[BAEL-3295] Add missing code snippets from the Spring Session article

spring-security-mvc/src/main/java/com/baeldung/session/bean/Constants.java

@@ -0,0 +1,5 @@
+package com.baeldung.session.bean;
+
+public class Constants {
+    public static final String FOO = "foo";
+}

spring-security-mvc/src/main/java/com/baeldung/session/bean/Foo.java

@@ -0,0 +1,29 @@
+package com.baeldung.session.bean;
+
+import static org.springframework.context.annotation.ScopedProxyMode.TARGET_CLASS;
+import static org.springframework.web.context.WebApplicationContext.SCOPE_SESSION;
+
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Component;
+
+@Component
+@Scope(value = SCOPE_SESSION, proxyMode = TARGET_CLASS)
+public class Foo {
+    private final String created;
+
+    public Foo() {
+        this.created = LocalDateTime.now()
+            .format(DateTimeFormatter.ISO_DATE_TIME);
+    }
+
+    public Foo(Foo theFoo) {
+        this.created = theFoo.created;
+    }
+
+    public String getCreated() {
+        return created;
+    }
+}

spring-security-mvc/src/main/java/com/baeldung/session/security/config/SecSecurityConfig.java

@@ -38,7 +38,7 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
         .csrf().disable()
         .authorizeRequests()
         .antMatchers("/anonymous*").anonymous()
-        .antMatchers("/login*","/invalidSession*", "/sessionExpired*").permitAll()
+        .antMatchers("/login*","/invalidSession*", "/sessionExpired*", "/foo/**").permitAll()
         .anyRequest().authenticated()
         .and()
         .formLogin()

spring-security-mvc/src/main/java/com/baeldung/session/web/FooController.java

@@ -0,0 +1,44 @@
+package com.baeldung.session.web;
+
+import javax.servlet.http.HttpSession;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import com.baeldung.session.bean.Constants;
+import com.baeldung.session.bean.Foo;
+
+@RestController
+@RequestMapping(path = "/foo")
+public class FooController {
+
+    @Autowired
+    private Foo theFoo;
+
+    @GetMapping(path = "set")
+    public void fooSet(HttpSession session) {
+        session.setAttribute(Constants.FOO, new Foo());
+    }
+
+    @GetMapping(path = "autowired")
+    public Foo getAutowired() {
+        return new Foo(theFoo);
+    }
+
+    @GetMapping(path = "inject")
+    public Foo fooInject(HttpSession session) {
+        return (Foo) session.getAttribute(Constants.FOO);
+    }
+
+    @GetMapping(path = "raw")
+    public Foo fromRaw() {
+        ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
+        HttpSession session = attr.getRequest()
+            .getSession(true);
+        return (Foo) session.getAttribute(Constants.FOO);
+    }
+}

spring-security-mvc/src/main/java/com/baeldung/session/web/SessionRestController.java

@@ -3,15 +3,13 @@ package com.baeldung.session.web;
 import javax.servlet.http.HttpSession;
 
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
 public class SessionRestController {
 
     @GetMapping("/session-max-interval")
-    @ResponseBody
-    public String retrieveMaxSessionIncativeInterval(HttpSession session) {
+    public String retrieveMaxSessionInactiveInterval(HttpSession session) {
         return "Max Inactive Interval before Session expires: " + session.getMaxInactiveInterval();
     }
 }

spring-security-mvc/src/main/resources/application.properties

@@ -1,3 +1,5 @@
+spring.jackson.serialization.fail-on-empty-beans=false
+
 server.servlet.session.timeout=65s
 
 spring.mvc.view.prefix=/WEB-INF/view/

spring-security-mvc/src/main/resources/webSecurityConfig.xml

@@ -7,7 +7,7 @@
         http://www.springframework.org/schema/beans/spring-beans.xsd"
 >
 
-    <http create-session="always" use-expressions="true">
+    <http create-session="always" use-expressions="true" disable-url-rewriting="true">
         <intercept-url pattern="/anonymous*" access="isAnonymous()"/>
         <intercept-url pattern="/login*" access="permitAll"/>
         <intercept-url pattern="/**" access="isAuthenticated()"/>
@@ -22,10 +22,9 @@
         <session-management invalid-session-url="/invalidSession.html">
             <concurrency-control max-sessions="2" expired-url="/sessionExpired.html"/>
         </session-management>
-
     </http>
 
-    <beans:bean id="myAuthenticationSuccessHandler" class="org.baeldung.security.MySimpleUrlAuthenticationSuccessHandler"/>
+    <beans:bean id="myAuthenticationSuccessHandler" class="com.baeldung.security.MySimpleUrlAuthenticationSuccessHandler"/>
 
     <authentication-manager>
         <authentication-provider>

spring-security-mvc/src/main/webapp/WEB-INF/web.xml

@@ -8,13 +8,14 @@
 
     <session-config>
         <session-timeout>1</session-timeout>
+        <tracking-mode>COOKIE</tracking-mode>
 <!--          <cookie-config>
             <http-only>true</http-only>
             <secure>true</secure>
         </cookie-config>  -->
     </session-config>
     <listener>
-        <listener-class>org.baeldung.web.SessionListenerWithMetrics</listener-class>
+        <listener-class>com.baeldung.web.SessionListenerWithMetrics</listener-class>
     </listener>
    <!--  <listener>
         <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>