This commit updates security configuration in samples to:
- use AuthorizationFilter instead of FilterSecurityInterceptor
- update session creation policy in REST sample
This commit restructures configuration classes to avoid inheritance, where possible. This should provide more flexibility when composing custom configurations.
Closes gh-1415
This commit restores integer based max inactive interval setters across all session repositories, that were migrated to java.time in 6d74cf5f.
This change caused problems building our Spring Boot based samples, as Spring Boot auto-configuration has move to session repository customizer based approach and is therefore using max inactive interval setters directly on session repository implementations.
At present, RedisIndexedSessionRepository publishes a SessionCreatedEvent backed by an empty MapSession instance. This happens because session delta has been cleared before publishing a message to the session created channel.
Fixes gh-1338
This commit reworks all session repository implementations and their respective configurations to use java.time for managing maxInactiveInterval and other temporal values.
This commit adds tests that verify that all Spring Session configuration classes can be used with @Import, and fixes JDBC and Hazelcast HttpSession configurations and Redis WebSession configuration.
At present, RedisIndexedHttpSessionConfiguration and JdbcHttpSessionConfiguration include [at]EnableScheduling annotated inner configuration classes that configure expired session cleanup jobs. This approach silently opts in users into general purpose task scheduling support provided by Spring Framework, which isn't something a library should do. Ideally, session cleanup jobs should only require a single thread dedicated to their execution and also one that doesn't compete for resources with general purpose task scheduling.
This commit updates RedisIndexedSessionRepository and JdbcIndexedSessionRepository to have them manage their own ThreadPoolTaskScheduler for purposes of running expired session cleanup jobs.
Closes gh-2136
Spring Boot's auto-configuration support for Spring Session now uses RedisSessionRepository as the default Redis session repository, so applications that rely on indexed session repository need to opt into the previous default. One such example is our "Find by Username" sample.
This commit fixes "Find by Username" sample by opting into the indexed repository type using newly introduced spring.session.redis.repository-type property.
When a release is published Spring Boot has not been released, so
it can be beneficial to allow the samples to use the snapshot
repository. This is determined based on the springBootVersion property.
