From f20d2a61947d13e2c7f02816eb03eb168b512ca4 Mon Sep 17 00:00:00 2001
From: Martin van Wingerden <martin@martinvw.nl>
Date: Wed, 23 Oct 2019 13:27:02 +0200
Subject: [PATCH] [BAEL-3295] Add missing code snippets from the Spring Session
 article

---
 .../com/baeldung/session/bean/Constants.java  |  5 +++
 .../java/com/baeldung/session/bean/Foo.java   | 29 ++++++++++++
 .../security/config/SecSecurityConfig.java    |  2 +-
 .../baeldung/session/web/FooController.java   | 44 +++++++++++++++++++
 .../session/web/SessionRestController.java    |  4 +-
 .../src/main/resources/application.properties |  2 +
 .../src/main/resources/webSecurityConfig.xml  |  5 +--
 .../src/main/webapp/WEB-INF/web.xml           |  3 +-
 8 files changed, 86 insertions(+), 8 deletions(-)
 create mode 100644 spring-security-mvc/src/main/java/com/baeldung/session/bean/Constants.java
 create mode 100644 spring-security-mvc/src/main/java/com/baeldung/session/bean/Foo.java
 create mode 100644 spring-security-mvc/src/main/java/com/baeldung/session/web/FooController.java

diff --git a/spring-security-mvc/src/main/java/com/baeldung/session/bean/Constants.java b/spring-security-mvc/src/main/java/com/baeldung/session/bean/Constants.java
new file mode 100644
index 0000000000..bf204c3b99
--- /dev/null
+++ b/spring-security-mvc/src/main/java/com/baeldung/session/bean/Constants.java
@@ -0,0 +1,5 @@
+package com.baeldung.session.bean;
+
+public class Constants {
+    public static final String FOO = "foo";
+}
diff --git a/spring-security-mvc/src/main/java/com/baeldung/session/bean/Foo.java b/spring-security-mvc/src/main/java/com/baeldung/session/bean/Foo.java
new file mode 100644
index 0000000000..c9c9c011d4
--- /dev/null
+++ b/spring-security-mvc/src/main/java/com/baeldung/session/bean/Foo.java
@@ -0,0 +1,29 @@
+package com.baeldung.session.bean;
+
+import static org.springframework.context.annotation.ScopedProxyMode.TARGET_CLASS;
+import static org.springframework.web.context.WebApplicationContext.SCOPE_SESSION;
+
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Component;
+
+@Component
+@Scope(value = SCOPE_SESSION, proxyMode = TARGET_CLASS)
+public class Foo {
+    private final String created;
+
+    public Foo() {
+        this.created = LocalDateTime.now()
+            .format(DateTimeFormatter.ISO_DATE_TIME);
+    }
+
+    public Foo(Foo theFoo) {
+        this.created = theFoo.created;
+    }
+
+    public String getCreated() {
+        return created;
+    }
+}
diff --git a/spring-security-mvc/src/main/java/com/baeldung/session/security/config/SecSecurityConfig.java b/spring-security-mvc/src/main/java/com/baeldung/session/security/config/SecSecurityConfig.java
index 35b53a0e7f..9a4978c27e 100644
--- a/spring-security-mvc/src/main/java/com/baeldung/session/security/config/SecSecurityConfig.java
+++ b/spring-security-mvc/src/main/java/com/baeldung/session/security/config/SecSecurityConfig.java
@@ -38,7 +38,7 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
         .csrf().disable()
         .authorizeRequests()
         .antMatchers("/anonymous*").anonymous()
-        .antMatchers("/login*","/invalidSession*", "/sessionExpired*").permitAll()
+        .antMatchers("/login*","/invalidSession*", "/sessionExpired*", "/foo/**").permitAll()
         .anyRequest().authenticated()
         .and()
         .formLogin()
diff --git a/spring-security-mvc/src/main/java/com/baeldung/session/web/FooController.java b/spring-security-mvc/src/main/java/com/baeldung/session/web/FooController.java
new file mode 100644
index 0000000000..7c3385dcbd
--- /dev/null
+++ b/spring-security-mvc/src/main/java/com/baeldung/session/web/FooController.java
@@ -0,0 +1,44 @@
+package com.baeldung.session.web;
+
+import javax.servlet.http.HttpSession;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import com.baeldung.session.bean.Constants;
+import com.baeldung.session.bean.Foo;
+
+@RestController
+@RequestMapping(path = "/foo")
+public class FooController {
+
+    @Autowired
+    private Foo theFoo;
+
+    @GetMapping(path = "set")
+    public void fooSet(HttpSession session) {
+        session.setAttribute(Constants.FOO, new Foo());
+    }
+
+    @GetMapping(path = "autowired")
+    public Foo getAutowired() {
+        return new Foo(theFoo);
+    }
+
+    @GetMapping(path = "inject")
+    public Foo fooInject(HttpSession session) {
+        return (Foo) session.getAttribute(Constants.FOO);
+    }
+
+    @GetMapping(path = "raw")
+    public Foo fromRaw() {
+        ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
+        HttpSession session = attr.getRequest()
+            .getSession(true);
+        return (Foo) session.getAttribute(Constants.FOO);
+    }
+}
diff --git a/spring-security-mvc/src/main/java/com/baeldung/session/web/SessionRestController.java b/spring-security-mvc/src/main/java/com/baeldung/session/web/SessionRestController.java
index 82199a9e4e..79f57246a9 100644
--- a/spring-security-mvc/src/main/java/com/baeldung/session/web/SessionRestController.java
+++ b/spring-security-mvc/src/main/java/com/baeldung/session/web/SessionRestController.java
@@ -3,15 +3,13 @@ package com.baeldung.session.web;
 import javax.servlet.http.HttpSession;
 
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
 public class SessionRestController {
 
     @GetMapping("/session-max-interval")
-    @ResponseBody
-    public String retrieveMaxSessionIncativeInterval(HttpSession session) {
+    public String retrieveMaxSessionInactiveInterval(HttpSession session) {
         return "Max Inactive Interval before Session expires: " + session.getMaxInactiveInterval();
     }
 }
diff --git a/spring-security-mvc/src/main/resources/application.properties b/spring-security-mvc/src/main/resources/application.properties
index 56b2b7b123..6f0d0519ef 100644
--- a/spring-security-mvc/src/main/resources/application.properties
+++ b/spring-security-mvc/src/main/resources/application.properties
@@ -1,3 +1,5 @@
+spring.jackson.serialization.fail-on-empty-beans=false
+
 server.servlet.session.timeout=65s
 
 spring.mvc.view.prefix=/WEB-INF/view/
diff --git a/spring-security-mvc/src/main/resources/webSecurityConfig.xml b/spring-security-mvc/src/main/resources/webSecurityConfig.xml
index 42ff4c2186..e91755d394 100644
--- a/spring-security-mvc/src/main/resources/webSecurityConfig.xml
+++ b/spring-security-mvc/src/main/resources/webSecurityConfig.xml
@@ -7,7 +7,7 @@
         http://www.springframework.org/schema/beans/spring-beans.xsd"
 >
 
-    <http create-session="always" use-expressions="true">
+    <http create-session="always" use-expressions="true" disable-url-rewriting="true">
         <intercept-url pattern="/anonymous*" access="isAnonymous()"/>
         <intercept-url pattern="/login*" access="permitAll"/>
         <intercept-url pattern="/**" access="isAuthenticated()"/>
@@ -22,10 +22,9 @@
         <session-management invalid-session-url="/invalidSession.html">
             <concurrency-control max-sessions="2" expired-url="/sessionExpired.html"/>
         </session-management>
-
     </http>
 
-    <beans:bean id="myAuthenticationSuccessHandler" class="org.baeldung.security.MySimpleUrlAuthenticationSuccessHandler"/>
+    <beans:bean id="myAuthenticationSuccessHandler" class="com.baeldung.security.MySimpleUrlAuthenticationSuccessHandler"/>
 
     <authentication-manager>
         <authentication-provider>
diff --git a/spring-security-mvc/src/main/webapp/WEB-INF/web.xml b/spring-security-mvc/src/main/webapp/WEB-INF/web.xml
index 2ef734441b..88087c92ed 100644
--- a/spring-security-mvc/src/main/webapp/WEB-INF/web.xml
+++ b/spring-security-mvc/src/main/webapp/WEB-INF/web.xml
@@ -8,13 +8,14 @@
 
     <session-config>
         <session-timeout>1</session-timeout>
+        <tracking-mode>COOKIE</tracking-mode>
 <!--          <cookie-config>
             <http-only>true</http-only>
             <secure>true</secure>
         </cookie-config>  -->
     </session-config>
     <listener>
-        <listener-class>org.baeldung.web.SessionListenerWithMetrics</listener-class>
+        <listener-class>com.baeldung.web.SessionListenerWithMetrics</listener-class>
     </listener>
    <!--  <listener>
         <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>