Release 2.1.11.RELEASE

This reverts commit e7fd59ccf9.

.travis.yml

@@ -1,20 +1,16 @@
-language: java
-
 sudo: required
-
-services: docker
-
-jdk: oraclejdk8
-
+language: java
+jdk:
+  - openjdk8
+  - openjdk11
+services:
+  - docker
 before_cache:
   - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
   - rm -fr $HOME/.gradle/caches/*/plugin-resolution/
-
 cache:
   directories:
     - $HOME/.gradle/caches/
     - $HOME/.gradle/wrapper/
-
 install: true
-
-script: ./gradlew clean build --refresh-dependencies --no-daemon
+script: ./gradlew clean check --no-daemon --refresh-dependencies --stacktrace

build.gradle

@@ -4,7 +4,7 @@ buildscript {
 		snapshotBuild = version.endsWith('SNAPSHOT')
 		milestoneBuild = !(releaseBuild || snapshotBuild)
 
-		springBootVersion = '2.1.8.RELEASE'
+		springBootVersion = '2.1.13.RELEASE'
 	}
 
 	repositories {

gradle.properties

@@ -1 +1 @@
-version=2.1.9.RELEASE
+version=2.1.11.RELEASE

gradle/dependency-management.gradle

@@ -1,10 +1,10 @@
 dependencyManagement {
 	imports {
-		mavenBom 'io.projectreactor:reactor-bom:Californium-SR12'
-		mavenBom 'org.springframework:spring-framework-bom:5.1.10.RELEASE'
-		mavenBom 'org.springframework.data:spring-data-releasetrain:Lovelace-SR11'
-		mavenBom 'org.springframework.security:spring-security-bom:5.1.5.RELEASE'
-		mavenBom 'org.testcontainers:testcontainers-bom:1.12.0'
+		mavenBom 'io.projectreactor:reactor-bom:Californium-SR16'
+		mavenBom 'org.springframework:spring-framework-bom:5.1.14.RELEASE'
+		mavenBom 'org.springframework.data:spring-data-releasetrain:Lovelace-SR16'
+		mavenBom 'org.springframework.security:spring-security-bom:5.1.8.RELEASE'
+		mavenBom 'org.testcontainers:testcontainers-bom:1.12.2'
 	}
 
 	dependencies {

samples/javaconfig/custom-cookie/src/main/webapp/index.jsp

@@ -15,7 +15,7 @@
 <body>
 	<div class="container">
 		<h1>Description</h1>
-		<p>This application demonstrates how to use a Redis instance to back your session. Notice that there is no JSESSIONID cookie. We are also able to customize the way of identifying what the requested session id is.</p>
+		<p>This application demonstrates how to customize the session cookie. Notice that the name of the cookie is JSESSIONID.</p>
 
 		<h1>Try it</h1>
 

spring-session-core/src/main/java/org/springframework/session/web/http/DefaultCookieSerializer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,9 +16,10 @@
 
 package org.springframework.session.web.http;
 
+import java.time.Clock;
 import java.time.Instant;
-import java.time.OffsetDateTime;
 import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.ArrayList;
 import java.util.Base64;
@@ -62,6 +63,8 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		domainValid.set('-');
 	}
 
+	private Clock clock = Clock.systemUTC();
+
 	private String cookieName = "SESSION";
 
 	private Boolean useSecureCookie;
@@ -135,9 +138,9 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		int maxAge = getMaxAge(cookieValue);
 		if (maxAge > -1) {
 			sb.append("; Max-Age=").append(cookieValue.getCookieMaxAge());
-			OffsetDateTime expires = (maxAge != 0)
-					? OffsetDateTime.now().plusSeconds(maxAge)
-					: Instant.EPOCH.atOffset(ZoneOffset.UTC);
+			ZonedDateTime expires = (maxAge != 0)
+					? ZonedDateTime.now(this.clock).plusSeconds(maxAge)
+					: Instant.EPOCH.atZone(ZoneOffset.UTC);
 			sb.append("; Expires=")
 					.append(expires.format(DateTimeFormatter.RFC_1123_DATE_TIME));
 		}
@@ -267,6 +270,10 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		}
 	}
 
+	void setClock(Clock clock) {
+		this.clock = clock.withZone(ZoneOffset.UTC);
+	}
+
 	/**
 	 * Sets if a Cookie marked as secure should be used. The default is to use the value
 	 * of {@link HttpServletRequest#isSecure()}.

spring-session-core/src/test/java/org/springframework/session/web/http/DefaultCookieSerializerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,9 @@
 
 package org.springframework.session.web.http;
 
+import java.time.Clock;
+import java.time.Instant;
+import java.time.ZoneOffset;
 import java.util.Base64;
 
 import javax.servlet.http.Cookie;
@@ -26,6 +29,7 @@ import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 import org.junit.runners.Parameterized.Parameters;
 
+import org.springframework.http.HttpHeaders;
 import org.springframework.mock.web.MockCookie;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -56,7 +60,7 @@ public class DefaultCookieSerializerTests {
 
 	private MockHttpServletRequest request;
 
-	private MockHttpServletResponse response;
+	private CookiePreservingMockHttpServletResponse response;
 
 	private DefaultCookieSerializer serializer;
 
@@ -70,7 +74,7 @@ public class DefaultCookieSerializerTests {
 	public void setup() {
 		this.cookieName = "SESSION";
 		this.request = new MockHttpServletRequest();
-		this.response = new MockHttpServletResponse();
+		this.response = new CookiePreservingMockHttpServletResponse();
 		this.sessionId = "sessionId";
 		this.serializer = new DefaultCookieSerializer();
 		this.serializer.setUseBase64Encoding(this.useBase64Encoding);
@@ -232,7 +236,7 @@ public class DefaultCookieSerializerTests {
 			this.serializer.writeCookieValue(cookieValue(this.sessionId));
 			assertThat(getCookie().getDomain()).isEqualTo("example.com");
 
-			this.response = new MockHttpServletResponse();
+			this.response = new CookiePreservingMockHttpServletResponse();
 		}
 
 		String[] notMatchingDomains = { "example.com", "localhost", "127.0.0.1" };
@@ -241,7 +245,7 @@ public class DefaultCookieSerializerTests {
 			this.serializer.writeCookieValue(cookieValue(this.sessionId));
 			assertThat(getCookie().getDomain()).isNull();
 
-			this.response = new MockHttpServletResponse();
+			this.response = new CookiePreservingMockHttpServletResponse();
 		}
 	}
 
@@ -326,34 +330,41 @@ public class DefaultCookieSerializerTests {
 		this.serializer.writeCookieValue(cookieValue(this.sessionId));
 
 		assertThat(getCookie().getMaxAge()).isEqualTo(-1);
+		assertThat(this.response.rawCookie).doesNotContain("Expires");
 	}
 
 	@Test
 	public void writeCookieCookieMaxAgeExplicit() {
+		this.serializer.setClock(Clock.fixed(Instant.parse("2019-10-07T20:10:00Z"), ZoneOffset.UTC));
 		this.serializer.setCookieMaxAge(100);
 
 		this.serializer.writeCookieValue(cookieValue(this.sessionId));
 
 		assertThat(getCookie().getMaxAge()).isEqualTo(100);
+		assertThat(this.response.rawCookie).contains("Expires=Mon, 7 Oct 2019 20:11:40 GMT");
 	}
 
 	@Test
 	public void writeCookieCookieMaxAgeExplicitEmptyCookie() {
+		this.serializer.setClock(Clock.fixed(Instant.parse("2019-10-07T20:10:00Z"), ZoneOffset.UTC));
 		this.serializer.setCookieMaxAge(100);
 
 		this.serializer.writeCookieValue(cookieValue(""));
 
 		assertThat(getCookie().getMaxAge()).isEqualTo(0);
+		assertThat(this.response.rawCookie).contains("Expires=Thu, 1 Jan 1970 00:00:00 GMT");
 	}
 
 	@Test
 	public void writeCookieCookieMaxAgeExplicitCookieValue() {
+		this.serializer.setClock(Clock.fixed(Instant.parse("2019-10-07T20:10:00Z"), ZoneOffset.UTC));
 		CookieValue cookieValue = cookieValue(this.sessionId);
 		cookieValue.setCookieMaxAge(100);
 
 		this.serializer.writeCookieValue(cookieValue);
 
 		assertThat(getCookie().getMaxAge()).isEqualTo(100);
+		assertThat(this.response.rawCookie).contains("Expires=Mon, 7 Oct 2019 20:11:40 GMT");
 	}
 
 	// --- secure ---
@@ -531,4 +542,18 @@ public class DefaultCookieSerializerTests {
 		return new CookieValue(this.request, this.response, cookieValue);
 	}
 
+	private static class CookiePreservingMockHttpServletResponse extends MockHttpServletResponse {
+
+		private String rawCookie;
+
+		@Override
+		public void addHeader(String name, String value) {
+			if (HttpHeaders.SET_COOKIE.equals(name)) {
+				this.rawCookie = value;
+			}
+			super.addHeader(name, value);
+		}
+
+	}
+
 }

spring-session-hazelcast/src/integration-test/java/org/springframework/session/hazelcast/HazelcastClientRepositoryITests.java

@@ -22,8 +22,8 @@ import com.hazelcast.core.HazelcastInstance;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.runner.RunWith;
-import org.testcontainers.containers.BindMode;
 import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.utility.MountableFile;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -50,11 +50,9 @@ public class HazelcastClientRepositoryITests extends AbstractHazelcastRepository
 	private static GenericContainer container = new GenericContainer<>(
 			"hazelcast/hazelcast:3.11.4")
 					.withExposedPorts(5701)
-					.withEnv("JAVA_OPTS",
-							"-Dhazelcast.config=/opt/hazelcast/config_ext/hazelcast.xml")
-					.withClasspathResourceMapping("/hazelcast-server.xml",
-							"/opt/hazelcast/config_ext/hazelcast.xml",
-							BindMode.READ_ONLY);
+					.withCopyFileToContainer(
+							MountableFile.forClasspathResource("/hazelcast-server.xml"),
+							"/opt/hazelcast/hazelcast.xml");
 
 	@BeforeClass
 	public static void setUpClass() {