This commit updates security configuration in samples to:
- use AuthorizationFilter instead of FilterSecurityInterceptor
- update session creation policy in REST sample
Spring Boot's auto-configuration support for Spring Session now uses RedisSessionRepository as the default Redis session repository, so applications that rely on indexed session repository need to opt into the previous default. One such example is our "Find by Username" sample.
This commit fixes "Find by Username" sample by opting into the indexed repository type using newly introduced spring.session.redis.repository-type property.
This commit aligns dependency versions used across different samples application by leveraging Spring Boot's BOM, rather than manually managing dependency versions for samples that are not Spring Boot based.
This commit restructures configuration support for Redis-backed
HttpSession with aim to enable users to easily select the
SessionRepository implementation they prefer to use.
This is achieved by introducing [at]EnableRedisIndexedHttpSession
annotation that can be used to configure RedisIndexedSessionRepository,
while the existing [at]EnableRedisHttpSession will going forward
configure RedisSessionRepository as the SessionRepository implementation
used by Spring Session.
Additionally, this also introduces AbstractRedisHttpSessionConfiguration
as the base configuration class that manages common aspects of
Redis-backed HttpSession support, which is then extended by more
specific configuration classes that provide specific SessionRepository
implementation.
Closes gh-2122
This commit updates Docker images used in all the integration tests. Additionally, it updates JDBC session repository Oracle integration tests to run unconditionally.
At present, Hazelcast configurations used in tests disable multicast join but leave network join auto-detection enabled. This can cause issues with parallel test execution on machines that have bigger number of CPU cores/threads.
This commit updates Hazelcast configurations used in tests to disable network join auto-detection and thus ensure no network join method ends up being enabled.
As of spring-projects/spring-security#11653, Spring Security's [at]Enable*Security annotations are not meta annotated with [at]Configuration which breaks some of our tests.
This commit adds missing [at]Configuration annotations where needed.
Closes gh-2118
Remove code that is not necessary to demonstrate Spring Session functionality and is not compatible with the Java 17 / Jakarta EE 9 upgrades.
Issue gh-1949
The declared return type of Hazelcast session repository bean factory method (i.e. HazelcastHttpSessionConfiguration#sessionRepository) was changed to SessionRepository<?> when support for Hazelcast 4 was added. This breaks Spring Boot's ability to auto-configure sessions endpoint, which is @ConditionalOnBean(FindByIndexNameSessionRepository.class), as the current return type is not specific enough to satisfy this condition.
This commit changes the return type of Hazelcast session repository bean factory method to FindByIndexNameSessionRepository<?>.
Closes: gh-1905
