BAEL-1911 - Spring session with JDBC (#4689)

spring-session/spring-session-redis/src/main/java/com/baeldung/spring/session/SecurityConfig.java

@@ -0,0 +1,23 @@
+package com.baeldung.spring.session;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication().withUser("admin").password("password").roles("ADMIN");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.httpBasic().and().authorizeRequests().antMatchers("/").hasRole("ADMIN").anyRequest().authenticated();
+    }
+}

spring-session/spring-session-redis/src/main/java/com/baeldung/spring/session/SessionConfig.java

@@ -0,0 +1,10 @@
+package com.baeldung.spring.session;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
+import org.springframework.session.web.context.AbstractHttpSessionApplicationInitializer;
+
+@Configuration
+@EnableRedisHttpSession
+public class SessionConfig extends AbstractHttpSessionApplicationInitializer {
+}

spring-session/spring-session-redis/src/main/java/com/baeldung/spring/session/SessionController.java

@@ -0,0 +1,12 @@
+package com.baeldung.spring.session;
+
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class SessionController {
+    @RequestMapping("/")
+    public String helloAdmin() {
+        return "hello admin";
+    }
+}

spring-session/spring-session-redis/src/main/java/com/baeldung/spring/session/SessionWebApplication.java

@@ -0,0 +1,11 @@
+package com.baeldung.spring.session;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class SessionWebApplication {
+    public static void main(String[] args) {
+        SpringApplication.run(SessionWebApplication.class, args);
+    }
+}

spring-session/spring-session-redis/src/main/resources/application.properties

@@ -0,0 +1,2 @@
+spring.redis.host=localhost
+spring.redis.port=6379

spring-session/spring-session-redis/src/test/java/com/baeldung/spring/session/SessionControllerIntegrationTest.java

@@ -0,0 +1,92 @@
+package com.baeldung.spring.session;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import java.util.Set;
+
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import redis.clients.jedis.Jedis;
+import redis.embedded.RedisServer;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = SessionWebApplication.class, webEnvironment = WebEnvironment.DEFINED_PORT)
+public class SessionControllerIntegrationTest {
+
+    private Jedis jedis;
+    private static RedisServer redisServer;
+    private TestRestTemplate testRestTemplate;
+    private TestRestTemplate testRestTemplateWithAuth;
+    private String testUrl = "http://localhost:8080/";
+
+    @BeforeClass
+    public static void startRedisServer() throws IOException {
+        redisServer = new RedisServer(6379);
+        redisServer.start();
+    }
+    
+    @AfterClass
+    public static void stopRedisServer() throws IOException {
+        redisServer.stop();
+    }
+    
+    @Before
+    public void clearRedisData() {
+        
+        testRestTemplate = new TestRestTemplate();
+        testRestTemplateWithAuth = new TestRestTemplate("admin", "password");
+
+        jedis = new Jedis("localhost", 6379);
+        jedis.flushAll();
+    }
+
+    @Test
+    public void testRedisIsEmpty() {
+        Set<String> result = jedis.keys("*");
+        assertEquals(0, result.size());
+    }
+
+    @Test
+    public void testUnauthenticatedCantAccess() {
+        ResponseEntity<String> result = testRestTemplate.getForEntity(testUrl, String.class);
+        assertEquals(HttpStatus.UNAUTHORIZED, result.getStatusCode());
+    }
+
+    @Test
+    public void testRedisControlsSession() {
+        ResponseEntity<String> result = testRestTemplateWithAuth.getForEntity(testUrl, String.class);
+        assertEquals("hello admin", result.getBody()); // login worked
+
+        Set<String> redisResult = jedis.keys("*");
+        assertTrue(redisResult.size() > 0); // redis is populated with session data
+
+        String sessionCookie = result.getHeaders().get("Set-Cookie").get(0).split(";")[0];
+        HttpHeaders headers = new HttpHeaders();
+        headers.add("Cookie", sessionCookie);
+        HttpEntity<String> httpEntity = new HttpEntity<>(headers);
+
+        result = testRestTemplate.exchange(testUrl, HttpMethod.GET, httpEntity, String.class);
+        assertEquals("hello admin", result.getBody()); // access with session works worked
+
+        jedis.flushAll(); // clear all keys in redis
+
+        result = testRestTemplate.exchange(testUrl, HttpMethod.GET, httpEntity, String.class);
+        assertEquals(HttpStatus.UNAUTHORIZED, result.getStatusCode());// access denied after sessions are removed in redis
+
+    }
+}