Release 2.1.1.RELEASE

Update to Spring Data Lovelace-SR2
Fixes: gh-1234
2018-10-29 10:08:49 -05:00 · 2018-10-29 10:07:26 -05:00 · 2018-10-29 13:04:47 +01:00 · 2018-10-29 07:37:17 +01:00 · 2018-10-26 19:55:37 +02:00 · 2018-10-15 20:05:12 -05:00
4 changed files with 38 additions and 7 deletions
--- a/gradle.properties
+++ b/gradle.properties
@@ -1 +1 @@
-version=2.1.0.RELEASE
+version=2.1.1.RELEASE
--- a/gradle/dependency-management.gradle
+++ b/gradle/dependency-management.gradle
@@ -1,9 +1,9 @@
 dependencyManagement {
 	imports {
 		mavenBom 'com.fasterxml.jackson:jackson-bom:2.9.6'
-		mavenBom 'io.projectreactor:reactor-bom:Californium-SR1'
-		mavenBom 'org.springframework:spring-framework-bom:5.1.1.RELEASE'
-		mavenBom 'org.springframework.data:spring-data-releasetrain:Lovelace-SR1'
+		mavenBom 'io.projectreactor:reactor-bom:Californium-SR2'
+		mavenBom 'org.springframework:spring-framework-bom:5.1.2.RELEASE'
+		mavenBom 'org.springframework.data:spring-data-releasetrain:Lovelace-SR2'
 		mavenBom 'org.springframework.security:spring-security-bom:5.1.1.RELEASE'
 		mavenBom 'org.testcontainers:testcontainers-bom:1.9.1'
 	}
--- a/spring-session-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java
+++ b/spring-session-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java
@@ -205,6 +205,8 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi

 		private boolean requestedSessionCached;

+		private String requestedSessionId;
+
 		private Boolean requestedSessionIdValid;

 		private boolean requestedSessionInvalidated;
@@ -277,7 +279,6 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 				}
 				return isRequestedSessionIdValid(requestedSession);
 			}
-
 			return this.requestedSessionIdValid;
 		}

@@ -351,8 +352,10 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi

 		@Override
 		public String getRequestedSessionId() {
-			S requestedSession = getRequestedSession();
-			return (requestedSession != null) ? requestedSession.getId() : null;
+			if (this.requestedSessionId == null) {
+				getRequestedSession();
+			}
+			return this.requestedSessionId;
 		}

 		private S getRequestedSession() {
@@ -360,10 +363,14 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 				List<String> sessionIds = SessionRepositoryFilter.this.httpSessionIdResolver
 						.resolveSessionIds(this);
 				for (String sessionId : sessionIds) {
+					if (this.requestedSessionId == null) {
+						this.requestedSessionId = sessionId;
+					}
 					S session = SessionRepositoryFilter.this.sessionRepository
 							.findById(sessionId);
 					if (session != null) {
 						this.requestedSession = session;
+						this.requestedSessionId = sessionId;
 						break;
 					}
 				}
@@ -375,6 +382,7 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 		private void clearRequestedSessionCache() {
 			this.requestedSessionCached = false;
 			this.requestedSession = null;
+			this.requestedSessionId = null;
 		}

 		/**
--- a/spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java
+++ b/spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java
@@ -1196,6 +1196,29 @@ public class SessionRepositoryFilterTests {
 		});
 	}

+	@Test // gh-1229
+	public void doFilterAdapterGetRequestedSessionIdForInvalidSession() throws Exception {
+		SessionRepository<MapSession> sessionRepository = new MapSessionRepository(
+				new HashMap<>());
+
+		this.filter = new SessionRepositoryFilter<>(sessionRepository);
+		this.filter.setHttpSessionIdResolver(this.strategy);
+		final String expectedId = "HttpSessionIdResolver-requested-id1";
+		final String otherId = "HttpSessionIdResolver-requested-id2";
+
+		given(this.strategy.resolveSessionIds(any(HttpServletRequest.class)))
+				.willReturn(Arrays.asList(expectedId, otherId));
+
+		doFilter(new DoInFilter() {
+			@Override
+			public void doFilter(HttpServletRequest wrappedRequest,
+					HttpServletResponse wrappedResponse) {
+				assertThat(wrappedRequest.getRequestedSessionId()).isEqualTo(expectedId);
+				assertThat(wrappedRequest.isRequestedSessionIdValid()).isFalse();
+			}
+		});
+	}
+
 	@Test
 	public void doFilterAdapterOnNewSession() throws Exception {
 		this.filter.setHttpSessionIdResolver(this.strategy);
Author	SHA1	Message	Date
Rob Winch	05986d68b2	Release 2.1.1.RELEASE	2018-10-29 10:08:49 -05:00
Rob Winch	e17b047800	Update to Spring Data Lovelace-SR2 Fixes: gh-1234	2018-10-29 10:07:26 -05:00
Vedran Pavic	5ab2424b14	Upgrade Spring Framework to 5.1.2.RELEASE Resolves: #1233	2018-10-29 13:04:47 +01:00
Vedran Pavic	196919efbb	Upgrade Reactor to Californium-SR2 Resolves: #1235	2018-10-29 07:37:17 +01:00
Vedran Pavic	717e16cb71	Ensure HttpServletRequest#getRequestedSessionId API is respected HttpSessionIdResolver supports resolving multiple requested session ids associated with the request - as a consequence, we need to validate the existence of requested session before returning the id. However, if no presented session ids do validate the null is returned, which violates the HttpServletRequest#getRequestedSessionId API. This commit ensures that if no presented session ids are valid, we respect the HttpServletRequest#getRequestedSessionId API by returning first requested session id. Resolves: #1229	2018-10-26 19:55:37 +02:00
Rob Winch	5f1b7d6722	Next Development Version	2018-10-15 20:05:12 -05:00