEquals("hello admin", result.getBody()); // login worked
+
+        Set<String> redisResult = jedis.keys("*");
+        assertTrue(redisResult.size() > 0); // redis is populated with session data
+
+        String sessionCookie = result.getHeaders().get("Set-Cookie").get(0).split(";")[0];
+        HttpHeaders headers = new HttpHeaders();
+        headers.add("Cookie", sessionCookie);
+        HttpEntity<String> httpEntity = new HttpEntity<>(headers);
+
+        result = testRestTemplate.exchange(getTestUrl(), HttpMethod.GET, httpEntity, String.class);
+        assertEquals("hello admin", result.getBody()); // access with session works worked
+
+        jedis.flushAll(); // clear all keys in redis
+
+        result = testRestTemplate.exchange(getTestUrl(), HttpMethod.GET, httpEntity, String.class);
+        assertEquals(HttpStatus.UNAUTHORIZED, result.getStatusCode());// access denied after sessions are removed in redis
+    }
+
+    private String getTestUrl(){
+        return "http://localhost:" + port;
+    }
+}