From 78dce3d72a7147fe1ea255a67cff6891fd198c2c Mon Sep 17 00:00:00 2001
From: Vedran Pavic <vedran.pavic@gmail.com>
Date: Fri, 13 Jan 2017 21:40:26 +0100
Subject: [PATCH] Add support for configuring default `CookieSerializer` using
 `SessionCookieConfig`

Fixes gh-807
---
 .../http/SpringHttpSessionConfiguration.java  | 53 +++++++++++++---
 .../SpringHttpSessionConfigurationTests.java  | 63 +++++++++++++++----
 2 files changed, 94 insertions(+), 22 deletions(-)

diff --git a/spring-session/src/main/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfiguration.java b/spring-session/src/main/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfiguration.java
index 67efa27f..1e310404 100644
--- a/spring-session/src/main/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfiguration.java
+++ b/spring-session/src/main/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfiguration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,8 +21,12 @@ import java.util.List;
 
 import javax.annotation.PostConstruct;
 import javax.servlet.ServletContext;
+import javax.servlet.SessionCookieConfig;
 import javax.servlet.http.HttpSessionListener;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
@@ -91,6 +95,8 @@ import org.springframework.util.ObjectUtils;
 @Configuration
 public class SpringHttpSessionConfiguration implements ApplicationContextAware {
 
+	private final Log logger = LogFactory.getLog(getClass());
+
 	private CookieHttpSessionStrategy defaultHttpSessionStrategy = new CookieHttpSessionStrategy();
 
 	private boolean usesSpringSessionRememberMeServices;
@@ -105,15 +111,9 @@ public class SpringHttpSessionConfiguration implements ApplicationContextAware {
 
 	@PostConstruct
 	public void init() {
-		if (this.cookieSerializer != null) {
-			this.defaultHttpSessionStrategy.setCookieSerializer(this.cookieSerializer);
-		}
-		else if (this.usesSpringSessionRememberMeServices) {
-			DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
-			cookieSerializer.setRememberMeRequestAttribute(
-					SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR);
-			this.defaultHttpSessionStrategy.setCookieSerializer(cookieSerializer);
-		}
+		CookieSerializer cookieSerializer = this.cookieSerializer != null
+				? this.cookieSerializer : createDefaultCookieSerializer();
+		this.defaultHttpSessionStrategy.setCookieSerializer(cookieSerializer);
 	}
 
 	@Bean
@@ -168,4 +168,37 @@ public class SpringHttpSessionConfiguration implements ApplicationContextAware {
 		this.httpSessionListeners = listeners;
 	}
 
+	private CookieSerializer createDefaultCookieSerializer() {
+		DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
+		if (this.servletContext != null) {
+			SessionCookieConfig sessionCookieConfig = null;
+			try {
+				sessionCookieConfig = this.servletContext.getSessionCookieConfig();
+			}
+			catch (UnsupportedOperationException e) {
+				this.logger
+						.warn("Unable to obtain SessionCookieConfig: " + e.getMessage());
+			}
+			if (sessionCookieConfig != null) {
+				if (sessionCookieConfig.getName() != null) {
+					cookieSerializer.setCookieName(sessionCookieConfig.getName());
+				}
+				if (sessionCookieConfig.getDomain() != null) {
+					cookieSerializer.setDomainName(sessionCookieConfig.getDomain());
+				}
+				if (sessionCookieConfig.getPath() != null) {
+					cookieSerializer.setCookiePath(sessionCookieConfig.getPath());
+				}
+				if (sessionCookieConfig.getMaxAge() != -1) {
+					cookieSerializer.setCookieMaxAge(sessionCookieConfig.getMaxAge());
+				}
+			}
+		}
+		if (this.usesSpringSessionRememberMeServices) {
+			cookieSerializer.setRememberMeRequestAttribute(
+					SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR);
+		}
+		return cookieSerializer;
+	}
+
 }
diff --git a/spring-session/src/test/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfigurationTests.java b/spring-session/src/test/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfigurationTests.java
index ef129139..071fc3f5 100644
--- a/spring-session/src/test/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfigurationTests.java
+++ b/spring-session/src/test/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfigurationTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.session.config.annotation.web.http;
 
+import javax.servlet.ServletContext;
+
 import org.junit.After;
 import org.junit.Rule;
 import org.junit.Test;
@@ -27,6 +29,7 @@ import org.springframework.beans.factory.UnsatisfiedDependencyException;
 import org.springframework.context.annotation.AnnotationConfigApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.mock.web.MockServletContext;
 import org.springframework.session.MapSessionRepository;
 import org.springframework.session.SessionRepository;
 import org.springframework.session.security.web.authentication.SpringSessionRememberMeServices;
@@ -81,24 +84,45 @@ public class SpringHttpSessionConfigurationTests {
 		assertThat(this.context.getBean(SessionRepository.class)).isNotNull();
 	}
 
+	@Test
+	public void sessionCookieConfigConfiguration() {
+		registerAndRefresh(SessionCookieConfigConfiguration.class);
+
+		SessionRepositoryFilter sessionRepositoryFilter = this.context
+				.getBean(SessionRepositoryFilter.class);
+		assertThat(sessionRepositoryFilter).isNotNull();
+		CookieHttpSessionStrategy httpSessionStrategy = (CookieHttpSessionStrategy) ReflectionTestUtils
+				.getField(sessionRepositoryFilter, "httpSessionStrategy");
+		assertThat(httpSessionStrategy).isNotNull();
+		DefaultCookieSerializer cookieSerializer = (DefaultCookieSerializer) ReflectionTestUtils
+				.getField(httpSessionStrategy, "cookieSerializer");
+		assertThat(cookieSerializer).isNotNull();
+		assertThat(ReflectionTestUtils.getField(cookieSerializer, "cookieName"))
+				.isEqualTo("test-name");
+		assertThat(ReflectionTestUtils.getField(cookieSerializer, "cookiePath"))
+				.isEqualTo("test-path");
+		assertThat(ReflectionTestUtils.getField(cookieSerializer, "cookieMaxAge"))
+				.isEqualTo(600);
+		assertThat(ReflectionTestUtils.getField(cookieSerializer, "domainName"))
+				.isEqualTo("test-domain");
+	}
+
 	@Test
 	public void rememberMeServicesConfiguration() {
 		registerAndRefresh(RememberMeServicesConfiguration.class);
 
-		SessionRepositoryFilter sessionRepositoryFilter = this.context.getBean(
-				SessionRepositoryFilter.class);
+		SessionRepositoryFilter sessionRepositoryFilter = this.context
+				.getBean(SessionRepositoryFilter.class);
 		assertThat(sessionRepositoryFilter).isNotNull();
-		CookieHttpSessionStrategy httpSessionStrategy =
-				(CookieHttpSessionStrategy) ReflectionTestUtils.getField(
-						sessionRepositoryFilter, "httpSessionStrategy");
+		CookieHttpSessionStrategy httpSessionStrategy = (CookieHttpSessionStrategy) ReflectionTestUtils
+				.getField(sessionRepositoryFilter, "httpSessionStrategy");
 		assertThat(httpSessionStrategy).isNotNull();
-		DefaultCookieSerializer cookieSerializer =
-				(DefaultCookieSerializer) ReflectionTestUtils.getField(
-						httpSessionStrategy, "cookieSerializer");
+		DefaultCookieSerializer cookieSerializer = (DefaultCookieSerializer) ReflectionTestUtils
+				.getField(httpSessionStrategy, "cookieSerializer");
 		assertThat(cookieSerializer).isNotNull();
-		assertThat(ReflectionTestUtils.getField(
-				cookieSerializer, "rememberMeRequestAttribute"))
-				.isEqualTo(SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR);
+		assertThat(ReflectionTestUtils.getField(cookieSerializer,
+				"rememberMeRequestAttribute")).isEqualTo(
+						SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR);
 	}
 
 	@Configuration
@@ -120,6 +144,21 @@ public class SpringHttpSessionConfigurationTests {
 	static class DefaultConfiguration extends BaseConfiguration {
 	}
 
+	@Configuration
+	@EnableSpringHttpSession
+	static class SessionCookieConfigConfiguration extends BaseConfiguration {
+
+		@Bean
+		public ServletContext servletContext() {
+			MockServletContext servletContext = new MockServletContext();
+			servletContext.getSessionCookieConfig().setName("test-name");
+			servletContext.getSessionCookieConfig().setDomain("test-domain");
+			servletContext.getSessionCookieConfig().setPath("test-path");
+			servletContext.getSessionCookieConfig().setMaxAge(600);
+			return servletContext;
+		}
+
+	}
 
 	@Configuration
 	@EnableSpringHttpSession