Use capitalized words for HeaderHttpSessionStrategy default header name

Fixes gh-173
2017-01-05 23:57:24 +01:00
parent 3ad0028785
commit 94fc80a8f0
5 changed files with 29 additions and 26 deletions
--- a/docs/src/docs/asciidoc/guides/rest.adoc
+++ b/docs/src/docs/asciidoc/guides/rest.adoc
@@ -154,7 +154,7 @@ In the output you will notice the following:
 ----
 HTTP/1.1 200 OK
 ...
-x-auth-token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3
+X-Auth-Token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3

 {"username":"user"}
 ----
@@ -162,25 +162,25 @@ x-auth-token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3
 Specifically, we notice the following things about our response:

 * The HTTP Status is now a 200
-* We have a header with the name of *x-auth-token* which contains a new session id
+* We have a header with the name of *X-Auth-Token* which contains a new session id
 * The current username is displayed

-We can now use the *x-auth-token* to make another request without providing the username and password again. For example, the following outputs the username just as before:
+We can now use the *X-Auth-Token* to make another request without providing the username and password again. For example, the following outputs the username just as before:

-	$ curl -v http://localhost:8080/ -H "x-auth-token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3"
+	$ curl -v http://localhost:8080/ -H "X-Auth-Token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3"

 The only difference is that the session id is not provided in the response headers because we are reusing an existing session.

-If we invalidate the session, then the x-auth-token is displayed in the response with an empty value. For example, the following will invalidate our session:
+If we invalidate the session, then the X-Auth-Token is displayed in the response with an empty value. For example, the following will invalidate our session:

-	$ curl -v http://localhost:8080/logout -H "x-auth-token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3"
+	$ curl -v http://localhost:8080/logout -H "X-Auth-Token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3"

-You will see in the output that the x-auth-token provides an empty String indicating that the previous session was invalidated.
+You will see in the output that the X-Auth-Token provides an empty String indicating that the previous session was invalidated.

 ----
 HTTP/1.1 204 No Content
 ...
-x-auth-token:
+X-Auth-Token:
 ----

 === How does it work?
@@ -188,7 +188,7 @@ x-auth-token:
 Spring Security interacts with the standard `HttpSession` in `SecurityContextPersistenceFilter`.

 Instead of using Tomcat's `HttpSession`, Spring Security is now persisting the values in Redis.
-Spring Session creates a header named x-auth-token in your browser that contains the id of your session.
+Spring Session creates a header named X-Auth-Token in your browser that contains the id of your session.

 If you like, you can easily see that the session is created in Redis. First create a session using the following:

@@ -199,7 +199,7 @@ In the output you will notice the following:
 ----
 HTTP/1.1 200 OK
 ...
-x-auth-token: 7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
+X-Auth-Token: 7e8383a4-082c-4ffe-a4bc-c40fd3363c5e

 {"username":"user"}
 ----
@@ -214,6 +214,6 @@ Alternatively, you can also delete the explicit key. Enter the following into yo

 	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e

-We can now use the *x-auth-token* to make another request with the session we deleted and observe we are prompted for a authentication. For example, the following returns an HTTP 401:
+We can now use the *X-Auth-Token* to make another request with the session we deleted and observe we are prompted for a authentication. For example, the following returns an HTTP 401:

-	$ curl -v http://localhost:8080/ -H "x-auth-token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3"
+	$ curl -v http://localhost:8080/ -H "X-Auth-Token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3"
--- a/samples/rest/src/integration-test/java/rest/RestMockMvcTests.java
+++ b/samples/rest/src/integration-test/java/rest/RestMockMvcTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -65,7 +65,7 @@ public class RestMockMvcTests {

 	@Test
 	public void noSessionOnNoCredentials() throws Exception {
-		this.mvc.perform(get("/")).andExpect(header().doesNotExist("x-auth-token"))
+		this.mvc.perform(get("/")).andExpect(header().doesNotExist("X-Auth-Token"))
 				.andExpect(status().isUnauthorized());
 	}

@@ -73,13 +73,12 @@ public class RestMockMvcTests {
 	@Test
 	public void autheticatedAnnotation() throws Exception {
 		this.mvc.perform(get("/")).andExpect(content().string("{\"username\":\"user\"}"));
-
 	}

 	@Test
 	public void autheticatedRequestPostProcessor() throws Exception {
 		this.mvc.perform(get("/").with(user("user")))
 				.andExpect(content().string("{\"username\":\"user\"}"));
-
 	}
+
 }
--- a/samples/rest/src/integration-test/java/sample/RestTests.java
+++ b/samples/rest/src/integration-test/java/sample/RestTests.java
@@ -40,7 +40,7 @@ public class RestTests {

 	private static final String AUTHORIZATION = "Authorization";
 	private static final String BASIC = "Basic ";
-	private static final String X_AUTH_TOKEN = "x-auth-token";
+	private static final String X_AUTH_TOKEN = "X-Auth-Token";

 	private RestTemplate restTemplate;

--- a/spring-session/src/main/java/org/springframework/session/web/http/HeaderHttpSessionStrategy.java
+++ b/spring-session/src/main/java/org/springframework/session/web/http/HeaderHttpSessionStrategy.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -25,14 +25,14 @@ import org.springframework.util.Assert;
 /**
 * A {@link HttpSessionStrategy} that uses a header to obtain the session from.
 * Specifically, this implementation will allow specifying a header name using
- * {@link HeaderHttpSessionStrategy#setHeaderName(String)}. The default is "x-auth-token".
+ * {@link HeaderHttpSessionStrategy#setHeaderName(String)}. The default is "X-Auth-Token".
 *
 * When a session is created, the HTTP response will have a response header of the
 * specified name and the value of the session id. For example:
 *
 * <pre>
 * HTTP/1.1 200 OK
- * x-auth-token: f81d4fae-7dec-11d0-a765-00a0c91e6bf6
+ * X-Auth-Token: f81d4fae-7dec-11d0-a765-00a0c91e6bf6
 * </pre>
 *
 * The client should now include the session in each request by specifying the same header
@@ -41,7 +41,7 @@ import org.springframework.util.Assert;
 * <pre>
 * GET /messages/ HTTP/1.1
 * Host: example.com
- * x-auth-token: f81d4fae-7dec-11d0-a765-00a0c91e6bf6
+ * X-Auth-Token: f81d4fae-7dec-11d0-a765-00a0c91e6bf6
 * </pre>
 *
 * When the session is invalidated, the server will send an HTTP response that has the
@@ -49,14 +49,15 @@ import org.springframework.util.Assert;
 *
 * <pre>
 * HTTP/1.1 200 OK
- * x-auth-token:
+ * X-Auth-Token:
 * </pre>
 *
 * @author Rob Winch
 * @since 1.0
 */
 public class HeaderHttpSessionStrategy implements HttpSessionStrategy {
-	private String headerName = "x-auth-token";
+
+	private String headerName = "X-Auth-Token";

 	public String getRequestedSessionId(HttpServletRequest request) {
 		return request.getHeader(this.headerName);
@@ -73,7 +74,7 @@ public class HeaderHttpSessionStrategy implements HttpSessionStrategy {
 	}

 	/**
-	 * The name of the header to obtain the session id from. Default is "x-auth-token".
+	 * The name of the header to obtain the session id from. Default is "X-Auth-Token".
 	 *
 	 * @param headerName the name of the header to obtain the session id from.
 	 */
@@ -81,4 +82,5 @@ public class HeaderHttpSessionStrategy implements HttpSessionStrategy {
 		Assert.notNull(headerName, "headerName cannot be null");
 		this.headerName = headerName;
 	}
+
 }
--- a/spring-session/src/test/java/org/springframework/session/web/http/HeaderSessionStrategyTests.java
+++ b/spring-session/src/test/java/org/springframework/session/web/http/HeaderSessionStrategyTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -27,6 +27,7 @@ import org.springframework.session.Session;
 import static org.assertj.core.api.Assertions.assertThat;

 public class HeaderSessionStrategyTests {
+
 	private MockHttpServletRequest request;
 	private MockHttpServletResponse response;

@@ -36,7 +37,7 @@ public class HeaderSessionStrategyTests {

 	@Before
 	public void setup() throws Exception {
-		this.headerName = "x-auth-token";
+		this.headerName = "X-Auth-Token";
 		this.session = new MapSession();
 		this.request = new MockHttpServletRequest();
 		this.response = new MockHttpServletResponse();
@@ -127,4 +128,5 @@ public class HeaderSessionStrategyTests {
 	public String getSessionId() {
 		return this.response.getHeader(this.headerName);
 	}
+
 }