mindol1004/spring-session
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: mindol1004:2.6.0-RC2
Branches Tags
mindol1004:main mindol1004:3.0.x mindol1004:2.7.x mindol1004:docs-build mindol1004:2.6.x mindol1004:remove-flapdoodle mindol1004:2.5.x mindol1004:issue/unicode-dot-char mindol1004:2.4.x mindol1004:2.3.x mindol1004:2.2.x mindol1004:2.1.x mindol1004:2.0.x mindol1004:test-slack-integration mindol1004:slack-integration-test mindol1004:1.4.x mindol1004:1.3.x mindol1004:1.2.x mindol1004:gh-pages mindol1004:1.1.x mindol1004:1.0.x
mindol1004:3.1.0-M1 mindol1004:3.0.1 mindol1004:2.7.1 mindol1004:3.0.0 mindol1004:3.0.0-RC2 mindol1004:3.0.0-RC1 mindol1004:3.0.0-M4 mindol1004:3.0.0-M3 mindol1004:3.0.0-M2 mindol1004:2.7.0 mindol1004:2.7.0-RC1 mindol1004:2.6.3 mindol1004:2.5.6 mindol1004:2.6.2 mindol1004:2.5.5 mindol1004:2.7.0-M1 mindol1004:3.0.0-M1 mindol1004:2.6.1 mindol1004:2.5.4 mindol1004:2.6.0 mindol1004:2.6.0-RC2 mindol1004:2.4.6 mindol1004:2.5.3 mindol1004:2.6.0-RC1 mindol1004:2.4.5 mindol1004:2.5.2 mindol1004:2.6.0-M1 mindol1004:2.4.4 mindol1004:2.5.1 mindol1004:2.5.0 mindol1004:2.2.6.RELEASE mindol1004:2.3.3.RELEASE mindol1004:2.4.3 mindol1004:2.5.0-RC1 mindol1004:2.4.2 mindol1004:2.2.5.RELEASE mindol1004:2.3.2.RELEASE mindol1004:2.5.0-M1 mindol1004:2.4.1 mindol1004:2.4.0 mindol1004:2.4.0-RC1 mindol1004:2.3.1.RELEASE mindol1004:2.2.4.RELEASE mindol1004:2.1.13.RELEASE mindol1004:2.4.0-M1 mindol1004:2.1.12.RELEASE mindol1004:2.2.3.RELEASE mindol1004:2.3.0.RELEASE mindol1004:2.2.2.RELEASE mindol1004:2.1.11.RELEASE mindol1004:2.3.0.RC1 mindol1004:2.3.0.M1 mindol1004:2.1.10.RELEASE mindol1004:2.2.1.RELEASE mindol1004:2.2.0.RELEASE mindol1004:2.2.0.RC1 mindol1004:2.1.9.RELEASE mindol1004:2.2.0.M4 mindol1004:2.2.0.M3 mindol1004:2.1.8.RELEASE mindol1004:2.1.7.RELEASE mindol1004:2.2.0.M2 mindol1004:2.1.6.RELEASE mindol1004:2.2.0.M1 mindol1004:2.0.10.RELEASE mindol1004:2.1.5.RELEASE mindol1004:2.1.4.RELEASE mindol1004:1.3.5.RELEASE mindol1004:2.0.9.RELEASE mindol1004:2.1.3.RELEASE mindol1004:2.0.8.RELEASE mindol1004:2.1.2.RELEASE mindol1004:1.3.4.RELEASE mindol1004:2.1.1.RELEASE mindol1004:2.0.7.RELEASE mindol1004:2.1.0.RELEASE mindol1004:2.1.0.RC1 mindol1004:2.0.6.RELEASE mindol1004:2.1.0.M3 mindol1004:2.1.0.M2 mindol1004:2.1.0.M1 mindol1004:2.0.5.RELEASE mindol1004:2.0.4.RELEASE mindol1004:2.0.3.RELEASE mindol1004:1.3.3.RELEASE mindol1004:2.0.2.RELEASE mindol1004:1.3.2.RELEASE mindol1004:2.0.1.RELEASE mindol1004:2.0.0.RELEASE mindol1004:2.0.0.RC2 mindol1004:2.0.0.RC1 mindol1004:2.0.0.M5 mindol1004:2.0.0.M4 mindol1004:2.0.0.M3 mindol1004:2.0.0.M2 mindol1004:2.0.0.M1 mindol1004:1.3.1.RELEASE mindol1004:1.3.0.RELEASE mindol1004:1.3.0.RC1 mindol1004:1.3.0.M2 mindol1004:1.3.0.M1 mindol1004:1.2.2.RELEASE mindol1004:1.2.1.RELEASE mindol1004:1.2.0.RELEASE mindol1004:1.2.0.RC3 mindol1004:1.2.0.RC2 mindol1004:1.2.0.RC1 mindol1004:1.1.1.RELEASE mindol1004:1.1.0.RELEASE mindol1004:1.1.0.RC1 mindol1004:1.1.0.M1 mindol1004:1.0.2.RELEASE mindol1004:1.0.1.RELEASE mindol1004:1.0.0.RELEASE mindol1004:1.0.0.RC1 mindol1004:1.0.0.M1
..
compare: mindol1004:2.5.5
Branches Tags
mindol1004:main mindol1004:3.0.x mindol1004:2.7.x mindol1004:docs-build mindol1004:2.6.x mindol1004:remove-flapdoodle mindol1004:2.5.x mindol1004:issue/unicode-dot-char mindol1004:2.4.x mindol1004:2.3.x mindol1004:2.2.x mindol1004:2.1.x mindol1004:2.0.x mindol1004:test-slack-integration mindol1004:slack-integration-test mindol1004:1.4.x mindol1004:1.3.x mindol1004:1.2.x mindol1004:gh-pages mindol1004:1.1.x mindol1004:1.0.x
mindol1004:3.1.0-M1 mindol1004:3.0.1 mindol1004:2.7.1 mindol1004:3.0.0 mindol1004:3.0.0-RC2 mindol1004:3.0.0-RC1 mindol1004:3.0.0-M4 mindol1004:3.0.0-M3 mindol1004:3.0.0-M2 mindol1004:2.7.0 mindol1004:2.7.0-RC1 mindol1004:2.6.3 mindol1004:2.5.6 mindol1004:2.6.2 mindol1004:2.5.5 mindol1004:2.7.0-M1 mindol1004:3.0.0-M1 mindol1004:2.6.1 mindol1004:2.5.4 mindol1004:2.6.0 mindol1004:2.6.0-RC2 mindol1004:2.4.6 mindol1004:2.5.3 mindol1004:2.6.0-RC1 mindol1004:2.4.5 mindol1004:2.5.2 mindol1004:2.6.0-M1 mindol1004:2.4.4 mindol1004:2.5.1 mindol1004:2.5.0 mindol1004:2.2.6.RELEASE mindol1004:2.3.3.RELEASE mindol1004:2.4.3 mindol1004:2.5.0-RC1 mindol1004:2.4.2 mindol1004:2.2.5.RELEASE mindol1004:2.3.2.RELEASE mindol1004:2.5.0-M1 mindol1004:2.4.1 mindol1004:2.4.0 mindol1004:2.4.0-RC1 mindol1004:2.3.1.RELEASE mindol1004:2.2.4.RELEASE mindol1004:2.1.13.RELEASE mindol1004:2.4.0-M1 mindol1004:2.1.12.RELEASE mindol1004:2.2.3.RELEASE mindol1004:2.3.0.RELEASE mindol1004:2.2.2.RELEASE mindol1004:2.1.11.RELEASE mindol1004:2.3.0.RC1 mindol1004:2.3.0.M1 mindol1004:2.1.10.RELEASE mindol1004:2.2.1.RELEASE mindol1004:2.2.0.RELEASE mindol1004:2.2.0.RC1 mindol1004:2.1.9.RELEASE mindol1004:2.2.0.M4 mindol1004:2.2.0.M3 mindol1004:2.1.8.RELEASE mindol1004:2.1.7.RELEASE mindol1004:2.2.0.M2 mindol1004:2.1.6.RELEASE mindol1004:2.2.0.M1 mindol1004:2.0.10.RELEASE mindol1004:2.1.5.RELEASE mindol1004:2.1.4.RELEASE mindol1004:1.3.5.RELEASE mindol1004:2.0.9.RELEASE mindol1004:2.1.3.RELEASE mindol1004:2.0.8.RELEASE mindol1004:2.1.2.RELEASE mindol1004:1.3.4.RELEASE mindol1004:2.1.1.RELEASE mindol1004:2.0.7.RELEASE mindol1004:2.1.0.RELEASE mindol1004:2.1.0.RC1 mindol1004:2.0.6.RELEASE mindol1004:2.1.0.M3 mindol1004:2.1.0.M2 mindol1004:2.1.0.M1 mindol1004:2.0.5.RELEASE mindol1004:2.0.4.RELEASE mindol1004:2.0.3.RELEASE mindol1004:1.3.3.RELEASE mindol1004:2.0.2.RELEASE mindol1004:1.3.2.RELEASE mindol1004:2.0.1.RELEASE mindol1004:2.0.0.RELEASE mindol1004:2.0.0.RC2 mindol1004:2.0.0.RC1 mindol1004:2.0.0.M5 mindol1004:2.0.0.M4 mindol1004:2.0.0.M3 mindol1004:2.0.0.M2 mindol1004:2.0.0.M1 mindol1004:1.3.1.RELEASE mindol1004:1.3.0.RELEASE mindol1004:1.3.0.RC1 mindol1004:1.3.0.M2 mindol1004:1.3.0.M1 mindol1004:1.2.2.RELEASE mindol1004:1.2.1.RELEASE mindol1004:1.2.0.RELEASE mindol1004:1.2.0.RC3 mindol1004:1.2.0.RC2 mindol1004:1.2.0.RC1 mindol1004:1.1.1.RELEASE mindol1004:1.1.0.RELEASE mindol1004:1.1.0.RC1 mindol1004:1.1.0.M1 mindol1004:1.0.2.RELEASE mindol1004:1.0.1.RELEASE mindol1004:1.0.0.RELEASE mindol1004:1.0.0.RC1 mindol1004:1.0.0.M1

57 Commits
2.6.0-RC2 ... 2.5.5

Author SHA1 Message Date
Eleftheria Stein
8ae6ca9ce1 Release 2.5.5 2022-02-22 09:20:06 +01:00
Eleftheria Stein
756d29b93a Upgrade test dependencies 2022-02-21 18:37:48 +01:00
Eleftheria Stein
0ea706a970 Upgrade Hazelcast 4 to 4.2.4 
Closes gh-2022
 2022-02-21 18:37:04 +01:00
Eleftheria Stein
2d8f2c6f97 Upgrade Spring Framework to 5.3.16 
Closes gh-2023
 2022-02-21 18:36:38 +01:00
Eleftheria Stein
ef28b6363e Upgrade Spring Data to 2021.0.9 
Closes gh-2026
 2022-02-21 18:36:05 +01:00
Eleftheria Stein
e8442eaf2e Upgrade Spring Security to 5.5.5 
Closes gh-2024
 2022-02-21 18:35:36 +01:00
Eleftheria Stein
236f5985cb Upgrade Reactor to 2020.0.16 
Closes gh-2025
 2022-02-21 18:34:19 +01:00
Eleftheria Stein
dbdad05a30 Upgrade samples to Spring Boot 2.5.9 
Closes gh-2027
 2022-02-21 18:33:47 +01:00
Eleftheria Stein
1e3c65ff9d Update to jakarta.servlet-api dependency 
Closes gh-1960
 2022-01-25 13:18:36 +01:00
Eleftheria Stein
10ebde5725 Update to jakarta.annotation-api dependency 
Closes gh-1956
 2022-01-25 12:52:47 +01:00
Ruslan Molchanov
e154197492 Fix memory leak with null principal in Redis 
Closes gh-1987
 2022-01-20 10:16:14 +01:00
Eleftheria Stein
e7f1d5ae44 Next development version 2021-12-21 14:03:43 +02:00
Eleftheria Stein
19db5fdf31 Release 2.5.4 2021-12-21 13:39:43 +02:00
Eleftheria Stein
8cea4152a0 Make gretty samples compatible with logback 1.2.9 
Explicitly reference the logback.xml file to prevent gretty from configuring the defaults using groovy.
 2021-12-21 13:30:52 +02:00
Eleftheria Stein
36b85be918 Upgrade test dependencies 2021-12-21 13:23:02 +02:00
Eleftheria Stein
e90fdaef5e Upgrade samples to Spring Boot 2.5.7 
Closes gh-1986
 2021-12-21 13:20:19 +02:00
Eleftheria Stein
e6e10494cb Upgrade Hazelcast 4 to 4.2.3 
Closes gh-1985
 2021-12-21 12:36:29 +02:00
Eleftheria Stein
f8662b433c Upgrade Spring Security to 5.5.4 
Closes gh-1984
 2021-12-21 12:31:44 +02:00
Eleftheria Stein
9154ec5cb0 Upgrade Spring Data to 2021.0.7 
Closes gh-1983
 2021-12-21 12:30:40 +02:00
Eleftheria Stein
4db0d3fac2 Upgrade Spring Framework to 5.3.14 
Closes gh-1982
 2021-12-21 12:24:14 +02:00
Eleftheria Stein
e8f1ebac23 Upgrade Reactor to 2020.0.14 
Closes gh-1981
 2021-12-21 12:23:19 +02:00
Eleftheria Stein
6f6e6c352d GitHub Actions uses spring-builds+github user 
This is more clear than spring-builds user
 2021-12-07 16:08:29 +01:00
Eleftheria Stein
7bb9b105e0 Update to use s01.oss.sonatype.org 
Closes gh-1943
 2021-12-06 15:59:36 +01:00
Eleftheria Stein
d78ac36d15 Update to spring-build-conventions 0.0.38 2021-12-06 15:58:34 +01:00
Eleftheria Stein
e4dfabdb01 Update principal index on session ID change 
Closes gh-1791
 2021-12-02 15:14:04 +01:00
Eleftheria Stein
f0e9fef2b2 Next development version 2021-10-19 15:28:01 +02:00
Eleftheria Stein
e80ad02120 Next development version 2021-10-19 13:10:04 +02:00
Eleftheria Stein
029e7c8158 Release 2.5.3 2021-10-19 12:51:56 +02:00
Eleftheria Stein
d489709886 Upgrade test dependencies 2021-10-19 12:50:44 +02:00
Eleftheria Stein
e31280846f Upgrade Spring Data to 2021.0.6 
Closes gh-1933
 2021-10-19 12:37:24 +02:00
Eleftheria Stein
6cec3098ef Upgrade Spring Framework to 5.3.11 
Closes gh-1930
 2021-10-19 12:35:25 +02:00
Eleftheria Stein
8084e0bab9 Upgrade Reactor to 2020.0.12 
Closes gh-1931
 2021-10-19 12:35:05 +02:00
Eleftheria Stein
b3b5dd4533 Upgrade Spring Security to 5.5.3 
Closes gh-1932
 2021-10-19 12:34:33 +02:00
Vedran Pavic
aca350a86e Make Hazelcast session repository bean factory return type more specific 
The declared return type of Hazelcast session repository bean factory method (i.e. HazelcastHttpSessionConfiguration#sessionRepository) was changed to SessionRepository<?> when support for Hazelcast 4 was added. This breaks Spring Boot's ability to auto-configure sessions endpoint, which is @ConditionalOnBean(FindByIndexNameSessionRepository.class), as the current return type is not specific enough to satisfy this condition.

This commit changes the return type of Hazelcast session repository bean factory method to FindByIndexNameSessionRepository<?>.

Closes: gh-1907
 2021-09-28 09:27:21 +02:00
Eleftheria Stein
d8af71927f Increase session timeout in Hazelcast tests 
It's possible that the session is expiring before the assertions can be made in the tests, causing them to fail.

Issue gh-1912
 2021-09-27 17:03:55 +02:00
Vedran Pavic
d0429dc1e9 Fix Spring Boot based Hazelcast samples 
This commit removes unused Hazelcast client dependencies and test support from Spring Boot based Hazelcast samples.

Closes: gh-1903
 2021-09-27 16:02:07 +02:00
Andreas Kasparek
4e884cdaf2 Always set time-to-live within entry processor 
Closes gh-1899
 2021-09-03 10:52:01 +02:00
Eleftheria Stein
f0450fa2aa Next development version 2021-08-17 17:28:09 +02:00
Eleftheria Stein
a6cb9340a1 Release 2.5.2 2021-08-17 17:10:18 +02:00
Eleftheria Stein
cde82afa9e Upgrade test dependencies 2021-08-17 17:08:42 +02:00
Eleftheria Stein
d42caa2dbb Upgrade Hazelcast 4 to 4.2.2 
Closes gh-1890
 2021-08-17 16:23:10 +02:00
Eleftheria Stein
a9e9f8c46d Upgrade Spring Security to 5.5.2 
Closes gh-1892
 2021-08-17 16:22:32 +02:00
Eleftheria Stein
30e9dc0a17 Upgrade Spring Data to 2021.0.4 
Closes gh-1891
 2021-08-17 16:21:55 +02:00
Eleftheria Stein
c92808fa32 Upgrade Spring Framework to 5.3.9 
Closes gh-1889
 2021-08-17 16:21:15 +02:00
Eleftheria Stein
bdc3a51409 Upgrade Reactor to 2020.0.10 
Closes gh-1888
 2021-08-17 16:20:24 +02:00
Eleftheria Stein
e80021f334 Next development version 2021-06-22 13:20:18 +02:00
Eleftheria Stein
a739b0794c Release 2.5.1 2021-06-22 12:41:56 +02:00
Eleftheria Stein
384633f8b4 Revert "Use GPG_PRIVATE_KEY directly in build" 
This reverts commit c800c7af40.
 2021-06-22 12:41:00 +02:00
Eleftheria Stein
30f17f96f5 Revert "Release 2.5.1" 
This reverts commit ac9077b9d6.
 2021-06-22 12:40:09 +02:00
Eleftheria Stein
ac9077b9d6 Release 2.5.1 2021-06-22 11:26:33 +02:00
Eleftheria Stein
c4c7d8e233 Upgrade test dependencies 2021-06-22 11:07:31 +02:00
Eleftheria Stein
1ce7640fc5 Upgrade samples to Spring Boot 2.4.7 
Closes gh-1871
 2021-06-22 10:09:36 +02:00
Eleftheria Stein
a50a2fe3c9 Upgrade Spring Security to 5.5.1 
Closes gh-1870
 2021-06-22 09:48:36 +02:00
Eleftheria Stein
74a21dd876 Upgrade Spring Framework to 5.3.8 
Closes gh-1869
 2021-06-22 09:47:31 +02:00
Eleftheria Stein
c800c7af40 Use GPG_PRIVATE_KEY directly in build 
Closes gh-1861
 2021-05-31 16:56:03 +03:00
Eleftheria Stein
0033adf74e Update workflows for 2.5.x 2021-05-19 09:23:42 +02:00
Eleftheria Stein
0f63b0c4c8 Next development version 2021-05-19 00:39:23 +02:00
163 changed files with 1596 additions and 8824 deletions
Expand all files Collapse all files

17
.github/ISSUE_TEMPLATE.md vendored
View File

@@ -1,17 +0,0 @@
<!--
!!! For Security Vulnerabilities, please go to https://spring.io/security-policy !!!
-->
**Affects:** \<Spring Framework version>
---
<!--
Thanks for taking the time to create an issue. Please read the following:
- Questions should be asked on Stack Overflow.
- For bugs, specify affected versions and explain what you are trying to do.
- For enhancements, provide context and describe the problem.
Issue or Pull Request? Create only one, not both. GitHub treats them as the same.
If unsure, start with an issue, and if you submit a pull request later, the
issue will be closed as superseded.
-->

2
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@@ -1,5 +1,5 @@
blank_issues_enabled: false
contact_links:
- name: Community Support
url: https://stackoverflow.com/questions/tagged/spring-session
url: https://stackoverflow.com/questions/tagged/spring-security
about: Please ask and answer questions on StackOverflow with the tag spring-session

5
.github/actions/dispatch.sh vendored
View File

@@ -1,5 +0,0 @@
REPOSITORY_REF="$1"
TOKEN="$2"
curl -H "Accept: application/vnd.github.everest-preview+json" -H "Authorization: token ${TOKEN}" --request POST --data '{"event_type": "request-build"}' https://api.github.com/repos/${REPOSITORY_REF}/dispatches
echo "Requested Build for $REPOSITORY_REF"

27
.github/workflows/build-reference.yml vendored
View File

@@ -1,27 +0,0 @@
name: reference
on:
push:
branches-ignore:
- 'gh-pages'
env:
GH_ACTIONS_REPO_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout Source
uses: actions/checkout@v2
- name: Generate antora.yml
run: ./gradlew :spring-session-docs:generateAntora
- name: Push generated antora files to the spring-security-docs-generated
uses: JamesIves/github-pages-deploy-action@4.1.4
with:
branch: "spring-session/main" # The branch the action should deploy to.
folder: "spring-session-docs/build/generateAntora" # The folder the action should deploy.
repository-name: "spring-io/spring-generated-docs"
token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
- name: Dispatch Build Request
run: ${GITHUB_WORKSPACE}/.github/actions/dispatch.sh 'rwinch/spring-reference' "$GH_ACTIONS_REPO_TOKEN"

28
.github/workflows/continuous-integration-workflow.yml vendored
View File

@@ -1,9 +1,9 @@
name: CI
name: 2.5.x CI
on:
push:
branches:
- main
- 2.5.x
schedule:
- cron: '0 10 * * *' # Once per day at 10am UTC
workflow_dispatch: # Manual trigger
@@ -19,7 +19,6 @@ jobs:
build:
name: Build
runs-on: ubuntu-latest
if: github.repository == 'spring-projects/spring-session'
strategy:
matrix:
jdk: [8, 11]
@@ -33,7 +32,7 @@ jobs:
- name: Setup gradle user name
run: |
mkdir -p ~/.gradle
echo 'systemProp.user.name=spring-builds' >> ~/.gradle/gradle.properties
echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
- name: Cache Gradle packages
uses: actions/cache@v2
with:
@@ -49,7 +48,6 @@ jobs:
name: Deploy Artifacts
needs: [build]
runs-on: ubuntu-latest
if: github.repository == 'spring-projects/spring-session'
steps:
- uses: actions/checkout@v2
- name: Set up JDK
@@ -59,26 +57,28 @@ jobs:
- name: Setup gradle user name
run: |
mkdir -p ~/.gradle
echo 'systemProp.user.name=spring-builds' >> ~/.gradle/gradle.properties
echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
- name: Deploy artifacts
run: |
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
./gradlew deployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace --no-parallel
./gradlew finalizeDeployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace --no-parallel
export VERSION_HEADER=$'Version: GnuPG v2\n\n'
export ORG_GRADLE_PROJECT_signingKey=${GPG_PRIVATE_KEY#"$VERSION_HEADER"}
export ORG_GRADLE_PROJECT_signingPassword="$GPG_PASSPHRASE"
./gradlew deployArtifacts -PossrhTokenUsername="$OSSRH_TOKEN_USERNAME" -PossrhTokenPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace --no-parallel
./gradlew finalizeDeployArtifacts -PossrhTokenUsername="$OSSRH_TOKEN_USERNAME" -PossrhTokenPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace --no-parallel
env:
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY_NO_HEADER }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }}
OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_TOKEN_USERNAME }}
OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_TOKEN_PASSWORD }}
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_S01_TOKEN_USERNAME }}
OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_S01_TOKEN_PASSWORD }}
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
docs:
name: Deploy Docs
needs: [build]
runs-on: ubuntu-latest
if: github.repository == 'spring-projects/spring-session'
steps:
- uses: actions/checkout@v2
- name: Set up JDK
@@ -88,7 +88,7 @@ jobs:
- name: Setup gradle user name
run: |
mkdir -p ~/.gradle
echo 'systemProp.user.name=spring-builds' >> ~/.gradle/gradle.properties
echo 'systemProp.user.name=spring-builds+github' >> ~/.gradle/gradle.properties
- name: Deploy Docs
run: |
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"

10
.github/workflows/gradle-wrapper-validation.yml vendored
View File

@@ -1,10 +0,0 @@
name: "Validate Gradle Wrapper"
on: [push, pull_request]
jobs:
validation:
name: "Validation"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: gradle/wrapper-validation-action@v1

8
.github/workflows/pr-build-workflow.yml vendored
View File

@@ -1,12 +1,14 @@
name: PR Build
name: 2.5.x PR Build
on: pull_request
on:
pull_request:
branches:
- 2.5.x
jobs:
build:
name: Build
runs-on: ubuntu-latest
if: github.repository == 'spring-projects/spring-session'
strategy:
matrix:
jdk: [8, 11]

16
build.gradle
View File

@@ -4,7 +4,7 @@ buildscript {
snapshotBuild = version.endsWith('SNAPSHOT')
milestoneBuild = !(releaseBuild || snapshotBuild)
springBootVersion = '2.5.5'
springBootVersion = '2.5.9'
}
repositories {
@@ -22,28 +22,16 @@ buildscript {
}
dependencies {
classpath 'io.spring.gradle:spring-build-conventions:0.0.37'
classpath 'io.spring.gradle:spring-build-conventions:0.0.38'
classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
}
}
plugins {
id "io.github.rwinch.antora" version "0.0.2"
}
apply plugin: 'io.spring.convention.root'
group = 'org.springframework.session'
description = 'Spring Session'
antora {
playbookFile = file("local-antora-playbook.yml")
// default no version (current version)
antoraVersion = "3.0.0-alpha.9"
arguments = ["--fetch"]
}
subprojects {
apply plugin: 'io.spring.javaformat'

2
gradle.properties
View File

@@ -1,3 +1,3 @@
org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
org.gradle.parallel=true
version=2.6.0-RC2
version=2.5.5

50
gradle/dependency-management.gradle
View File

@@ -1,12 +1,11 @@
dependencyManagement {
imports {
mavenBom 'io.projectreactor:reactor-bom:2020.0.12'
mavenBom 'com.fasterxml.jackson:jackson-bom:2.11.2'
mavenBom 'org.junit:junit-bom:5.8.1'
mavenBom 'org.springframework:spring-framework-bom:5.3.11'
mavenBom 'org.springframework.data:spring-data-bom:2021.1.0-RC1'
mavenBom 'org.springframework.security:spring-security-bom:5.6.0-RC1'
mavenBom 'org.testcontainers:testcontainers-bom:1.16.0'
mavenBom 'io.projectreactor:reactor-bom:2020.0.16'
mavenBom 'org.junit:junit-bom:5.7.2'
mavenBom 'org.springframework:spring-framework-bom:5.3.16'
mavenBom 'org.springframework.data:spring-data-bom:2021.0.9'
mavenBom 'org.springframework.security:spring-security-bom:5.5.5'
mavenBom 'org.testcontainers:testcontainers-bom:1.15.3'
}
dependencies {
@@ -15,36 +14,23 @@ dependencyManagement {
entry 'hazelcast-client'
}
dependency 'org.aspectj:aspectjweaver:1.9.7'
dependency 'ch.qos.logback:logback-core:1.2.3'
dependency 'com.google.code.findbugs:jsr305:3.0.2'
dependency 'org.aspectj:aspectjweaver:1.9.8'
dependency 'com.h2database:h2:1.4.200'
dependency 'com.ibm.db2:jcc:11.5.6.0'
dependency 'com.microsoft.sqlserver:mssql-jdbc:9.4.0.jre8'
dependency 'com.oracle.database.jdbc:ojdbc8:21.3.0.0'
dependency 'com.ibm.db2:jcc:11.5.7.0'
dependency 'com.microsoft.sqlserver:mssql-jdbc:7.4.1.jre8'
dependency 'com.oracle.database.jdbc:ojdbc8:19.10.0.0'
dependency 'com.zaxxer:HikariCP:3.4.5'
dependency 'edu.umd.cs.mtc:multithreadedtc:1.01'
dependency 'io.lettuce:lettuce-core:6.1.5.RELEASE'
dependency 'javax.annotation:javax.annotation-api:1.3.2'
dependency 'javax.servlet:javax.servlet-api:4.0.1'
dependency 'io.lettuce:lettuce-core:6.1.6.RELEASE'
dependency 'jakarta.annotation:jakarta.annotation-api:1.3.5'
dependency 'jakarta.servlet:jakarta.servlet-api:4.0.4'
dependency 'junit:junit:4.13.2'
dependency 'mysql:mysql-connector-java:8.0.26'
dependency 'mysql:mysql-connector-java:8.0.28'
dependency 'org.apache.derby:derby:10.14.2.0'
dependency 'org.assertj:assertj-core:3.21.0'
dependency 'org.hamcrest:hamcrest:2.1'
dependency 'org.assertj:assertj-core:3.19.0'
dependency 'org.hsqldb:hsqldb:2.5.2'
dependency 'org.mariadb.jdbc:mariadb-java-client:2.7.4'
dependencySet(group: 'org.mockito', version: '4.0.0') {
entry 'mockito-core'
entry 'mockito-junit-jupiter'
}
dependencySet(group: 'org.mongodb', version: '4.2.3') {
entry 'mongodb-driver-core'
entry 'mongodb-driver-sync'
entry 'mongodb-driver-reactivestreams'
}
dependency 'org.postgresql:postgresql:42.2.24'
dependency 'org.mariadb.jdbc:mariadb-java-client:2.7.5'
dependency 'org.mockito:mockito-core:3.10.0'
dependency 'org.postgresql:postgresql:42.2.25'
}
}

14
local-antora-playbook.yml
View File

@@ -1,14 +0,0 @@
site:
title: Spring Session
start_page: session::index.adoc
content:
sources:
- url: https://github.com/spring-io/spring-generated-docs
branches: [spring-session/main]
- url: ./
branches: HEAD
start_path: spring-session-docs
ui:
bundle:
url: https://github.com/spring-io/antora-ui-spring/releases/download/latest/ui-bundle.zip
snapshot: true

1
settings.gradle
View File

@@ -13,7 +13,6 @@ plugins {
rootProject.name = 'spring-session-build'
include 'spring-session-core'
include 'spring-session-data-mongodb'
include 'spring-session-data-redis'
include 'spring-session-docs'
include 'spring-session-hazelcast'

4
spring-session-core/spring-session-core.gradle
View File

@@ -6,8 +6,8 @@ dependencies {
compile "org.springframework:spring-jcl"
optional "io.projectreactor:reactor-core"
optional "javax.annotation:javax.annotation-api"
optional "javax.servlet:javax.servlet-api"
optional "jakarta.annotation:jakarta.annotation-api"
optional "jakarta.servlet:jakarta.servlet-api"
optional "org.springframework:spring-context"
optional "org.springframework:spring-jdbc"
optional "org.springframework:spring-messaging"

9
spring-session-core/src/main/java/org/springframework/session/config/annotation/web/server/SpringWebSessionConfiguration.java
View File

@@ -38,12 +38,11 @@ import org.springframework.web.server.session.WebSessionManager;
@Configuration(proxyBeanMethods = false)
public class SpringWebSessionConfiguration {
private WebSessionIdResolver webSessionIdResolver;
/**
* Optional override of default {@link WebSessionIdResolver}.
*/
@Autowired(required = false)
public void setWebSessionIdResolver(WebSessionIdResolver webSessionIdResolver) {
this.webSessionIdResolver = webSessionIdResolver;
}
private WebSessionIdResolver webSessionIdResolver;
/**
* Configure a {@link WebSessionManager} using a provided

5
spring-session-core/src/main/java/org/springframework/session/web/http/DefaultCookieSerializer.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2021 the original author or authors.
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -432,8 +432,7 @@ public class DefaultCookieSerializer implements CookieSerializer {
private String getCookiePath(HttpServletRequest request) {
if (this.cookiePath == null) {
String contextPath = request.getContextPath();
return (contextPath != null && contextPath.length() > 0) ? contextPath : "/";
return request.getContextPath() + "/";
}
return this.cookiePath;
}

6
spring-session-core/src/test/java/org/springframework/session/web/http/CookieHttpSessionIdResolverTests.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2021 the original author or authors.
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -109,7 +109,7 @@ class CookieHttpSessionIdResolverTests {
this.strategy.setSessionId(this.request, this.response, this.session.getId());
Cookie sessionCookie = this.response.getCookie(this.cookieName);
assertThat(sessionCookie.getPath()).isEqualTo(this.request.getContextPath());
assertThat(sessionCookie.getPath()).isEqualTo(this.request.getContextPath() + "/");
}
@Test
@@ -131,7 +131,7 @@ class CookieHttpSessionIdResolverTests {
this.strategy.expireSession(this.request, this.response);
Cookie sessionCookie = this.response.getCookie(this.cookieName);
assertThat(sessionCookie.getPath()).isEqualTo(this.request.getContextPath());
assertThat(sessionCookie.getPath()).isEqualTo(this.request.getContextPath() + "/");
}
@Test

6
spring-session-core/src/test/java/org/springframework/session/web/http/DefaultCookieSerializerTests.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2021 the original author or authors.
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -267,7 +267,7 @@ class DefaultCookieSerializerTests {
void writeCookieCookiePathDefaultContextPathUsed() {
this.request.setContextPath("/context");
this.serializer.writeCookieValue(cookieValue(this.sessionId));
assertThat(getCookie().getPath()).isEqualTo("/context");
assertThat(getCookie().getPath()).isEqualTo("/context/");
}
@Test
@@ -275,7 +275,7 @@ class DefaultCookieSerializerTests {
this.request.setContextPath("/context");
this.serializer.setCookiePath(null);
this.serializer.writeCookieValue(cookieValue(this.sessionId));
assertThat(getCookie().getPath()).isEqualTo("/context");
assertThat(getCookie().getPath()).isEqualTo("/context/");
}
@Test

45
spring-session-data-mongodb/spring-session-data-mongodb.gradle
View File

@@ -1,45 +0,0 @@
apply plugin: 'io.spring.convention.spring-module'
description = "Spring Session and Spring MongoDB integration"
dependencies {
compile project(':spring-session-core')
// Spring Data MongoDB
compile("org.springframework.data:spring-data-mongodb") {
exclude group: "org.mongodb", module: "mongo-java-driver"
exclude group: "org.slf4j", module: "jcl-over-slf4j"
}
// MongoDB dependencies
optional "org.mongodb:mongodb-driver-core"
testCompile "org.mongodb:mongodb-driver-sync"
testCompile "org.mongodb:mongodb-driver-reactivestreams"
integrationTestCompile "org.testcontainers:mongodb"
// Everything else
compile "com.fasterxml.jackson.core:jackson-databind"
compile "org.springframework.security:spring-security-core"
compile "com.google.code.findbugs:jsr305"
optional "io.projectreactor:reactor-core"
testCompile "org.springframework:spring-web"
testCompile "org.springframework:spring-webflux"
testCompile "org.springframework.security:spring-security-config"
testCompile "org.springframework.security:spring-security-web"
testCompile "org.assertj:assertj-core"
testCompile "org.junit.jupiter:junit-jupiter-engine"
testCompile "org.junit.jupiter:junit-jupiter-params"
testCompile "org.springframework:spring-test"
testCompile "org.hamcrest:hamcrest"
testCompile "ch.qos.logback:logback-core"
testCompile "org.mockito:mockito-core"
testCompile "org.mockito:mockito-junit-jupiter"
testCompile "io.projectreactor:reactor-test"
testCompile "javax.servlet:javax.servlet-api"
}

76
spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/integration/AbstractClassLoaderTest.java
View File

@@ -1,76 +0,0 @@
/*
* Copyright 2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo.integration;
import java.lang.reflect.Field;
import org.assertj.core.api.AssertionsForClassTypes;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.core.serializer.DefaultDeserializer;
import org.springframework.core.serializer.support.DeserializingConverter;
import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
import org.springframework.session.data.mongo.Assert;
import org.springframework.session.data.mongo.JdkMongoSessionConverter;
import org.springframework.util.ReflectionUtils;
/**
* Verify container's {@link ClassLoader} is injected into session converter (reactive and
* traditional).
*
* @author Greg Turnquist
*/
public abstract class AbstractClassLoaderTest<T> extends AbstractITest {
@Autowired
T sessionRepository;
@Autowired
ApplicationContext applicationContext;
@Test
void verifyContainerClassLoaderLoadedIntoConverter() {
Field mongoSessionConverterField = ReflectionUtils.findField(this.sessionRepository.getClass(),
"mongoSessionConverter");
ReflectionUtils.makeAccessible(
Assert.requireNonNull(mongoSessionConverterField, "mongoSessionConverter must not be null!"));
AbstractMongoSessionConverter sessionConverter = (AbstractMongoSessionConverter) ReflectionUtils
.getField(mongoSessionConverterField, this.sessionRepository);
AssertionsForClassTypes.assertThat(sessionConverter).isInstanceOf(JdkMongoSessionConverter.class);
JdkMongoSessionConverter jdkMongoSessionConverter = (JdkMongoSessionConverter) sessionConverter;
DeserializingConverter deserializingConverter = (DeserializingConverter) extractField(
JdkMongoSessionConverter.class, "deserializer", jdkMongoSessionConverter);
DefaultDeserializer deserializer = (DefaultDeserializer) extractField(DeserializingConverter.class,
"deserializer", deserializingConverter);
ClassLoader classLoader = (ClassLoader) extractField(DefaultDeserializer.class, "classLoader", deserializer);
AssertionsForClassTypes.assertThat(classLoader).isEqualTo(this.applicationContext.getClassLoader());
}
private static Object extractField(Class<?> clazz, String fieldName, Object obj) {
Field field = ReflectionUtils.findField(clazz, fieldName);
ReflectionUtils.makeAccessible(Assert.requireNonNull(field, fieldName + " must not be null!"));
return ReflectionUtils.getField(field, obj);
}
}

62
spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/integration/AbstractITest.java
View File

@@ -1,62 +0,0 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo.integration;
import java.util.UUID;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.context.junit.jupiter.SpringExtension;
import org.springframework.test.context.web.WebAppConfiguration;
/**
* Base class for repositories integration tests
*
* @author Jakub Kubrynski
*/
@ExtendWith(SpringExtension.class)
@WebAppConfiguration
public abstract class AbstractITest {
protected SecurityContext context;
protected SecurityContext changedContext;
// @Autowired(required = false)
// protected SessionEventRegistry registry;
@BeforeEach
void setup() {
// if (this.registry != null) {
// this.registry.clear();
// }
this.context = SecurityContextHolder.createEmptyContext();
this.context.setAuthentication(new UsernamePasswordAuthenticationToken("username-" + UUID.randomUUID(), "na",
AuthorityUtils.createAuthorityList("ROLE_USER")));
this.changedContext = SecurityContextHolder.createEmptyContext();
this.changedContext.setAuthentication(new UsernamePasswordAuthenticationToken(
"changedContext-" + UUID.randomUUID(), "na", AuthorityUtils.createAuthorityList("ROLE_USER")));
}
}

408
spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/integration/AbstractMongoRepositoryITest.java
View File

@@ -1,408 +0,0 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo.integration;
import java.time.Duration;
import java.time.Instant;
import java.util.Map;
import java.util.UUID;
import com.mongodb.client.MongoClient;
import com.mongodb.client.MongoClients;
import org.junit.jupiter.api.Test;
import org.testcontainers.containers.MongoDBContainer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.data.mongodb.core.MongoOperations;
import org.springframework.data.mongodb.core.MongoTemplate;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.session.FindByIndexNameSessionRepository;
import org.springframework.session.Session;
import org.springframework.session.data.mongo.MongoIndexedSessionRepository;
import org.springframework.session.data.mongo.MongoSession;
import static org.assertj.core.api.Assertions.assertThat;
/**
* Abstract base class for {@link MongoIndexedSessionRepository} tests.
*
* @author Jakub Kubrynski
* @author Vedran Pavic
* @author Greg Turnquist
*/
public abstract class AbstractMongoRepositoryITest extends AbstractITest {
protected static final String SPRING_SECURITY_CONTEXT = "SPRING_SECURITY_CONTEXT";
protected static final String INDEX_NAME = FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME;
@Autowired
protected MongoIndexedSessionRepository repository;
@Test
void saves() {
String username = "saves-" + System.currentTimeMillis();
MongoSession toSave = this.repository.createSession();
String expectedAttributeName = "a";
String expectedAttributeValue = "b";
toSave.setAttribute(expectedAttributeName, expectedAttributeValue);
Authentication toSaveToken = new UsernamePasswordAuthenticationToken(username, "password",
AuthorityUtils.createAuthorityList("ROLE_USER"));
SecurityContext toSaveContext = SecurityContextHolder.createEmptyContext();
toSaveContext.setAuthentication(toSaveToken);
toSave.setAttribute(SPRING_SECURITY_CONTEXT, toSaveContext);
toSave.setAttribute(INDEX_NAME, username);
this.repository.save(toSave);
Session session = this.repository.findById(toSave.getId());
assertThat(session.getId()).isEqualTo(toSave.getId());
assertThat(session.getAttributeNames()).isEqualTo(toSave.getAttributeNames());
assertThat(session.<String>getAttribute(expectedAttributeName))
.isEqualTo(toSave.getAttribute(expectedAttributeName));
this.repository.deleteById(toSave.getId());
String id = toSave.getId();
assertThat(this.repository.findById(id)).isNull();
}
@Test
void putAllOnSingleAttrDoesNotRemoveOld() {
MongoSession toSave = this.repository.createSession();
toSave.setAttribute("a", "b");
this.repository.save(toSave);
toSave = this.repository.findById(toSave.getId());
toSave.setAttribute("1", "2");
this.repository.save(toSave);
toSave = this.repository.findById(toSave.getId());
Session session = this.repository.findById(toSave.getId());
assertThat(session.getAttributeNames().size()).isEqualTo(2);
assertThat(session.<String>getAttribute("a")).isEqualTo("b");
assertThat(session.<String>getAttribute("1")).isEqualTo("2");
this.repository.deleteById(toSave.getId());
}
@Test
void findByPrincipalName() throws Exception {
String principalName = "findByPrincipalName" + UUID.randomUUID();
MongoSession toSave = this.repository.createSession();
toSave.setAttribute(INDEX_NAME, principalName);
this.repository.save(toSave);
Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
principalName);
assertThat(findByPrincipalName).hasSize(1);
assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
this.repository.deleteById(toSave.getId());
findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME, principalName);
assertThat(findByPrincipalName).hasSize(0);
assertThat(findByPrincipalName.keySet()).doesNotContain(toSave.getId());
}
@Test
void nonExistentSessionShouldNotBreakMongo() {
this.repository.deleteById("doesn't exist");
}
@Test
void findByPrincipalNameNoPrincipalNameChange() throws Exception {
String principalName = "findByPrincipalNameNoPrincipalNameChange" + UUID.randomUUID();
MongoSession toSave = this.repository.createSession();
toSave.setAttribute(INDEX_NAME, principalName);
this.repository.save(toSave);
toSave.setAttribute("other", "value");
this.repository.save(toSave);
Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
principalName);
assertThat(findByPrincipalName).hasSize(1);
assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
}
@Test
void findByPrincipalNameNoPrincipalNameChangeReload() throws Exception {
String principalName = "findByPrincipalNameNoPrincipalNameChangeReload" + UUID.randomUUID();
MongoSession toSave = this.repository.createSession();
toSave.setAttribute(INDEX_NAME, principalName);
this.repository.save(toSave);
toSave = this.repository.findById(toSave.getId());
toSave.setAttribute("other", "value");
this.repository.save(toSave);
Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
principalName);
assertThat(findByPrincipalName).hasSize(1);
assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
}
@Test
void findByDeletedPrincipalName() throws Exception {
String principalName = "findByDeletedPrincipalName" + UUID.randomUUID();
MongoSession toSave = this.repository.createSession();
toSave.setAttribute(INDEX_NAME, principalName);
this.repository.save(toSave);
toSave.setAttribute(INDEX_NAME, null);
this.repository.save(toSave);
Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
principalName);
assertThat(findByPrincipalName).isEmpty();
}
@Test
void findByChangedPrincipalName() throws Exception {
String principalName = "findByChangedPrincipalName" + UUID.randomUUID();
String principalNameChanged = "findByChangedPrincipalName" + UUID.randomUUID();
MongoSession toSave = this.repository.createSession();
toSave.setAttribute(INDEX_NAME, principalName);
this.repository.save(toSave);
toSave.setAttribute(INDEX_NAME, principalNameChanged);
this.repository.save(toSave);
Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
principalName);
assertThat(findByPrincipalName).isEmpty();
findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME, principalNameChanged);
assertThat(findByPrincipalName).hasSize(1);
assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
}
@Test
void findByDeletedPrincipalNameReload() throws Exception {
String principalName = "findByDeletedPrincipalName" + UUID.randomUUID();
MongoSession toSave = this.repository.createSession();
toSave.setAttribute(INDEX_NAME, principalName);
this.repository.save(toSave);
MongoSession getSession = this.repository.findById(toSave.getId());
getSession.setAttribute(INDEX_NAME, null);
this.repository.save(getSession);
Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
principalName);
assertThat(findByPrincipalName).isEmpty();
}
@Test
void findByChangedPrincipalNameReload() throws Exception {
String principalName = "findByChangedPrincipalName" + UUID.randomUUID();
String principalNameChanged = "findByChangedPrincipalName" + UUID.randomUUID();
MongoSession toSave = this.repository.createSession();
toSave.setAttribute(INDEX_NAME, principalName);
this.repository.save(toSave);
MongoSession getSession = this.repository.findById(toSave.getId());
getSession.setAttribute(INDEX_NAME, principalNameChanged);
this.repository.save(getSession);
Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
principalName);
assertThat(findByPrincipalName).isEmpty();
findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME, principalNameChanged);
assertThat(findByPrincipalName).hasSize(1);
assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
}
@Test
void findBySecurityPrincipalName() throws Exception {
MongoSession toSave = this.repository.createSession();
toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.context);
this.repository.save(toSave);
Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
getSecurityName());
assertThat(findByPrincipalName).hasSize(1);
assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
this.repository.deleteById(toSave.getId());
findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME, getSecurityName());
assertThat(findByPrincipalName).hasSize(0);
assertThat(findByPrincipalName.keySet()).doesNotContain(toSave.getId());
}
@Test
void findByPrincipalNameNoSecurityPrincipalNameChange() throws Exception {
MongoSession toSave = this.repository.createSession();
toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.context);
this.repository.save(toSave);
toSave.setAttribute("other", "value");
this.repository.save(toSave);
Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
getSecurityName());
assertThat(findByPrincipalName).hasSize(1);
assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
}
@Test
void findByDeletedSecurityPrincipalName() throws Exception {
MongoSession toSave = this.repository.createSession();
toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.context);
this.repository.save(toSave);
toSave.setAttribute(SPRING_SECURITY_CONTEXT, null);
this.repository.save(toSave);
Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
getSecurityName());
assertThat(findByPrincipalName).isEmpty();
}
@Test
void findByChangedSecurityPrincipalName() throws Exception {
MongoSession toSave = this.repository.createSession();
toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.context);
this.repository.save(toSave);
toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.changedContext);
this.repository.save(toSave);
Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
getSecurityName());
assertThat(findByPrincipalName).isEmpty();
findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME, getChangedSecurityName());
assertThat(findByPrincipalName).hasSize(1);
assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
}
@Test
void findByChangedSecurityPrincipalNameReload() throws Exception {
MongoSession toSave = this.repository.createSession();
toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.context);
this.repository.save(toSave);
MongoSession getSession = this.repository.findById(toSave.getId());
getSession.setAttribute(SPRING_SECURITY_CONTEXT, this.changedContext);
this.repository.save(getSession);
Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
getSecurityName());
assertThat(findByPrincipalName).isEmpty();
findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME, getChangedSecurityName());
assertThat(findByPrincipalName).hasSize(1);
assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
}
@Test
void loadExpiredSession() throws Exception {
// given
MongoSession expiredSession = this.repository.createSession();
Instant thirtyOneMinutesAgo = Instant.ofEpochMilli(System.currentTimeMillis()).minus(Duration.ofMinutes(31));
expiredSession.setLastAccessedTime(thirtyOneMinutesAgo);
this.repository.save(expiredSession);
// then
MongoSession expiredSessionFromDb = this.repository.findById(expiredSession.getId());
assertThat(expiredSessionFromDb).isNull();
}
protected String getSecurityName() {
return this.context.getAuthentication().getName();
}
protected String getChangedSecurityName() {
return this.changedContext.getAuthentication().getName();
}
protected static class BaseConfig {
private static final String DOCKER_IMAGE = "mongo:4.0.10";
@Bean(initMethod = "start", destroyMethod = "stop")
public MongoDBContainer mongoContainer() {
return new MongoDBContainer(DOCKER_IMAGE).withExposedPorts(27017);
}
@Bean
public MongoOperations mongoOperations(MongoDBContainer mongoContainer) {
MongoClient mongo = MongoClients.create(
"mongodb://" + mongoContainer.getContainerIpAddress() + ":" + mongoContainer.getFirstMappedPort());
return new MongoTemplate(mongo, "test");
}
}
}

199
spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/integration/MongoDbDeleteJacksonSessionVerificationTest.java
View File

@@ -1,199 +0,0 @@
/*
* Copyright 2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo.integration;
import java.net.URI;
import com.mongodb.reactivestreams.client.MongoClient;
import com.mongodb.reactivestreams.client.MongoClients;
import org.assertj.core.api.AssertionsForClassTypes;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.testcontainers.containers.MongoDBContainer;
import reactor.test.StepVerifier;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.mongodb.core.ReactiveMongoOperations;
import org.springframework.data.mongodb.core.ReactiveMongoTemplate;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
import org.springframework.session.data.mongo.JacksonMongoSessionConverter;
import org.springframework.session.data.mongo.config.annotation.web.reactive.EnableMongoWebSession;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit.jupiter.SpringExtension;
import org.springframework.test.web.reactive.server.FluxExchangeResult;
import org.springframework.test.web.reactive.server.WebTestClient;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.reactive.config.EnableWebFlux;
import org.springframework.web.reactive.function.BodyInserters;
/**
* @author Boris Finkelshteyn
*/
@ExtendWith(SpringExtension.class)
@ContextConfiguration
public class MongoDbDeleteJacksonSessionVerificationTest {
@Autowired
ApplicationContext ctx;
WebTestClient client;
@BeforeEach
void setUp() {
this.client = WebTestClient.bindToApplicationContext(this.ctx).build();
}
@Test
void logoutShouldDeleteOldSessionFromMongoDB() {
// 1. Login and capture the SESSION cookie value.
FluxExchangeResult<String> loginResult = this.client.post().uri("/login")
.contentType(MediaType.APPLICATION_FORM_URLENCODED) //
.body(BodyInserters //
.fromFormData("username", "admin") //
.with("password", "password")) //
.exchange() //
.returnResult(String.class);
AssertionsForClassTypes.assertThat(loginResult.getResponseHeaders().getLocation()).isEqualTo(URI.create("/"));
String originalSessionId = loginResult.getResponseCookies().getFirst("SESSION").getValue();
// 2. Fetch a protected resource using the SESSION cookie.
this.client.get().uri("/hello") //
.cookie("SESSION", originalSessionId) //
.exchange() //
.expectStatus().isOk() //
.returnResult(String.class).getResponseBody() //
.as(StepVerifier::create) //
.expectNext("HelloWorld") //
.verifyComplete();
// 3. Logout using the SESSION cookie, and capture the new SESSION cookie.
String newSessionId = this.client.post().uri("/logout") //
.cookie("SESSION", originalSessionId) //
.exchange() //
.expectStatus().isFound() //
.returnResult(String.class).getResponseCookies().getFirst("SESSION").getValue();
AssertionsForClassTypes.assertThat(newSessionId).isNotEqualTo(originalSessionId);
// 4. Verify the new SESSION cookie is not yet authorized.
this.client.get().uri("/hello") //
.cookie("SESSION", newSessionId) //
.exchange() //
.expectStatus().isFound() //
.expectHeader()
.value(HttpHeaders.LOCATION, (value) -> AssertionsForClassTypes.assertThat(value).isEqualTo("/login"));
// 5. Verify the original SESSION cookie no longer works.
this.client.get().uri("/hello") //
.cookie("SESSION", originalSessionId) //
.exchange() //
.expectStatus().isFound() //
.expectHeader()
.value(HttpHeaders.LOCATION, (value) -> AssertionsForClassTypes.assertThat(value).isEqualTo("/login"));
}
@RestController
static class TestController {
@GetMapping("/hello")
ResponseEntity<String> hello() {
return ResponseEntity.ok("HelloWorld");
}
}
@EnableWebFluxSecurity
static class SecurityConfig {
@Bean
SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
return http //
.logout()//
/**/.and() //
.formLogin() //
/**/.and() //
.csrf().disable() //
.authorizeExchange() //
.anyExchange().authenticated() //
/**/.and() //
.build();
}
@Bean
MapReactiveUserDetailsService userDetailsService() {
return new MapReactiveUserDetailsService(User.withDefaultPasswordEncoder() //
.username("admin") //
.password("password") //
.roles("USER,ADMIN") //
.build());
}
@Bean
AbstractMongoSessionConverter mongoSessionConverter() {
return new JacksonMongoSessionConverter();
}
}
@Configuration
@EnableWebFlux
@EnableMongoWebSession
static class Config {
private static final String DOCKER_IMAGE = "mongo:4.0.10";
@Bean(initMethod = "start", destroyMethod = "stop")
MongoDBContainer mongoContainer() {
return new MongoDBContainer(DOCKER_IMAGE).withExposedPorts(27017);
}
@Bean
ReactiveMongoOperations mongoOperations(MongoDBContainer mongoContainer) {
MongoClient mongo = MongoClients.create(
"mongodb://" + mongoContainer.getContainerIpAddress() + ":" + mongoContainer.getFirstMappedPort());
return new ReactiveMongoTemplate(mongo, "DB_Name_DeleteJacksonSessionVerificationTest");
}
@Bean
TestController controller() {
return new TestController();
}
}
}

194
spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/integration/MongoDbLogoutVerificationTest.java
View File

@@ -1,194 +0,0 @@
/*
* Copyright 2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo.integration;
import java.net.URI;
import com.mongodb.reactivestreams.client.MongoClient;
import com.mongodb.reactivestreams.client.MongoClients;
import org.assertj.core.api.AssertionsForClassTypes;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.testcontainers.containers.MongoDBContainer;
import reactor.test.StepVerifier;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.mongodb.core.ReactiveMongoOperations;
import org.springframework.data.mongodb.core.ReactiveMongoTemplate;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.session.data.mongo.config.annotation.web.reactive.EnableMongoWebSession;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit.jupiter.SpringExtension;
import org.springframework.test.web.reactive.server.FluxExchangeResult;
import org.springframework.test.web.reactive.server.WebTestClient;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.reactive.config.EnableWebFlux;
import org.springframework.web.reactive.function.BodyInserters;
/**
* @author Greg Turnquist
*/
@ExtendWith(SpringExtension.class)
@ContextConfiguration
public class MongoDbLogoutVerificationTest {
@Autowired
ApplicationContext ctx;
WebTestClient client;
@BeforeEach
void setUp() {
this.client = WebTestClient.bindToApplicationContext(this.ctx).build();
}
@Test
void logoutShouldDeleteOldSessionFromMongoDB() {
// 1. Login and capture the SESSION cookie value.
FluxExchangeResult<String> loginResult = this.client.post().uri("/login")
.contentType(MediaType.APPLICATION_FORM_URLENCODED) //
.body(BodyInserters //
.fromFormData("username", "admin") //
.with("password", "password")) //
.exchange() //
.returnResult(String.class);
AssertionsForClassTypes.assertThat(loginResult.getResponseHeaders().getLocation()).isEqualTo(URI.create("/"));
String originalSessionId = loginResult.getResponseCookies().getFirst("SESSION").getValue();
// 2. Fetch a protected resource using the SESSION cookie.
this.client.get().uri("/hello") //
.cookie("SESSION", originalSessionId) //
.exchange() //
.expectStatus().isOk() //
.returnResult(String.class).getResponseBody() //
.as(StepVerifier::create) //
.expectNext("HelloWorld") //
.verifyComplete();
// 3. Logout using the SESSION cookie, and capture the new SESSION cookie.
String newSessionId = this.client.post().uri("/logout") //
.cookie("SESSION", originalSessionId) //
.exchange() //
.expectStatus().isFound() //
.returnResult(String.class).getResponseCookies().getFirst("SESSION").getValue();
AssertionsForClassTypes.assertThat(newSessionId).isNotEqualTo(originalSessionId);
// 4. Verify the new SESSION cookie is not yet authorized.
this.client.get().uri("/hello") //
.cookie("SESSION", newSessionId) //
.exchange() //
.expectStatus().isFound() //
.expectHeader()
.value(HttpHeaders.LOCATION, (value) -> AssertionsForClassTypes.assertThat(value).isEqualTo("/login"));
// 5. Verify the original SESSION cookie no longer works.
this.client.get().uri("/hello") //
.cookie("SESSION", originalSessionId) //
.exchange() //
.expectStatus().isFound() //
.expectHeader()
.value(HttpHeaders.LOCATION, (value) -> AssertionsForClassTypes.assertThat(value).isEqualTo("/login"));
}
@RestController
static class TestController {
@GetMapping("/hello")
ResponseEntity<String> hello() {
return ResponseEntity.ok("HelloWorld");
}
}
@EnableWebFluxSecurity
static class SecurityConfig {
@Bean
SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
return http //
.logout()//
/**/.and() //
.formLogin() //
/**/.and() //
.csrf().disable() //
.authorizeExchange() //
.anyExchange().authenticated() //
/**/.and() //
.build();
}
@Bean
MapReactiveUserDetailsService userDetailsService() {
return new MapReactiveUserDetailsService(User.withDefaultPasswordEncoder() //
.username("admin") //
.password("password") //
.roles("USER,ADMIN") //
.build());
}
}
@Configuration
@EnableWebFlux
@EnableMongoWebSession
static class Config {
private static final String DOCKER_IMAGE = "mongo:4.0.10";
@Bean(initMethod = "start", destroyMethod = "stop")
MongoDBContainer mongoContainer() {
return new MongoDBContainer(DOCKER_IMAGE).withExposedPorts(27017);
}
@Bean
ReactiveMongoOperations mongoOperations(MongoDBContainer mongoContainer) {
MongoClient mongo = MongoClients.create(
"mongodb://" + mongoContainer.getContainerIpAddress() + ":" + mongoContainer.getFirstMappedPort());
return new ReactiveMongoTemplate(mongo, "test");
}
@Bean
TestController controller() {
return new TestController();
}
}
}

75
spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/integration/MongoRepositoryJacksonITest.java
View File

@@ -1,75 +0,0 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo.integration;
import java.util.Collections;
import java.util.Map;
import java.util.UUID;
import org.junit.jupiter.api.Test;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.geo.GeoModule;
import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
import org.springframework.session.data.mongo.JacksonMongoSessionConverter;
import org.springframework.session.data.mongo.MongoSession;
import org.springframework.session.data.mongo.config.annotation.web.http.EnableMongoHttpSession;
import org.springframework.test.context.ContextConfiguration;
import static org.assertj.core.api.Assertions.assertThat;
/**
* Integration tests for
* {@link org.springframework.session.data.mongo.MongoIndexedSessionRepository} that use
* {@link JacksonMongoSessionConverter} based session serialization.
*
* @author Jakub Kubrynski
* @author Vedran Pavic
* @author Greg Turnquist
*/
@ContextConfiguration
public class MongoRepositoryJacksonITest extends AbstractMongoRepositoryITest {
@Test
void findByCustomIndex() throws Exception {
MongoSession toSave = this.repository.createSession();
String cartId = "cart-" + UUID.randomUUID();
toSave.setAttribute("cartId", cartId);
this.repository.save(toSave);
Map<String, MongoSession> findByCartId = this.repository.findByIndexNameAndIndexValue("cartId", cartId);
assertThat(findByCartId).hasSize(1);
assertThat(findByCartId.keySet()).containsOnly(toSave.getId());
}
// tag::sample[]
@Configuration
@EnableMongoHttpSession
static class Config extends BaseConfig {
@Bean
AbstractMongoSessionConverter mongoSessionConverter() {
return new JacksonMongoSessionConverter(Collections.singletonList(new GeoModule()));
}
}
// end::sample[]
}

96
spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/integration/MongoRepositoryJdkSerializationITest.java
View File

@@ -1,96 +0,0 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo.integration;
import java.time.Duration;
import java.util.Map;
import org.junit.jupiter.api.Test;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
import org.springframework.session.data.mongo.JdkMongoSessionConverter;
import org.springframework.session.data.mongo.MongoSession;
import org.springframework.session.data.mongo.config.annotation.web.http.EnableMongoHttpSession;
import org.springframework.test.context.ContextConfiguration;
import static org.assertj.core.api.Assertions.assertThat;
/**
* Integration tests for
* {@link org.springframework.session.data.mongo.MongoIndexedSessionRepository} that use
* {@link JdkMongoSessionConverter} based session serialization.
*
* @author Jakub Kubrynski
* @author Vedran Pavic
* @author Greg Turnquist
*/
@ContextConfiguration
public class MongoRepositoryJdkSerializationITest extends AbstractMongoRepositoryITest {
@Test
void findByDeletedSecurityPrincipalNameReload() throws Exception {
MongoSession toSave = this.repository.createSession();
toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.context);
this.repository.save(toSave);
MongoSession getSession = this.repository.findById(toSave.getId());
getSession.setAttribute(INDEX_NAME, null);
this.repository.save(getSession);
Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
getChangedSecurityName());
assertThat(findByPrincipalName).isEmpty();
}
@Test
void findByPrincipalNameNoSecurityPrincipalNameChangeReload() throws Exception {
MongoSession toSave = this.repository.createSession();
toSave.setAttribute(SPRING_SECURITY_CONTEXT, this.context);
this.repository.save(toSave);
toSave = this.repository.findById(toSave.getId());
toSave.setAttribute("other", "value");
this.repository.save(toSave);
Map<String, MongoSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
getSecurityName());
assertThat(findByPrincipalName).hasSize(1);
assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
}
// tag::sample[]
@Configuration
@EnableMongoHttpSession
static class Config extends BaseConfig {
@Bean
AbstractMongoSessionConverter mongoSessionConverter() {
return new JdkMongoSessionConverter(Duration.ofMinutes(30));
}
}
// end::sample[]
}

129
spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/AbstractMongoSessionConverter.java
View File

@@ -1,129 +0,0 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import java.util.Collections;
import java.util.Set;
import com.mongodb.DBObject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bson.Document;
import org.springframework.core.convert.TypeDescriptor;
import org.springframework.core.convert.converter.GenericConverter;
import org.springframework.data.domain.Sort;
import org.springframework.data.mongodb.core.index.Index;
import org.springframework.data.mongodb.core.index.IndexInfo;
import org.springframework.data.mongodb.core.index.IndexOperations;
import org.springframework.data.mongodb.core.query.Query;
import org.springframework.lang.Nullable;
import org.springframework.session.DelegatingIndexResolver;
import org.springframework.session.FindByIndexNameSessionRepository;
import org.springframework.session.IndexResolver;
import org.springframework.session.PrincipalNameIndexResolver;
/**
* Base class for serializing and deserializing session objects. To create custom
* serializer you have to implement this interface and simply register your class as a
* bean.
*
* @author Jakub Kubrynski
* @author Greg Turnquist
* @since 1.2
*/
public abstract class AbstractMongoSessionConverter implements GenericConverter {
static final String EXPIRE_AT_FIELD_NAME = "expireAt";
private static final Log LOG = LogFactory.getLog(AbstractMongoSessionConverter.class);
private static final String SPRING_SECURITY_CONTEXT = "SPRING_SECURITY_CONTEXT";
private IndexResolver<MongoSession> indexResolver = new DelegatingIndexResolver<>(
new PrincipalNameIndexResolver<>());
/**
* Returns query to be executed to return sessions based on a particular index.
* @param indexName name of the index
* @param indexValue value to query against
* @return built query or null if indexName is not supported
*/
@Nullable
protected abstract Query getQueryForIndex(String indexName, Object indexValue);
/**
* Method ensures that there is a TTL index on {@literal expireAt} field. It's has
* {@literal expireAfterSeconds} set to zero seconds, so the expiration time is
* controlled by the application. It can be extended in custom converters when there
* is a need for creating additional custom indexes.
* @param sessionCollectionIndexes {@link IndexOperations} to use
*/
protected void ensureIndexes(IndexOperations sessionCollectionIndexes) {
for (IndexInfo info : sessionCollectionIndexes.getIndexInfo()) {
if (EXPIRE_AT_FIELD_NAME.equals(info.getName())) {
LOG.debug("TTL index on field " + EXPIRE_AT_FIELD_NAME + " already exists");
return;
}
}
LOG.info("Creating TTL index on field " + EXPIRE_AT_FIELD_NAME);
sessionCollectionIndexes
.ensureIndex(new Index(EXPIRE_AT_FIELD_NAME, Sort.Direction.ASC).named(EXPIRE_AT_FIELD_NAME).expire(0));
}
protected String extractPrincipal(MongoSession expiringSession) {
return this.indexResolver.resolveIndexesFor(expiringSession)
.get(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME);
}
public Set<ConvertiblePair> getConvertibleTypes() {
return Collections.singleton(new ConvertiblePair(DBObject.class, MongoSession.class));
}
@SuppressWarnings("unchecked")
@Nullable
public Object convert(Object source, TypeDescriptor sourceType, TypeDescriptor targetType) {
if (source == null) {
return null;
}
if (DBObject.class.isAssignableFrom(sourceType.getType())) {
return convert(new Document(((DBObject) source).toMap()));
}
else if (Document.class.isAssignableFrom(sourceType.getType())) {
return convert((Document) source);
}
else {
return convert((MongoSession) source);
}
}
protected abstract DBObject convert(MongoSession session);
protected abstract MongoSession convert(Document sessionWrapper);
public void setIndexResolver(IndexResolver<MongoSession> indexResolver) {
this.indexResolver = Assert.requireNonNull(indexResolver, "indexResolver must not be null!");
}
}

39
spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/Assert.java
View File

@@ -1,39 +0,0 @@
/*
* Copyright 2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import org.springframework.lang.Nullable;
/**
* Utility to verify non null fields.
*
* @author Greg Turnquist
*/
public final class Assert {
private Assert() {
}
public static <T> T requireNonNull(@Nullable T item, String message) {
if (item == null) {
throw new IllegalArgumentException(message);
}
return item;
}
}

187
spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/JacksonMongoSessionConverter.java
View File

@@ -1,187 +0,0 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import java.io.IOException;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.PropertyAccessor;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.Module;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.PropertyNamingStrategy;
import com.mongodb.BasicDBObject;
import com.mongodb.DBObject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bson.Document;
import org.bson.json.JsonMode;
import org.bson.json.JsonWriterSettings;
import org.springframework.data.mongodb.core.query.Criteria;
import org.springframework.data.mongodb.core.query.Query;
import org.springframework.lang.Nullable;
import org.springframework.security.jackson2.SecurityJackson2Modules;
import org.springframework.session.FindByIndexNameSessionRepository;
import org.springframework.util.Assert;
/**
* {@code AbstractMongoSessionConverter} implementation using Jackson.
*
* @author Jakub Kubrynski
* @author Greg Turnquist
* @author Michael Ruf
* @since 1.2
*/
public class JacksonMongoSessionConverter extends AbstractMongoSessionConverter {
private static final Log LOG = LogFactory.getLog(JacksonMongoSessionConverter.class);
private static final String ATTRS_FIELD_NAME = "attrs.";
private static final String PRINCIPAL_FIELD_NAME = "principal";
private static final String EXPIRE_AT_FIELD_NAME = "expireAt";
private final ObjectMapper objectMapper;
public JacksonMongoSessionConverter() {
this(Collections.emptyList());
}
public JacksonMongoSessionConverter(Iterable<Module> modules) {
this.objectMapper = buildObjectMapper();
this.objectMapper.registerModules(modules);
}
public JacksonMongoSessionConverter(ObjectMapper objectMapper) {
Assert.notNull(objectMapper, "ObjectMapper can NOT be null!");
this.objectMapper = objectMapper;
}
@Nullable
protected Query getQueryForIndex(String indexName, Object indexValue) {
if (FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME.equals(indexName)) {
return Query.query(Criteria.where(PRINCIPAL_FIELD_NAME).is(indexValue));
}
else {
return Query.query(Criteria.where(ATTRS_FIELD_NAME + MongoSession.coverDot(indexName)).is(indexValue));
}
}
private ObjectMapper buildObjectMapper() {
ObjectMapper objectMapper = new ObjectMapper();
// serialize fields instead of properties
objectMapper.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.NONE);
objectMapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY);
// ignore unresolved fields (mostly 'principal')
objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
objectMapper.setPropertyNamingStrategy(new MongoIdNamingStrategy());
objectMapper.registerModules(SecurityJackson2Modules.getModules(getClass().getClassLoader()));
objectMapper.addMixIn(MongoSession.class, MongoSessionMixin.class);
objectMapper.addMixIn(HashMap.class, HashMapMixin.class);
return objectMapper;
}
@Override
protected DBObject convert(MongoSession source) {
try {
DBObject dbSession = BasicDBObject.parse(this.objectMapper.writeValueAsString(source));
// Override default serialization with proper values.
dbSession.put(PRINCIPAL_FIELD_NAME, extractPrincipal(source));
dbSession.put(EXPIRE_AT_FIELD_NAME, source.getExpireAt());
return dbSession;
}
catch (JsonProcessingException ex) {
throw new IllegalStateException("Cannot convert MongoExpiringSession", ex);
}
}
@Override
@Nullable
protected MongoSession convert(Document source) {
Date expireAt = (Date) source.remove(EXPIRE_AT_FIELD_NAME);
source.remove("originalSessionId");
String json = source.toJson(JsonWriterSettings.builder().outputMode(JsonMode.RELAXED).build());
try {
MongoSession mongoSession = this.objectMapper.readValue(json, MongoSession.class);
mongoSession.setExpireAt(expireAt);
return mongoSession;
}
catch (IOException ex) {
LOG.error("Error during Mongo Session deserialization", ex);
return null;
}
}
/**
* Used to whitelist {@link MongoSession} for {@link SecurityJackson2Modules}.
*/
private static class MongoSessionMixin {
@JsonCreator
MongoSessionMixin(@JsonProperty("_id") String id,
@JsonProperty("intervalSeconds") long maxInactiveIntervalInSeconds) {
}
}
/**
* Used to whitelist {@link HashMap} for {@link SecurityJackson2Modules}.
*/
private static class HashMapMixin {
// Nothing special
}
private static class MongoIdNamingStrategy extends PropertyNamingStrategy.PropertyNamingStrategyBase {
@Override
public String translate(String propertyName) {
switch (propertyName) {
case "id":
return "_id";
case "_id":
return "id";
default:
return propertyName;
}
}
}
}

174
spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/JdkMongoSessionConverter.java
View File

@@ -1,174 +0,0 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import java.time.Duration;
import java.time.Instant;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import com.mongodb.BasicDBObject;
import com.mongodb.DBObject;
import org.bson.Document;
import org.bson.types.Binary;
import org.springframework.core.convert.converter.Converter;
import org.springframework.core.serializer.support.DeserializingConverter;
import org.springframework.core.serializer.support.SerializingConverter;
import org.springframework.data.mongodb.core.query.Criteria;
import org.springframework.data.mongodb.core.query.Query;
import org.springframework.lang.Nullable;
import org.springframework.session.FindByIndexNameSessionRepository;
import org.springframework.session.Session;
import org.springframework.util.Assert;
/**
* {@code AbstractMongoSessionConverter} implementation using standard Java serialization.
*
* @author Jakub Kubrynski
* @author Rob Winch
* @author Greg Turnquist
* @since 1.2
*/
public class JdkMongoSessionConverter extends AbstractMongoSessionConverter {
private static final String ID = "_id";
private static final String CREATION_TIME = "created";
private static final String LAST_ACCESSED_TIME = "accessed";
private static final String MAX_INTERVAL = "interval";
private static final String ATTRIBUTES = "attr";
private static final String PRINCIPAL_FIELD_NAME = "principal";
private final Converter<Object, byte[]> serializer;
private final Converter<byte[], Object> deserializer;
private Duration maxInactiveInterval;
public JdkMongoSessionConverter(Duration maxInactiveInterval) {
this(new SerializingConverter(), new DeserializingConverter(), maxInactiveInterval);
}
public JdkMongoSessionConverter(Converter<Object, byte[]> serializer, Converter<byte[], Object> deserializer,
Duration maxInactiveInterval) {
Assert.notNull(serializer, "serializer cannot be null");
Assert.notNull(deserializer, "deserializer cannot be null");
Assert.notNull(maxInactiveInterval, "maxInactiveInterval cannot be null");
this.serializer = serializer;
this.deserializer = deserializer;
this.maxInactiveInterval = maxInactiveInterval;
}
@Override
@Nullable
public Query getQueryForIndex(String indexName, Object indexValue) {
if (FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME.equals(indexName)) {
return Query.query(Criteria.where(PRINCIPAL_FIELD_NAME).is(indexValue));
}
else {
return null;
}
}
@Override
protected DBObject convert(MongoSession session) {
BasicDBObject basicDBObject = new BasicDBObject();
basicDBObject.put(ID, session.getId());
basicDBObject.put(CREATION_TIME, session.getCreationTime());
basicDBObject.put(LAST_ACCESSED_TIME, session.getLastAccessedTime());
basicDBObject.put(MAX_INTERVAL, session.getMaxInactiveInterval());
basicDBObject.put(PRINCIPAL_FIELD_NAME, extractPrincipal(session));
basicDBObject.put(EXPIRE_AT_FIELD_NAME, session.getExpireAt());
basicDBObject.put(ATTRIBUTES, serializeAttributes(session));
return basicDBObject;
}
@Override
protected MongoSession convert(Document sessionWrapper) {
Object maxInterval = sessionWrapper.getOrDefault(MAX_INTERVAL, this.maxInactiveInterval);
Duration maxIntervalDuration = (maxInterval instanceof Duration) ? (Duration) maxInterval
: Duration.parse(maxInterval.toString());
MongoSession session = new MongoSession(sessionWrapper.getString(ID), maxIntervalDuration.getSeconds());
Object creationTime = sessionWrapper.get(CREATION_TIME);
if (creationTime instanceof Instant) {
session.setCreationTime(((Instant) creationTime).toEpochMilli());
}
else if (creationTime instanceof Date) {
session.setCreationTime(((Date) creationTime).getTime());
}
Object lastAccessedTime = sessionWrapper.get(LAST_ACCESSED_TIME);
if (lastAccessedTime instanceof Instant) {
session.setLastAccessedTime((Instant) lastAccessedTime);
}
else if (lastAccessedTime instanceof Date) {
session.setLastAccessedTime(Instant.ofEpochMilli(((Date) lastAccessedTime).getTime()));
}
session.setExpireAt((Date) sessionWrapper.get(EXPIRE_AT_FIELD_NAME));
deserializeAttributes(sessionWrapper, session);
return session;
}
@Nullable
private byte[] serializeAttributes(Session session) {
Map<String, Object> attributes = new HashMap<>();
for (String attrName : session.getAttributeNames()) {
attributes.put(attrName, session.getAttribute(attrName));
}
return this.serializer.convert(attributes);
}
@SuppressWarnings("unchecked")
private void deserializeAttributes(Document sessionWrapper, Session session) {
Object sessionAttributes = sessionWrapper.get(ATTRIBUTES);
byte[] attributesBytes = ((sessionAttributes instanceof Binary) ? ((Binary) sessionAttributes).getData()
: (byte[]) sessionAttributes);
Map<String, Object> attributes = (Map<String, Object>) this.deserializer.convert(attributesBytes);
if (attributes != null) {
for (Map.Entry<String, Object> entry : attributes.entrySet()) {
session.setAttribute(entry.getKey(), entry.getValue());
}
}
}
}

192
spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/MongoIndexedSessionRepository.java
View File

@@ -1,192 +0,0 @@
/*
* Copyright 2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import java.time.Duration;
import java.util.Collections;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bson.Document;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.data.mongodb.core.MongoOperations;
import org.springframework.data.mongodb.core.index.IndexOperations;
import org.springframework.lang.Nullable;
import org.springframework.session.FindByIndexNameSessionRepository;
import org.springframework.session.events.SessionCreatedEvent;
import org.springframework.session.events.SessionDeletedEvent;
import org.springframework.session.events.SessionExpiredEvent;
/**
* Session repository implementation which stores sessions in Mongo. Uses
* {@link AbstractMongoSessionConverter} to transform session objects from/to native Mongo
* representation ({@code DBObject}). Repository is also responsible for removing expired
* sessions from database. Cleanup is done every minute.
*
* @author Jakub Kubrynski
* @author Greg Turnquist
* @since 2.2.0
*/
public class MongoIndexedSessionRepository
implements FindByIndexNameSessionRepository<MongoSession>, ApplicationEventPublisherAware, InitializingBean {
/**
* The default time period in seconds in which a session will expire.
*/
public static final int DEFAULT_INACTIVE_INTERVAL = 1800;
/**
* the default collection name for storing session.
*/
public static final String DEFAULT_COLLECTION_NAME = "sessions";
private static final Log logger = LogFactory.getLog(MongoIndexedSessionRepository.class);
private final MongoOperations mongoOperations;
private Integer maxInactiveIntervalInSeconds = DEFAULT_INACTIVE_INTERVAL;
private String collectionName = DEFAULT_COLLECTION_NAME;
private AbstractMongoSessionConverter mongoSessionConverter = new JdkMongoSessionConverter(
Duration.ofSeconds(this.maxInactiveIntervalInSeconds));
private ApplicationEventPublisher eventPublisher;
public MongoIndexedSessionRepository(MongoOperations mongoOperations) {
this.mongoOperations = mongoOperations;
}
@Override
public MongoSession createSession() {
MongoSession session = new MongoSession();
if (this.maxInactiveIntervalInSeconds != null) {
session.setMaxInactiveInterval(Duration.ofSeconds(this.maxInactiveIntervalInSeconds));
}
publishEvent(new SessionCreatedEvent(this, session));
return session;
}
@Override
public void save(MongoSession session) {
this.mongoOperations
.save(Assert.requireNonNull(MongoSessionUtils.convertToDBObject(this.mongoSessionConverter, session),
"convertToDBObject must not null!"), this.collectionName);
}
@Override
@Nullable
public MongoSession findById(String id) {
Document sessionWrapper = findSession(id);
if (sessionWrapper == null) {
return null;
}
MongoSession session = MongoSessionUtils.convertToSession(this.mongoSessionConverter, sessionWrapper);
if (session != null && session.isExpired()) {
publishEvent(new SessionExpiredEvent(this, session));
deleteById(id);
return null;
}
return session;
}
/**
* Currently this repository allows only querying against
* {@code PRINCIPAL_NAME_INDEX_NAME}.
* @param indexName the name if the index (i.e.
* {@link FindByIndexNameSessionRepository#PRINCIPAL_NAME_INDEX_NAME})
* @param indexValue the value of the index to search for.
* @return sessions map
*/
@Override
public Map<String, MongoSession> findByIndexNameAndIndexValue(String indexName, String indexValue) {
return Optional.ofNullable(this.mongoSessionConverter.getQueryForIndex(indexName, indexValue))
.map((query) -> this.mongoOperations.find(query, Document.class, this.collectionName))
.orElse(Collections.emptyList()).stream()
.map((dbSession) -> MongoSessionUtils.convertToSession(this.mongoSessionConverter, dbSession))
.collect(Collectors.toMap(MongoSession::getId, (mapSession) -> mapSession));
}
@Override
public void deleteById(String id) {
Optional.ofNullable(findSession(id)).ifPresent((document) -> {
MongoSession session = MongoSessionUtils.convertToSession(this.mongoSessionConverter, document);
if (session != null) {
publishEvent(new SessionDeletedEvent(this, session));
}
this.mongoOperations.remove(document, this.collectionName);
});
}
@Override
public void afterPropertiesSet() {
IndexOperations indexOperations = this.mongoOperations.indexOps(this.collectionName);
this.mongoSessionConverter.ensureIndexes(indexOperations);
}
@Nullable
private Document findSession(String id) {
return this.mongoOperations.findById(id, Document.class, this.collectionName);
}
@Override
public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) {
this.eventPublisher = eventPublisher;
}
private void publishEvent(ApplicationEvent event) {
try {
this.eventPublisher.publishEvent(event);
}
catch (Throwable ex) {
logger.error("Error publishing " + event + ".", ex);
}
}
public void setMaxInactiveIntervalInSeconds(final Integer maxInactiveIntervalInSeconds) {
this.maxInactiveIntervalInSeconds = maxInactiveIntervalInSeconds;
}
public void setCollectionName(final String collectionName) {
this.collectionName = collectionName;
}
public void setMongoSessionConverter(final AbstractMongoSessionConverter mongoSessionConverter) {
this.mongoSessionConverter = mongoSessionConverter;
}
}

35
spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/MongoOperationsSessionRepository.java
View File

@@ -1,35 +0,0 @@
/*
* Copyright 2014-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import org.springframework.data.mongodb.core.MongoOperations;
/**
* This {@link org.springframework.session.FindByIndexNameSessionRepository}
* implementation is kept to support backwards compatibility.
*
* @author Rob Winch
* @since 1.2
* @deprecated since 2.2.0 in favor of {@link MongoIndexedSessionRepository}.
*/
@Deprecated
public class MongoOperationsSessionRepository extends MongoIndexedSessionRepository {
public MongoOperationsSessionRepository(MongoOperations mongoOperations) {
super(mongoOperations);
}
}

194
spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/MongoSession.java
View File

@@ -1,194 +0,0 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import java.time.Duration;
import java.time.Instant;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import org.springframework.lang.Nullable;
import org.springframework.session.Session;
/**
* Session object providing additional information about the datetime of expiration.
*
* @author Jakub Kubrynski
* @author Greg Turnquist
* @since 1.2
*/
public class MongoSession implements Session {
/**
* Mongo doesn't support {@literal dot} in field names. We replace it with a very
* rarely used character
*/
private static final char DOT_COVER_CHAR = '';
private String id;
private String originalSessionId;
private long createdMillis = System.currentTimeMillis();
private long accessedMillis;
private long intervalSeconds;
private Date expireAt;
private Map<String, Object> attrs = new HashMap<>();
public MongoSession() {
this(MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL);
}
public MongoSession(long maxInactiveIntervalInSeconds) {
this(UUID.randomUUID().toString(), maxInactiveIntervalInSeconds);
}
public MongoSession(String id, long maxInactiveIntervalInSeconds) {
this.id = id;
this.originalSessionId = id;
this.intervalSeconds = maxInactiveIntervalInSeconds;
setLastAccessedTime(Instant.ofEpochMilli(this.createdMillis));
}
static String coverDot(String attributeName) {
return attributeName.replace('.', DOT_COVER_CHAR);
}
static String uncoverDot(String attributeName) {
return attributeName.replace(DOT_COVER_CHAR, '.');
}
@Override
public String changeSessionId() {
String changedId = UUID.randomUUID().toString();
this.id = changedId;
return changedId;
}
@Override
@Nullable
public <T> T getAttribute(String attributeName) {
return (T) this.attrs.get(coverDot(attributeName));
}
@Override
public Set<String> getAttributeNames() {
return this.attrs.keySet().stream().map(MongoSession::uncoverDot).collect(Collectors.toSet());
}
@Override
public void setAttribute(String attributeName, Object attributeValue) {
if (attributeValue == null) {
removeAttribute(coverDot(attributeName));
}
else {
this.attrs.put(coverDot(attributeName), attributeValue);
}
}
@Override
public void removeAttribute(String attributeName) {
this.attrs.remove(coverDot(attributeName));
}
@Override
public Instant getCreationTime() {
return Instant.ofEpochMilli(this.createdMillis);
}
public void setCreationTime(long created) {
this.createdMillis = created;
}
@Override
public Instant getLastAccessedTime() {
return Instant.ofEpochMilli(this.accessedMillis);
}
@Override
public void setLastAccessedTime(Instant lastAccessedTime) {
this.accessedMillis = lastAccessedTime.toEpochMilli();
this.expireAt = Date.from(lastAccessedTime.plus(Duration.ofSeconds(this.intervalSeconds)));
}
@Override
public Duration getMaxInactiveInterval() {
return Duration.ofSeconds(this.intervalSeconds);
}
@Override
public void setMaxInactiveInterval(Duration interval) {
this.intervalSeconds = interval.getSeconds();
}
@Override
public boolean isExpired() {
return this.intervalSeconds >= 0 && new Date().after(this.expireAt);
}
@Override
public boolean equals(Object o) {
if (this == o) {
return true;
}
if (o == null || getClass() != o.getClass()) {
return false;
}
MongoSession that = (MongoSession) o;
return Objects.equals(this.id, that.id);
}
@Override
public int hashCode() {
return Objects.hash(this.id);
}
@Override
public String getId() {
return this.id;
}
public Date getExpireAt() {
return this.expireAt;
}
public void setExpireAt(final Date expireAt) {
this.expireAt = expireAt;
}
boolean hasChangedSessionId() {
return !getId().equals(this.originalSessionId);
}
String getOriginalSessionId() {
return this.originalSessionId;
}
}

48
spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/MongoSessionUtils.java
View File

@@ -1,48 +0,0 @@
/*
* Copyright 2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import com.mongodb.DBObject;
import org.bson.Document;
import org.springframework.core.convert.TypeDescriptor;
import org.springframework.lang.Nullable;
/**
* Utility for MongoSession.
*
* @author Greg Turnquist
*/
public final class MongoSessionUtils {
private MongoSessionUtils() {
}
@Nullable
static DBObject convertToDBObject(AbstractMongoSessionConverter mongoSessionConverter, MongoSession session) {
return (DBObject) mongoSessionConverter.convert(session, TypeDescriptor.valueOf(MongoSession.class),
TypeDescriptor.valueOf(DBObject.class));
}
@Nullable
static MongoSession convertToSession(AbstractMongoSessionConverter mongoSessionConverter, Document session) {
return (MongoSession) mongoSessionConverter.convert(session, TypeDescriptor.valueOf(Document.class),
TypeDescriptor.valueOf(MongoSession.class));
}
}

35
spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/ReactiveMongoOperationsSessionRepository.java
View File

@@ -1,35 +0,0 @@
/*
* Copyright 2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import org.springframework.data.mongodb.core.ReactiveMongoOperations;
import org.springframework.session.ReactiveSessionRepository;
/**
* This {@link ReactiveSessionRepository} implementation is kept to support migration to
* {@link ReactiveMongoSessionRepository} in a backwards compatible manner.
*
* @author Greg Turnquist
* @deprecated since 2.2.0 in favor of {@link ReactiveMongoSessionRepository}.
*/
@Deprecated
public class ReactiveMongoOperationsSessionRepository extends ReactiveMongoSessionRepository {
public ReactiveMongoOperationsSessionRepository(ReactiveMongoOperations mongoOperations) {
super(mongoOperations);
}
}

196
spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/ReactiveMongoSessionRepository.java
View File

@@ -1,196 +0,0 @@
/*
* Copyright 2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import java.time.Duration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bson.Document;
import reactor.core.publisher.Mono;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.data.mongodb.core.MongoOperations;
import org.springframework.data.mongodb.core.ReactiveMongoOperations;
import org.springframework.data.mongodb.core.index.IndexOperations;
import org.springframework.data.mongodb.core.query.Criteria;
import org.springframework.data.mongodb.core.query.Query;
import org.springframework.session.ReactiveSessionRepository;
import org.springframework.session.events.SessionCreatedEvent;
import org.springframework.session.events.SessionDeletedEvent;
/**
* A {@link ReactiveSessionRepository} implementation that uses Spring Data MongoDB.
*
* @author Greg Turnquist
* @since 2.2.0
*/
public class ReactiveMongoSessionRepository
implements ReactiveSessionRepository<MongoSession>, ApplicationEventPublisherAware, InitializingBean {
/**
* The default time period in seconds in which a session will expire.
*/
public static final int DEFAULT_INACTIVE_INTERVAL = 1800;
/**
* The default collection name for storing session.
*/
public static final String DEFAULT_COLLECTION_NAME = "sessions";
private static final Log logger = LogFactory.getLog(ReactiveMongoSessionRepository.class);
private final ReactiveMongoOperations mongoOperations;
private Integer maxInactiveIntervalInSeconds = DEFAULT_INACTIVE_INTERVAL;
private String collectionName = DEFAULT_COLLECTION_NAME;
private AbstractMongoSessionConverter mongoSessionConverter = new JdkMongoSessionConverter(
Duration.ofSeconds(this.maxInactiveIntervalInSeconds));
private MongoOperations blockingMongoOperations;
private ApplicationEventPublisher eventPublisher;
public ReactiveMongoSessionRepository(ReactiveMongoOperations mongoOperations) {
this.mongoOperations = mongoOperations;
}
/**
* Creates a new {@link MongoSession} that is capable of being persisted by this
* {@link ReactiveSessionRepository}.
* <p>
* This allows optimizations and customizations in how the {@link MongoSession} is
* persisted. For example, the implementation returned might keep track of the changes
* ensuring that only the delta needs to be persisted on a save.
* </p>
* @return a new {@link MongoSession} that is capable of being persisted by this
* {@link ReactiveSessionRepository}
*/
@Override
public Mono<MongoSession> createSession() {
return Mono.justOrEmpty(this.maxInactiveIntervalInSeconds) //
.map(MongoSession::new) //
.doOnNext((mongoSession) -> publishEvent(new SessionCreatedEvent(this, mongoSession))) //
.switchIfEmpty(Mono.just(new MongoSession()));
}
@Override
public Mono<Void> save(MongoSession session) {
return Mono //
.justOrEmpty(MongoSessionUtils.convertToDBObject(this.mongoSessionConverter, session)) //
.flatMap((dbObject) -> {
if (session.hasChangedSessionId()) {
return this.mongoOperations
.remove(Query.query(Criteria.where("_id").is(session.getOriginalSessionId())),
this.collectionName) //
.then(this.mongoOperations.save(dbObject, this.collectionName));
}
else {
return this.mongoOperations.save(dbObject, this.collectionName);
}
}) //
.then();
}
@Override
public Mono<MongoSession> findById(String id) {
return findSession(id) //
.map((document) -> MongoSessionUtils.convertToSession(this.mongoSessionConverter, document)) //
.filter((mongoSession) -> !mongoSession.isExpired()) //
.switchIfEmpty(Mono.defer(() -> this.deleteById(id).then(Mono.empty())));
}
@Override
public Mono<Void> deleteById(String id) {
return findSession(id) //
.flatMap((document) -> this.mongoOperations.remove(document, this.collectionName) //
.then(Mono.just(document))) //
.map((document) -> MongoSessionUtils.convertToSession(this.mongoSessionConverter, document)) //
.doOnNext((mongoSession) -> publishEvent(new SessionDeletedEvent(this, mongoSession))) //
.then();
}
/**
* Do not use
* {@link org.springframework.data.mongodb.core.index.ReactiveIndexOperations} to
* ensure indexes exist. Instead, get a blocking {@link IndexOperations} and use that
* instead, if possible.
*/
@Override
public void afterPropertiesSet() {
if (this.blockingMongoOperations != null) {
IndexOperations indexOperations = this.blockingMongoOperations.indexOps(this.collectionName);
this.mongoSessionConverter.ensureIndexes(indexOperations);
}
}
private Mono<Document> findSession(String id) {
return this.mongoOperations.findById(id, Document.class, this.collectionName);
}
@Override
public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) {
this.eventPublisher = eventPublisher;
}
private void publishEvent(ApplicationEvent event) {
try {
this.eventPublisher.publishEvent(event);
}
catch (Throwable ex) {
logger.error("Error publishing " + event + ".", ex);
}
}
public Integer getMaxInactiveIntervalInSeconds() {
return this.maxInactiveIntervalInSeconds;
}
public void setMaxInactiveIntervalInSeconds(final Integer maxInactiveIntervalInSeconds) {
this.maxInactiveIntervalInSeconds = maxInactiveIntervalInSeconds;
}
public String getCollectionName() {
return this.collectionName;
}
public void setCollectionName(final String collectionName) {
this.collectionName = collectionName;
}
public void setMongoSessionConverter(final AbstractMongoSessionConverter mongoSessionConverter) {
this.mongoSessionConverter = mongoSessionConverter;
}
public void setBlockingMongoOperations(final MongoOperations blockingMongoOperations) {
this.blockingMongoOperations = blockingMongoOperations;
}
}

69
spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/config/annotation/web/http/EnableMongoHttpSession.java
View File

@@ -1,69 +0,0 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo.config.annotation.web.http;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.session.data.mongo.MongoIndexedSessionRepository;
/**
* Add this annotation to a {@code @Configuration} class to expose the
* SessionRepositoryFilter as a bean named "springSessionRepositoryFilter" and backed by
* Mongo. Use {@code collectionName} to change default name of the collection used to
* store sessions.
*
* <pre>
* <code>
* {@literal @EnableMongoHttpSession}
* public class MongoHttpSessionConfig {
*
* {@literal @Bean}
* public MongoOperations mongoOperations() throws UnknownHostException {
* return new MongoTemplate(new MongoClient(), "databaseName");
* }
*
* }
* </code> </pre>
*
* @author Jakub Kubrynski
* @since 1.2
*/
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.TYPE)
@Documented
@Import(MongoHttpSessionConfiguration.class)
@Configuration(proxyBeanMethods = false)
public @interface EnableMongoHttpSession {
/**
* The maximum time a session will be kept if it is inactive.
* @return default max inactive interval in seconds
*/
int maxInactiveIntervalInSeconds() default MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL;
/**
* The collection name to use.
* @return name of the collection to store session
*/
String collectionName() default MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME;
}

157
spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/config/annotation/web/http/MongoHttpSessionConfiguration.java
View File

@@ -1,157 +0,0 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo.config.annotation.web.http;
import java.time.Duration;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.beans.factory.BeanClassLoaderAware;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.EmbeddedValueResolverAware;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportAware;
import org.springframework.core.annotation.AnnotationAttributes;
import org.springframework.core.serializer.support.DeserializingConverter;
import org.springframework.core.serializer.support.SerializingConverter;
import org.springframework.core.type.AnnotationMetadata;
import org.springframework.data.mongodb.core.MongoOperations;
import org.springframework.session.IndexResolver;
import org.springframework.session.config.SessionRepositoryCustomizer;
import org.springframework.session.config.annotation.web.http.SpringHttpSessionConfiguration;
import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
import org.springframework.session.data.mongo.JdkMongoSessionConverter;
import org.springframework.session.data.mongo.MongoIndexedSessionRepository;
import org.springframework.session.data.mongo.MongoSession;
import org.springframework.util.StringUtils;
import org.springframework.util.StringValueResolver;
/**
* Configuration class registering {@code MongoSessionRepository} bean. To import this
* configuration use {@link EnableMongoHttpSession} annotation.
*
* @author Jakub Kubrynski
* @author Eddú Meléndez
* @since 1.2
*/
@Configuration(proxyBeanMethods = false)
public class MongoHttpSessionConfiguration extends SpringHttpSessionConfiguration
implements BeanClassLoaderAware, EmbeddedValueResolverAware, ImportAware {
private AbstractMongoSessionConverter mongoSessionConverter;
private Integer maxInactiveIntervalInSeconds;
private String collectionName;
private StringValueResolver embeddedValueResolver;
private List<SessionRepositoryCustomizer<MongoIndexedSessionRepository>> sessionRepositoryCustomizers;
private ClassLoader classLoader;
private IndexResolver<MongoSession> indexResolver;
@Bean
public MongoIndexedSessionRepository mongoSessionRepository(MongoOperations mongoOperations) {
MongoIndexedSessionRepository repository = new MongoIndexedSessionRepository(mongoOperations);
repository.setMaxInactiveIntervalInSeconds(this.maxInactiveIntervalInSeconds);
if (this.mongoSessionConverter != null) {
repository.setMongoSessionConverter(this.mongoSessionConverter);
if (this.indexResolver != null) {
this.mongoSessionConverter.setIndexResolver(this.indexResolver);
}
}
else {
JdkMongoSessionConverter mongoSessionConverter = new JdkMongoSessionConverter(new SerializingConverter(),
new DeserializingConverter(this.classLoader),
Duration.ofSeconds(MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL));
if (this.indexResolver != null) {
mongoSessionConverter.setIndexResolver(this.indexResolver);
}
repository.setMongoSessionConverter(mongoSessionConverter);
}
if (StringUtils.hasText(this.collectionName)) {
repository.setCollectionName(this.collectionName);
}
this.sessionRepositoryCustomizers
.forEach((sessionRepositoryCustomizer) -> sessionRepositoryCustomizer.customize(repository));
return repository;
}
public void setCollectionName(String collectionName) {
this.collectionName = collectionName;
}
public void setMaxInactiveIntervalInSeconds(Integer maxInactiveIntervalInSeconds) {
this.maxInactiveIntervalInSeconds = maxInactiveIntervalInSeconds;
}
public void setImportMetadata(AnnotationMetadata importMetadata) {
AnnotationAttributes attributes = AnnotationAttributes
.fromMap(importMetadata.getAnnotationAttributes(EnableMongoHttpSession.class.getName()));
if (attributes != null) {
this.maxInactiveIntervalInSeconds = attributes.getNumber("maxInactiveIntervalInSeconds");
}
else {
this.maxInactiveIntervalInSeconds = MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL;
}
String collectionNameValue = (attributes != null) ? attributes.getString("collectionName") : "";
if (StringUtils.hasText(collectionNameValue)) {
this.collectionName = this.embeddedValueResolver.resolveStringValue(collectionNameValue);
}
}
@Autowired(required = false)
public void setMongoSessionConverter(AbstractMongoSessionConverter mongoSessionConverter) {
this.mongoSessionConverter = mongoSessionConverter;
}
@Autowired(required = false)
public void setSessionRepositoryCustomizers(
ObjectProvider<SessionRepositoryCustomizer<MongoIndexedSessionRepository>> sessionRepositoryCustomizers) {
this.sessionRepositoryCustomizers = sessionRepositoryCustomizers.orderedStream().collect(Collectors.toList());
}
@Override
public void setBeanClassLoader(ClassLoader classLoader) {
this.classLoader = classLoader;
}
@Override
public void setEmbeddedValueResolver(StringValueResolver resolver) {
this.embeddedValueResolver = resolver;
}
@Autowired(required = false)
public void setIndexResolver(IndexResolver<MongoSession> indexResolver) {
this.indexResolver = indexResolver;
}
}

69
spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/config/annotation/web/reactive/EnableMongoWebSession.java
View File

@@ -1,69 +0,0 @@
/*
* Copyright 2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo.config.annotation.web.reactive;
import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.session.data.mongo.ReactiveMongoSessionRepository;
/**
* Add this annotation to a {@code @Configuration} class to configure a MongoDB-based
* {@code WebSessionManager} for a WebFlux application. This annotation assumes a
* {@code ReactorMongoOperations} is defined somewhere in the application context. If not,
* it will fail with a clear error messages. For example:
*
* <pre>
* <code>
* {@literal @Configuration}
* {@literal @EnableMongoWebSession}
* public class SpringWebFluxConfig {
*
* {@literal @Bean}
* public ReactorMongoOperations operations() {
* return new MaReactorMongoOperations(...);
* }
*
* }
* </code> </pre>
*
* @author Greg Turnquist
* @author Vedran Pavić
* @since 2.0
*/
@Retention(java.lang.annotation.RetentionPolicy.RUNTIME)
@Target({ java.lang.annotation.ElementType.TYPE })
@Documented
@Import(ReactiveMongoWebSessionConfiguration.class)
@Configuration(proxyBeanMethods = false)
public @interface EnableMongoWebSession {
/**
* The maximum time a session will be kept if it is inactive.
* @return default max inactive interval in seconds
*/
int maxInactiveIntervalInSeconds() default ReactiveMongoSessionRepository.DEFAULT_INACTIVE_INTERVAL;
/**
* The collection name to use.
* @return name of the collection to store session
*/
String collectionName() default ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME;
}

178
spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/config/annotation/web/reactive/ReactiveMongoWebSessionConfiguration.java
View File

@@ -1,178 +0,0 @@
/*
* Copyright 2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo.config.annotation.web.reactive;
import java.time.Duration;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.beans.factory.BeanClassLoaderAware;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.EmbeddedValueResolverAware;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportAware;
import org.springframework.core.annotation.AnnotationAttributes;
import org.springframework.core.serializer.support.DeserializingConverter;
import org.springframework.core.serializer.support.SerializingConverter;
import org.springframework.core.type.AnnotationMetadata;
import org.springframework.data.mongodb.core.MongoOperations;
import org.springframework.data.mongodb.core.ReactiveMongoOperations;
import org.springframework.session.IndexResolver;
import org.springframework.session.config.ReactiveSessionRepositoryCustomizer;
import org.springframework.session.config.annotation.web.server.SpringWebSessionConfiguration;
import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
import org.springframework.session.data.mongo.JdkMongoSessionConverter;
import org.springframework.session.data.mongo.MongoSession;
import org.springframework.session.data.mongo.ReactiveMongoSessionRepository;
import org.springframework.util.StringUtils;
import org.springframework.util.StringValueResolver;
/**
* Configure a {@link ReactiveMongoSessionRepository} using a provided
* {@link ReactiveMongoOperations}.
*
* @author Greg Turnquist
* @author Vedran Pavić
*/
@Configuration(proxyBeanMethods = false)
public class ReactiveMongoWebSessionConfiguration extends SpringWebSessionConfiguration
implements BeanClassLoaderAware, EmbeddedValueResolverAware, ImportAware {
private AbstractMongoSessionConverter mongoSessionConverter;
private Integer maxInactiveIntervalInSeconds;
private String collectionName;
private StringValueResolver embeddedValueResolver;
private List<ReactiveSessionRepositoryCustomizer<ReactiveMongoSessionRepository>> sessionRepositoryCustomizers;
@Autowired(required = false)
private MongoOperations mongoOperations;
private ClassLoader classLoader;
private IndexResolver<MongoSession> indexResolver;
@Bean
public ReactiveMongoSessionRepository reactiveMongoSessionRepository(ReactiveMongoOperations operations) {
ReactiveMongoSessionRepository repository = new ReactiveMongoSessionRepository(operations);
if (this.mongoSessionConverter != null) {
repository.setMongoSessionConverter(this.mongoSessionConverter);
if (this.indexResolver != null) {
this.mongoSessionConverter.setIndexResolver(this.indexResolver);
}
}
else {
JdkMongoSessionConverter mongoSessionConverter = new JdkMongoSessionConverter(new SerializingConverter(),
new DeserializingConverter(this.classLoader),
Duration.ofSeconds(ReactiveMongoSessionRepository.DEFAULT_INACTIVE_INTERVAL));
if (this.indexResolver != null) {
mongoSessionConverter.setIndexResolver(this.indexResolver);
}
repository.setMongoSessionConverter(mongoSessionConverter);
}
if (this.maxInactiveIntervalInSeconds != null) {
repository.setMaxInactiveIntervalInSeconds(this.maxInactiveIntervalInSeconds);
}
if (this.collectionName != null) {
repository.setCollectionName(this.collectionName);
}
if (this.mongoOperations != null) {
repository.setBlockingMongoOperations(this.mongoOperations);
}
this.sessionRepositoryCustomizers
.forEach((sessionRepositoryCustomizer) -> sessionRepositoryCustomizer.customize(repository));
return repository;
}
@Autowired(required = false)
public void setMongoSessionConverter(AbstractMongoSessionConverter mongoSessionConverter) {
this.mongoSessionConverter = mongoSessionConverter;
}
@Override
public void setImportMetadata(AnnotationMetadata importMetadata) {
AnnotationAttributes attributes = AnnotationAttributes
.fromMap(importMetadata.getAnnotationAttributes(EnableMongoWebSession.class.getName()));
if (attributes != null) {
this.maxInactiveIntervalInSeconds = attributes.getNumber("maxInactiveIntervalInSeconds");
}
else {
this.maxInactiveIntervalInSeconds = ReactiveMongoSessionRepository.DEFAULT_INACTIVE_INTERVAL;
}
String collectionNameValue = (attributes != null) ? attributes.getString("collectionName") : "";
if (StringUtils.hasText(collectionNameValue)) {
this.collectionName = this.embeddedValueResolver.resolveStringValue(collectionNameValue);
}
}
@Override
public void setBeanClassLoader(ClassLoader classLoader) {
this.classLoader = classLoader;
}
@Override
public void setEmbeddedValueResolver(StringValueResolver embeddedValueResolver) {
this.embeddedValueResolver = embeddedValueResolver;
}
public Integer getMaxInactiveIntervalInSeconds() {
return this.maxInactiveIntervalInSeconds;
}
public void setMaxInactiveIntervalInSeconds(Integer maxInactiveIntervalInSeconds) {
this.maxInactiveIntervalInSeconds = maxInactiveIntervalInSeconds;
}
public String getCollectionName() {
return this.collectionName;
}
public void setCollectionName(String collectionName) {
this.collectionName = collectionName;
}
@Autowired(required = false)
public void setSessionRepositoryCustomizers(
ObjectProvider<ReactiveSessionRepositoryCustomizer<ReactiveMongoSessionRepository>> sessionRepositoryCustomizers) {
this.sessionRepositoryCustomizers = sessionRepositoryCustomizers.orderedStream().collect(Collectors.toList());
}
@Autowired(required = false)
public void setIndexResolver(IndexResolver<MongoSession> indexResolver) {
this.indexResolver = indexResolver;
}
}

25
spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/package-info.java
View File

@@ -1,25 +0,0 @@
/*
* Copyright 2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Spring Session MongoDB support.
*
* @author Greg Turnquist
*/
@NonNullApi
package org.springframework.session.data.mongo;
import org.springframework.lang.NonNullApi;

141
spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/AbstractMongoSessionConverterTest.java
View File

@@ -1,141 +0,0 @@
/*
* Copyright 2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import java.time.Duration;
import com.mongodb.DBObject;
import org.bson.Document;
import org.junit.jupiter.api.Test;
import org.springframework.core.convert.TypeDescriptor;
import org.springframework.lang.Nullable;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.session.FindByIndexNameSessionRepository;
import static org.assertj.core.api.Assertions.assertThat;
/**
* @author Greg Turnquist
*/
public abstract class AbstractMongoSessionConverterTest {
abstract AbstractMongoSessionConverter getMongoSessionConverter();
@Test
void verifyRoundTripSerialization() throws Exception {
// given
MongoSession toSerialize = new MongoSession();
toSerialize.setAttribute("username", "john_the_springer");
// when
DBObject dbObject = convertToDBObject(toSerialize);
MongoSession deserialized = convertToSession(dbObject);
// then
assertThat(deserialized).isEqualToComparingFieldByField(toSerialize);
}
@Test
void verifyRoundTripSecuritySerialization() {
// given
MongoSession toSerialize = new MongoSession();
String principalName = "john_the_springer";
SecurityContextImpl context = new SecurityContextImpl();
context.setAuthentication(new UsernamePasswordAuthenticationToken(principalName, null));
toSerialize.setAttribute("SPRING_SECURITY_CONTEXT", context);
// when
DBObject serialized = convertToDBObject(toSerialize);
MongoSession deserialized = convertToSession(serialized);
// then
assertThat(deserialized).isEqualToComparingOnlyGivenFields(toSerialize, "id", "createdMillis", "accessedMillis",
"intervalSeconds", "expireAt");
SecurityContextImpl springSecurityContextBefore = toSerialize.getAttribute("SPRING_SECURITY_CONTEXT");
SecurityContextImpl springSecurityContextAfter = deserialized.getAttribute("SPRING_SECURITY_CONTEXT");
assertThat(springSecurityContextBefore).isEqualToComparingOnlyGivenFields(springSecurityContextAfter,
"authentication.principal", "authentication.authorities", "authentication.authenticated");
assertThat(springSecurityContextAfter.getAuthentication().getPrincipal()).isEqualTo("john_the_springer");
assertThat(springSecurityContextAfter.getAuthentication().getCredentials()).isNull();
}
@Test
void shouldExtractPrincipalNameFromAttributes() throws Exception {
// given
MongoSession toSerialize = new MongoSession();
String principalName = "john_the_springer";
toSerialize.setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, principalName);
// when
DBObject dbObject = convertToDBObject(toSerialize);
// then
assertThat(dbObject.get("principal")).isEqualTo(principalName);
}
@Test
void shouldExtractPrincipalNameFromAuthentication() throws Exception {
// given
MongoSession toSerialize = new MongoSession();
String principalName = "john_the_springer";
SecurityContextImpl context = new SecurityContextImpl();
context.setAuthentication(new UsernamePasswordAuthenticationToken(principalName, null));
toSerialize.setAttribute("SPRING_SECURITY_CONTEXT", context);
// when
DBObject dbObject = convertToDBObject(toSerialize);
// then
assertThat(dbObject.get("principal")).isEqualTo(principalName);
}
@Test
void sessionWrapperWithNoMaxIntervalShouldFallbackToDefaultValues() {
// given
MongoSession toSerialize = new MongoSession();
DBObject dbObject = convertToDBObject(toSerialize);
Document document = new Document(dbObject.toMap());
document.remove("interval");
// when
MongoSession convertedSession = getMongoSessionConverter().convert(document);
// then
assertThat(convertedSession.getMaxInactiveInterval()).isEqualTo(Duration.ofMinutes(30));
}
@Nullable
MongoSession convertToSession(DBObject session) {
return (MongoSession) getMongoSessionConverter().convert(session, TypeDescriptor.valueOf(DBObject.class),
TypeDescriptor.valueOf(MongoSession.class));
}
@Nullable
DBObject convertToDBObject(MongoSession session) {
return (DBObject) getMongoSessionConverter().convert(session, TypeDescriptor.valueOf(MongoSession.class),
TypeDescriptor.valueOf(DBObject.class));
}
}

129
spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/JacksonMongoSessionConverterTest.java
View File

@@ -1,129 +0,0 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import java.lang.reflect.Field;
import java.util.Date;
import java.util.HashMap;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.mongodb.DBObject;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.AssertionsForClassTypes;
import org.bson.Document;
import org.bson.types.ObjectId;
import org.junit.jupiter.api.Test;
import org.springframework.data.mongodb.core.query.Query;
import org.springframework.util.ReflectionUtils;
/**
* @author Jakub Kubrynski
* @author Greg Turnquist
*/
public class JacksonMongoSessionConverterTest extends AbstractMongoSessionConverterTest {
JacksonMongoSessionConverter mongoSessionConverter = new JacksonMongoSessionConverter();
@Override
AbstractMongoSessionConverter getMongoSessionConverter() {
return this.mongoSessionConverter;
}
@Test
void shouldSaveIdField() {
// given
MongoSession session = new MongoSession();
// when
DBObject convert = this.mongoSessionConverter.convert(session);
// then
AssertionsForClassTypes.assertThat(convert.get("_id")).isEqualTo(session.getId());
AssertionsForClassTypes.assertThat(convert.get("id")).isNull();
}
@Test
void shouldQueryAgainstAttribute() throws Exception {
// when
Query cart = this.mongoSessionConverter.getQueryForIndex("cart", "my-cart");
// then
AssertionsForClassTypes.assertThat(cart.getQueryObject().get("attrs.cart")).isEqualTo("my-cart");
}
@Test
void shouldAllowCustomObjectMapper() {
// given
ObjectMapper myMapper = new ObjectMapper();
// when
JacksonMongoSessionConverter converter = new JacksonMongoSessionConverter(myMapper);
// then
Field objectMapperField = ReflectionUtils.findField(JacksonMongoSessionConverter.class, "objectMapper");
ReflectionUtils.makeAccessible(objectMapperField);
ObjectMapper converterMapper = (ObjectMapper) ReflectionUtils.getField(objectMapperField, converter);
AssertionsForClassTypes.assertThat(converterMapper).isEqualTo(myMapper);
}
@Test
void shouldNotAllowNullObjectMapperToBeInjected() {
Assertions.assertThatIllegalArgumentException()
.isThrownBy(() -> new JacksonMongoSessionConverter((ObjectMapper) null));
}
@Test
void shouldSaveExpireAtAsDate() {
// given
MongoSession session = new MongoSession();
// when
DBObject convert = this.mongoSessionConverter.convert(session);
// then
AssertionsForClassTypes.assertThat(convert.get("expireAt")).isInstanceOf(Date.class);
AssertionsForClassTypes.assertThat(convert.get("expireAt")).isEqualTo(session.getExpireAt());
}
@Test
void shouldLoadExpireAtFromDocument() {
// given
Date now = new Date();
HashMap<String, Object> data = new HashMap<>();
data.put("expireAt", now);
data.put("@class", MongoSession.class.getName());
data.put("_id", new ObjectId().toString());
Document document = new Document(data);
// when
MongoSession convertedSession = this.mongoSessionConverter.convert(document);
// then
AssertionsForClassTypes.assertThat(convertedSession).isNotNull();
AssertionsForClassTypes.assertThat(convertedSession.getExpireAt()).isEqualTo(now);
}
}

55
spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/JdkMongoSessionConverterTest.java
View File

@@ -1,55 +0,0 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import java.time.Duration;
import org.junit.jupiter.api.Test;
import org.springframework.core.serializer.support.DeserializingConverter;
import org.springframework.core.serializer.support.SerializingConverter;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
/**
* @author Jakub Kubrynski
* @author Rob Winch
* @author Greg Turnquist
*/
public class JdkMongoSessionConverterTest extends AbstractMongoSessionConverterTest {
Duration inactiveInterval = Duration.ofMinutes(30);
JdkMongoSessionConverter mongoSessionConverter = new JdkMongoSessionConverter(this.inactiveInterval);
@Override
AbstractMongoSessionConverter getMongoSessionConverter() {
return this.mongoSessionConverter;
}
@Test
void constructorNullSerializer() {
assertThatIllegalArgumentException().isThrownBy(
() -> new JdkMongoSessionConverter(null, new DeserializingConverter(), this.inactiveInterval));
}
@Test
void constructorNullDeserializer() {
assertThatIllegalArgumentException().isThrownBy(
() -> new JdkMongoSessionConverter(new SerializingConverter(), null, this.inactiveInterval));
}
}

225
spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/MongoIndexedSessionRepositoryTest.java
View File

@@ -1,225 +0,0 @@
/*
* Copyright 2014-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import java.util.Collections;
import java.util.Map;
import java.util.UUID;
import com.mongodb.BasicDBObject;
import com.mongodb.DBObject;
import org.bson.Document;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.core.convert.TypeDescriptor;
import org.springframework.data.mongodb.core.MongoOperations;
import org.springframework.data.mongodb.core.query.Query;
import org.springframework.session.FindByIndexNameSessionRepository;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.BDDMockito.given;
import static org.mockito.BDDMockito.mock;
import static org.mockito.BDDMockito.verify;
/**
* Tests for {@link MongoIndexedSessionRepository}.
*
* @author Jakub Kubrynski
* @author Vedran Pavic
* @author Greg Turnquist
*/
@ExtendWith(MockitoExtension.class)
public class MongoIndexedSessionRepositoryTest {
@Mock
private AbstractMongoSessionConverter converter;
@Mock
private MongoOperations mongoOperations;
private MongoIndexedSessionRepository repository;
@BeforeEach
void setUp() {
this.repository = new MongoIndexedSessionRepository(this.mongoOperations);
this.repository.setMongoSessionConverter(this.converter);
}
@Test
void shouldCreateSession() {
// when
MongoSession session = this.repository.createSession();
// then
assertThat(session.getId()).isNotEmpty();
assertThat(session.getMaxInactiveInterval().getSeconds())
.isEqualTo(MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL);
}
@Test
void shouldCreateSessionWhenMaxInactiveIntervalNotDefined() {
// when
this.repository.setMaxInactiveIntervalInSeconds(null);
MongoSession session = this.repository.createSession();
// then
assertThat(session.getId()).isNotEmpty();
assertThat(session.getMaxInactiveInterval().getSeconds())
.isEqualTo(MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL);
}
@Test
void shouldSaveSession() {
// given
MongoSession session = new MongoSession();
BasicDBObject dbSession = new BasicDBObject();
given(this.converter.convert(session, TypeDescriptor.valueOf(MongoSession.class),
TypeDescriptor.valueOf(DBObject.class))).willReturn(dbSession);
// when
this.repository.save(session);
// then
verify(this.mongoOperations).save(dbSession, MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME);
}
@Test
void shouldGetSession() {
// given
String sessionId = UUID.randomUUID().toString();
Document sessionDocument = new Document();
given(this.mongoOperations.findById(sessionId, Document.class,
MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME)).willReturn(sessionDocument);
MongoSession session = new MongoSession();
given(this.converter.convert(sessionDocument, TypeDescriptor.valueOf(Document.class),
TypeDescriptor.valueOf(MongoSession.class))).willReturn(session);
// when
MongoSession retrievedSession = this.repository.findById(sessionId);
// then
assertThat(retrievedSession).isEqualTo(session);
}
@Test
void shouldHandleExpiredSession() {
// given
String sessionId = UUID.randomUUID().toString();
Document sessionDocument = new Document();
given(this.mongoOperations.findById(sessionId, Document.class,
MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME)).willReturn(sessionDocument);
MongoSession session = mock(MongoSession.class);
given(session.isExpired()).willReturn(true);
given(this.converter.convert(sessionDocument, TypeDescriptor.valueOf(Document.class),
TypeDescriptor.valueOf(MongoSession.class))).willReturn(session);
given(session.getId()).willReturn("sessionId");
// when
this.repository.findById(sessionId);
// then
verify(this.mongoOperations).remove(any(Document.class),
eq(MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME));
}
@Test
void shouldDeleteSession() {
// given
String sessionId = UUID.randomUUID().toString();
Document sessionDocument = new Document();
sessionDocument.put("id", sessionId);
MongoSession mongoSession = new MongoSession(sessionId,
MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL);
given(this.converter.convert(sessionDocument, TypeDescriptor.valueOf(Document.class),
TypeDescriptor.valueOf(MongoSession.class))).willReturn(mongoSession);
given(this.mongoOperations.findById(eq(sessionId), eq(Document.class),
eq(MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME))).willReturn(sessionDocument);
// when
this.repository.deleteById(sessionId);
// then
verify(this.mongoOperations).remove(any(Document.class),
eq(MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME));
}
@Test
void shouldGetSessionsMapByPrincipal() {
// given
String principalNameIndexName = FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME;
Document document = new Document();
given(this.converter.getQueryForIndex(anyString(), any(Object.class))).willReturn(mock(Query.class));
given(this.mongoOperations.find(any(Query.class), eq(Document.class),
eq(MongoIndexedSessionRepository.DEFAULT_COLLECTION_NAME)))
.willReturn(Collections.singletonList(document));
String sessionId = UUID.randomUUID().toString();
MongoSession session = new MongoSession(sessionId, 1800);
given(this.converter.convert(document, TypeDescriptor.valueOf(Document.class),
TypeDescriptor.valueOf(MongoSession.class))).willReturn(session);
// when
Map<String, MongoSession> sessionsMap = this.repository.findByIndexNameAndIndexValue(principalNameIndexName,
"john");
// then
assertThat(sessionsMap).containsOnlyKeys(sessionId);
assertThat(sessionsMap).containsValues(session);
}
@Test
void shouldReturnEmptyMapForNotSupportedIndex() {
// given
String index = "some_not_supported_index_name";
// when
Map<String, MongoSession> sessionsMap = this.repository.findByIndexNameAndIndexValue(index, "some_value");
// then
assertThat(sessionsMap).isEmpty();
}
}

42
spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/MongoSessionTest.java
View File

@@ -1,42 +0,0 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import java.time.Duration;
import java.time.Instant;
import org.junit.jupiter.api.Test;
import static org.assertj.core.api.Assertions.assertThat;
/**
* @author Rob Winch
* @author Greg Turnquist
*/
public class MongoSessionTest {
@Test
void isExpiredWhenIntervalNegativeThenFalse() {
MongoSession session = new MongoSession();
session.setMaxInactiveInterval(Duration.ofSeconds(-1));
session.setLastAccessedTime(Instant.ofEpochMilli(0L));
assertThat(session.isExpired()).isFalse();
}
}

229
spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/ReactiveMongoSessionRepositoryTest.java
View File

@@ -1,229 +0,0 @@
/*
* Copyright 2014-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo;
import java.util.UUID;
import com.mongodb.BasicDBObject;
import com.mongodb.DBObject;
import com.mongodb.client.result.DeleteResult;
import org.bson.Document;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import reactor.core.publisher.Mono;
import reactor.test.StepVerifier;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.core.convert.TypeDescriptor;
import org.springframework.data.mongodb.core.MongoOperations;
import org.springframework.data.mongodb.core.ReactiveMongoOperations;
import org.springframework.data.mongodb.core.index.IndexOperations;
import org.springframework.session.events.SessionDeletedEvent;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.BDDMockito.any;
import static org.mockito.BDDMockito.eq;
import static org.mockito.BDDMockito.given;
import static org.mockito.BDDMockito.mock;
import static org.mockito.BDDMockito.times;
import static org.mockito.BDDMockito.verify;
/**
* Tests for {@link ReactiveMongoSessionRepository}.
*
* @author Jakub Kubrynski
* @author Vedran Pavic
* @author Greg Turnquist
*/
@ExtendWith(MockitoExtension.class)
public class ReactiveMongoSessionRepositoryTest {
@Mock
private AbstractMongoSessionConverter converter;
@Mock
private ReactiveMongoOperations mongoOperations;
@Mock
private MongoOperations blockingMongoOperations;
@Mock
private ApplicationEventPublisher eventPublisher;
private ReactiveMongoSessionRepository repository;
@BeforeEach
void setUp() {
this.repository = new ReactiveMongoSessionRepository(this.mongoOperations);
this.repository.setMongoSessionConverter(this.converter);
this.repository.setApplicationEventPublisher(this.eventPublisher);
}
@Test
void shouldCreateSession() {
this.repository.createSession() //
.as(StepVerifier::create) //
.expectNextMatches((mongoSession) -> {
assertThat(mongoSession.getId()).isNotEmpty();
assertThat(mongoSession.getMaxInactiveInterval().getSeconds())
.isEqualTo(ReactiveMongoSessionRepository.DEFAULT_INACTIVE_INTERVAL);
return true;
}) //
.verifyComplete();
}
@Test
void shouldCreateSessionWhenMaxInactiveIntervalNotDefined() {
// when
this.repository.setMaxInactiveIntervalInSeconds(null);
// then
this.repository.createSession() //
.as(StepVerifier::create) //
.expectNextMatches((mongoSession) -> {
assertThat(mongoSession.getId()).isNotEmpty();
assertThat(mongoSession.getMaxInactiveInterval().getSeconds())
.isEqualTo(ReactiveMongoSessionRepository.DEFAULT_INACTIVE_INTERVAL);
return true;
}) //
.verifyComplete();
}
@Test
void shouldSaveSession() {
// given
MongoSession session = new MongoSession();
BasicDBObject dbSession = new BasicDBObject();
given(this.converter.convert(session, TypeDescriptor.valueOf(MongoSession.class),
TypeDescriptor.valueOf(DBObject.class))).willReturn(dbSession);
given(this.mongoOperations.save(dbSession, "sessions")).willReturn(Mono.just(dbSession));
// when
this.repository.save(session) //
.as(StepVerifier::create) //
.verifyComplete();
verify(this.mongoOperations).save(dbSession, ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME);
}
@Test
void shouldGetSession() {
// given
String sessionId = UUID.randomUUID().toString();
Document sessionDocument = new Document();
given(this.mongoOperations.findById(sessionId, Document.class,
ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME)).willReturn(Mono.just(sessionDocument));
MongoSession session = new MongoSession();
given(this.converter.convert(sessionDocument, TypeDescriptor.valueOf(Document.class),
TypeDescriptor.valueOf(MongoSession.class))).willReturn(session);
// when
this.repository.findById(sessionId) //
.as(StepVerifier::create) //
.expectNext(session) //
.verifyComplete();
}
@Test
void shouldHandleExpiredSession() {
// given
String sessionId = UUID.randomUUID().toString();
Document sessionDocument = new Document();
given(this.mongoOperations.findById(sessionId, Document.class,
ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME)).willReturn(Mono.just(sessionDocument));
given(this.mongoOperations.remove(sessionDocument, ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME))
.willReturn(Mono.just(DeleteResult.acknowledged(1)));
MongoSession session = mock(MongoSession.class);
given(session.isExpired()).willReturn(true);
given(this.converter.convert(sessionDocument, TypeDescriptor.valueOf(Document.class),
TypeDescriptor.valueOf(MongoSession.class))).willReturn(session);
// when
this.repository.findById(sessionId) //
.as(StepVerifier::create) //
.verifyComplete();
// then
verify(this.mongoOperations).remove(any(Document.class),
eq(ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME));
}
@Test
void shouldDeleteSession() {
// given
String sessionId = UUID.randomUUID().toString();
Document sessionDocument = new Document();
given(this.mongoOperations.findById(sessionId, Document.class,
ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME)).willReturn(Mono.just(sessionDocument));
given(this.mongoOperations.remove(sessionDocument, "sessions"))
.willReturn(Mono.just(DeleteResult.acknowledged(1)));
MongoSession session = mock(MongoSession.class);
given(this.converter.convert(sessionDocument, TypeDescriptor.valueOf(Document.class),
TypeDescriptor.valueOf(MongoSession.class))).willReturn(session);
// when
this.repository.deleteById(sessionId) //
.as(StepVerifier::create) //
.verifyComplete();
verify(this.mongoOperations).remove(any(Document.class),
eq(ReactiveMongoSessionRepository.DEFAULT_COLLECTION_NAME));
verify(this.eventPublisher).publishEvent(any(SessionDeletedEvent.class));
}
@Test
void shouldInvokeMethodToCreateIndexesImperatively() {
// given
IndexOperations indexOperations = mock(IndexOperations.class);
given(this.blockingMongoOperations.indexOps((String) any())).willReturn(indexOperations);
this.repository.setBlockingMongoOperations(this.blockingMongoOperations);
// when
this.repository.afterPropertiesSet();
// then
verify(this.blockingMongoOperations, times(1)).indexOps((String) any());
verify(this.converter, times(1)).ensureIndexes(indexOperations);
}
}

334
spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/config/annotation/web/http/MongoHttpSessionConfigurationTest.java
View File

@@ -1,334 +0,0 @@
/*
* Copyright 2014-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo.config.annotation.web.http;
import java.net.UnknownHostException;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.UnsatisfiedDependencyException;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
import org.springframework.data.mongodb.core.MongoOperations;
import org.springframework.data.mongodb.core.index.IndexOperations;
import org.springframework.mock.env.MockEnvironment;
import org.springframework.session.IndexResolver;
import org.springframework.session.config.SessionRepositoryCustomizer;
import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
import org.springframework.session.data.mongo.JacksonMongoSessionConverter;
import org.springframework.session.data.mongo.MongoIndexedSessionRepository;
import org.springframework.session.data.mongo.MongoSession;
import org.springframework.test.util.ReflectionTestUtils;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.BDDMockito.given;
import static org.mockito.BDDMockito.mock;
/**
* Tests for {@link MongoHttpSessionConfiguration}.
*
* @author Eddú Meléndez
* @author Vedran Pavic
*/
public class MongoHttpSessionConfigurationTest {
private static final String COLLECTION_NAME = "testSessions";
private static final int MAX_INACTIVE_INTERVAL_IN_SECONDS = 600;
private AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext();
@AfterEach
void after() {
if (this.context != null) {
this.context.close();
}
}
@Test
void noMongoOperationsConfiguration() {
assertThatExceptionOfType(UnsatisfiedDependencyException.class)
.isThrownBy(() -> registerAndRefresh(EmptyConfiguration.class))
.withMessageContaining("mongoSessionRepository");
}
@Test
void defaultConfiguration() {
registerAndRefresh(DefaultConfiguration.class);
assertThat(this.context.getBean(MongoIndexedSessionRepository.class)).isNotNull();
}
@Test
void customCollectionName() {
registerAndRefresh(CustomCollectionNameConfiguration.class);
MongoIndexedSessionRepository repository = this.context.getBean(MongoIndexedSessionRepository.class);
assertThat(repository).isNotNull();
assertThat(ReflectionTestUtils.getField(repository, "collectionName")).isEqualTo(COLLECTION_NAME);
}
@Test
void setCustomCollectionName() {
registerAndRefresh(CustomCollectionNameSetConfiguration.class);
MongoHttpSessionConfiguration session = this.context.getBean(MongoHttpSessionConfiguration.class);
assertThat(session).isNotNull();
assertThat(ReflectionTestUtils.getField(session, "collectionName")).isEqualTo(COLLECTION_NAME);
}
@Test
void customMaxInactiveIntervalInSeconds() {
registerAndRefresh(CustomMaxInactiveIntervalInSecondsConfiguration.class);
MongoIndexedSessionRepository repository = this.context.getBean(MongoIndexedSessionRepository.class);
assertThat(repository).isNotNull();
assertThat(ReflectionTestUtils.getField(repository, "maxInactiveIntervalInSeconds"))
.isEqualTo(MAX_INACTIVE_INTERVAL_IN_SECONDS);
}
@Test
void setCustomMaxInactiveIntervalInSeconds() {
registerAndRefresh(CustomMaxInactiveIntervalInSecondsSetConfiguration.class);
MongoIndexedSessionRepository repository = this.context.getBean(MongoIndexedSessionRepository.class);
assertThat(repository).isNotNull();
assertThat(ReflectionTestUtils.getField(repository, "maxInactiveIntervalInSeconds"))
.isEqualTo(MAX_INACTIVE_INTERVAL_IN_SECONDS);
}
@Test
void setCustomSessionConverterConfiguration() {
registerAndRefresh(CustomSessionConverterConfiguration.class);
MongoIndexedSessionRepository repository = this.context.getBean(MongoIndexedSessionRepository.class);
AbstractMongoSessionConverter mongoSessionConverter = this.context.getBean(AbstractMongoSessionConverter.class);
assertThat(repository).isNotNull();
assertThat(mongoSessionConverter).isNotNull();
assertThat(ReflectionTestUtils.getField(repository, "mongoSessionConverter")).isEqualTo(mongoSessionConverter);
}
@Test
void resolveCollectionNameByPropertyPlaceholder() {
this.context
.setEnvironment(new MockEnvironment().withProperty("session.mongo.collectionName", COLLECTION_NAME));
registerAndRefresh(CustomMongoJdbcSessionConfiguration.class);
MongoHttpSessionConfiguration configuration = this.context.getBean(MongoHttpSessionConfiguration.class);
assertThat(ReflectionTestUtils.getField(configuration, "collectionName")).isEqualTo(COLLECTION_NAME);
}
@Test
void sessionRepositoryCustomizer() {
registerAndRefresh(MongoConfiguration.class, SessionRepositoryCustomizerConfiguration.class);
MongoIndexedSessionRepository sessionRepository = this.context.getBean(MongoIndexedSessionRepository.class);
assertThat(sessionRepository).hasFieldOrPropertyWithValue("maxInactiveIntervalInSeconds", 10000);
}
@Test
void customIndexResolverConfigurationWithDefaultMongoSessionConverter() {
registerAndRefresh(MongoConfiguration.class,
CustomIndexResolverConfigurationWithDefaultMongoSessionConverter.class);
MongoIndexedSessionRepository repository = this.context.getBean(MongoIndexedSessionRepository.class);
IndexResolver<MongoSession> indexResolver = this.context.getBean(IndexResolver.class);
assertThat(repository).isNotNull();
assertThat(indexResolver).isNotNull();
assertThat(repository).extracting("mongoSessionConverter").hasFieldOrPropertyWithValue("indexResolver",
indexResolver);
}
@Test
void customIndexResolverConfigurationWithProvidedMongoSessionConverter() {
registerAndRefresh(MongoConfiguration.class,
CustomIndexResolverConfigurationWithProvidedMongoSessionConverter.class);
MongoIndexedSessionRepository repository = this.context.getBean(MongoIndexedSessionRepository.class);
IndexResolver<MongoSession> indexResolver = this.context.getBean(IndexResolver.class);
assertThat(repository).isNotNull();
assertThat(indexResolver).isNotNull();
assertThat(repository).extracting("mongoSessionConverter").hasFieldOrPropertyWithValue("indexResolver",
indexResolver);
}
private void registerAndRefresh(Class<?>... annotatedClasses) {
this.context.register(annotatedClasses);
this.context.refresh();
}
@Configuration
@EnableMongoHttpSession
static class EmptyConfiguration {
}
static class BaseConfiguration {
@Bean
MongoOperations mongoOperations() throws UnknownHostException {
MongoOperations mongoOperations = mock(MongoOperations.class);
IndexOperations indexOperations = mock(IndexOperations.class);
given(mongoOperations.indexOps(anyString())).willReturn(indexOperations);
return mongoOperations;
}
}
@Configuration
@EnableMongoHttpSession
static class DefaultConfiguration extends BaseConfiguration {
}
@Configuration
static class MongoConfiguration extends BaseConfiguration {
}
@Configuration
@EnableMongoHttpSession(collectionName = COLLECTION_NAME)
static class CustomCollectionNameConfiguration extends BaseConfiguration {
}
@Configuration
@Import(MongoConfiguration.class)
static class CustomCollectionNameSetConfiguration extends MongoHttpSessionConfiguration {
CustomCollectionNameSetConfiguration() {
setCollectionName(COLLECTION_NAME);
}
}
@Configuration
@EnableMongoHttpSession(maxInactiveIntervalInSeconds = MAX_INACTIVE_INTERVAL_IN_SECONDS)
static class CustomMaxInactiveIntervalInSecondsConfiguration extends BaseConfiguration {
}
@Configuration
@Import(MongoConfiguration.class)
static class CustomMaxInactiveIntervalInSecondsSetConfiguration extends MongoHttpSessionConfiguration {
CustomMaxInactiveIntervalInSecondsSetConfiguration() {
setMaxInactiveIntervalInSeconds(MAX_INACTIVE_INTERVAL_IN_SECONDS);
}
}
@Configuration
@Import(MongoConfiguration.class)
static class CustomSessionConverterConfiguration extends MongoHttpSessionConfiguration {
@Bean
AbstractMongoSessionConverter mongoSessionConverter() {
return mock(AbstractMongoSessionConverter.class);
}
}
@Configuration
@EnableMongoHttpSession(collectionName = "${session.mongo.collectionName}")
static class CustomMongoJdbcSessionConfiguration extends BaseConfiguration {
@Bean
PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() {
return new PropertySourcesPlaceholderConfigurer();
}
}
@EnableMongoHttpSession
static class SessionRepositoryCustomizerConfiguration {
@Bean
@Order(0)
SessionRepositoryCustomizer<MongoIndexedSessionRepository> sessionRepositoryCustomizerOne() {
return (sessionRepository) -> sessionRepository.setMaxInactiveIntervalInSeconds(0);
}
@Bean
@Order(1)
SessionRepositoryCustomizer<MongoIndexedSessionRepository> sessionRepositoryCustomizerTwo() {
return (sessionRepository) -> sessionRepository.setMaxInactiveIntervalInSeconds(10000);
}
}
@Configuration
@EnableMongoHttpSession
static class CustomIndexResolverConfigurationWithDefaultMongoSessionConverter {
@Bean
@SuppressWarnings("unchecked")
IndexResolver<MongoSession> indexResolver() {
return mock(IndexResolver.class);
}
}
@Configuration
@EnableMongoHttpSession
static class CustomIndexResolverConfigurationWithProvidedMongoSessionConverter {
@Bean
AbstractMongoSessionConverter mongoSessionConverter() {
return new JacksonMongoSessionConverter();
}
@Bean
@SuppressWarnings("unchecked")
IndexResolver<MongoSession> indexResolver() {
return mock(IndexResolver.class);
}
}
}

385
spring-session-data-mongodb/src/test/java/org/springframework/session/data/mongo/config/annotation/web/reactive/ReactiveMongoWebSessionConfigurationTest.java
View File

@@ -1,385 +0,0 @@
/*
* Copyright 2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.data.mongo.config.annotation.web.reactive;
import java.lang.reflect.Field;
import java.util.Collections;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.UnsatisfiedDependencyException;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.data.mongodb.core.MongoOperations;
import org.springframework.data.mongodb.core.ReactiveMongoOperations;
import org.springframework.data.mongodb.core.index.IndexOperations;
import org.springframework.session.IndexResolver;
import org.springframework.session.ReactiveSessionRepository;
import org.springframework.session.config.ReactiveSessionRepositoryCustomizer;
import org.springframework.session.config.annotation.web.server.EnableSpringWebSession;
import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
import org.springframework.session.data.mongo.JacksonMongoSessionConverter;
import org.springframework.session.data.mongo.JdkMongoSessionConverter;
import org.springframework.session.data.mongo.MongoSession;
import org.springframework.session.data.mongo.ReactiveMongoSessionRepository;
import org.springframework.util.ReflectionUtils;
import org.springframework.web.server.adapter.WebHttpHandlerBuilder;
import org.springframework.web.server.session.WebSessionManager;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.BDDMockito.any;
import static org.mockito.BDDMockito.given;
import static org.mockito.BDDMockito.mock;
import static org.mockito.BDDMockito.times;
import static org.mockito.BDDMockito.verify;
/**
* Verify various configurations through {@link EnableSpringWebSession}.
*
* @author Greg Turnquist
* @author Vedran Pavić
*/
public class ReactiveMongoWebSessionConfigurationTest {
private AnnotationConfigApplicationContext context;
@AfterEach
void tearDown() {
if (this.context != null) {
this.context.close();
}
}
@Test
void enableSpringWebSessionConfiguresThings() {
this.context = new AnnotationConfigApplicationContext();
this.context.register(GoodConfig.class);
this.context.refresh();
WebSessionManager webSessionManagerFoundByType = this.context.getBean(WebSessionManager.class);
Object webSessionManagerFoundByName = this.context.getBean(WebHttpHandlerBuilder.WEB_SESSION_MANAGER_BEAN_NAME);
assertThat(webSessionManagerFoundByType).isNotNull();
assertThat(webSessionManagerFoundByName).isNotNull();
assertThat(webSessionManagerFoundByType).isEqualTo(webSessionManagerFoundByName);
assertThat(this.context.getBean(ReactiveSessionRepository.class)).isNotNull();
}
@Test
void missingReactorSessionRepositoryBreaksAppContext() {
this.context = new AnnotationConfigApplicationContext();
this.context.register(BadConfig.class);
assertThatExceptionOfType(UnsatisfiedDependencyException.class).isThrownBy(this.context::refresh)
.withMessageContaining("Error creating bean with name 'reactiveMongoSessionRepository'")
.withMessageContaining(
"No qualifying bean of type '" + ReactiveMongoOperations.class.getCanonicalName());
}
@Test
void defaultSessionConverterShouldBeJdkWhenOnClasspath() throws IllegalAccessException {
this.context = new AnnotationConfigApplicationContext();
this.context.register(GoodConfig.class);
this.context.refresh();
ReactiveMongoSessionRepository repository = this.context.getBean(ReactiveMongoSessionRepository.class);
AbstractMongoSessionConverter converter = findMongoSessionConverter(repository);
assertThat(converter).isOfAnyClassIn(JdkMongoSessionConverter.class);
}
@Test
void overridingMongoSessionConverterWithBeanShouldWork() throws IllegalAccessException {
this.context = new AnnotationConfigApplicationContext();
this.context.register(OverrideSessionConverterConfig.class);
this.context.refresh();
ReactiveMongoSessionRepository repository = this.context.getBean(ReactiveMongoSessionRepository.class);
AbstractMongoSessionConverter converter = findMongoSessionConverter(repository);
assertThat(converter).isOfAnyClassIn(JacksonMongoSessionConverter.class);
}
@Test
void overridingIntervalAndCollectionNameThroughAnnotationShouldWork() throws IllegalAccessException {
this.context = new AnnotationConfigApplicationContext();
this.context.register(OverrideMongoParametersConfig.class);
this.context.refresh();
ReactiveMongoSessionRepository repository = this.context.getBean(ReactiveMongoSessionRepository.class);
Field inactiveField = ReflectionUtils.findField(ReactiveMongoSessionRepository.class,
"maxInactiveIntervalInSeconds");
ReflectionUtils.makeAccessible(inactiveField);
Integer inactiveSeconds = (Integer) inactiveField.get(repository);
Field collectionNameField = ReflectionUtils.findField(ReactiveMongoSessionRepository.class, "collectionName");
ReflectionUtils.makeAccessible(collectionNameField);
String collectionName = (String) collectionNameField.get(repository);
assertThat(inactiveSeconds).isEqualTo(123);
assertThat(collectionName).isEqualTo("test-case");
}
@Test
void reactiveAndBlockingMongoOperationsShouldEnsureIndexing() {
this.context = new AnnotationConfigApplicationContext();
this.context.register(ConfigWithReactiveAndImperativeMongoOperations.class);
this.context.refresh();
MongoOperations operations = this.context.getBean(MongoOperations.class);
IndexOperations indexOperations = this.context.getBean(IndexOperations.class);
verify(operations, times(1)).indexOps((String) any());
verify(indexOperations, times(1)).getIndexInfo();
verify(indexOperations, times(1)).ensureIndex(any());
}
@Test
void overrideCollectionAndInactiveIntervalThroughConfigurationOptions() {
this.context = new AnnotationConfigApplicationContext();
this.context.register(CustomizedReactiveConfiguration.class);
this.context.refresh();
ReactiveMongoSessionRepository repository = this.context.getBean(ReactiveMongoSessionRepository.class);
assertThat(repository.getCollectionName()).isEqualTo("custom-collection");
assertThat(repository.getMaxInactiveIntervalInSeconds()).isEqualTo(123);
}
@Test
void sessionRepositoryCustomizer() {
this.context = new AnnotationConfigApplicationContext();
this.context.register(SessionRepositoryCustomizerConfiguration.class);
this.context.refresh();
ReactiveMongoSessionRepository repository = this.context.getBean(ReactiveMongoSessionRepository.class);
assertThat(repository).hasFieldOrPropertyWithValue("maxInactiveIntervalInSeconds", 10000);
}
@Test
void customIndexResolverConfigurationWithDefaultMongoSessionConverter() {
this.context = new AnnotationConfigApplicationContext();
this.context.register(CustomIndexResolverConfigurationWithDefaultMongoSessionConverter.class);
this.context.refresh();
ReactiveMongoSessionRepository repository = this.context.getBean(ReactiveMongoSessionRepository.class);
IndexResolver<MongoSession> indexResolver = this.context.getBean(IndexResolver.class);
assertThat(repository).isNotNull();
assertThat(indexResolver).isNotNull();
assertThat(repository).extracting("mongoSessionConverter").hasFieldOrPropertyWithValue("indexResolver",
indexResolver);
}
@Test
void customIndexResolverConfigurationWithProvidedMongoSessionConverter() {
this.context = new AnnotationConfigApplicationContext();
this.context.register(CustomIndexResolverConfigurationWithProvidedtMongoSessionConverter.class);
this.context.refresh();
ReactiveMongoSessionRepository repository = this.context.getBean(ReactiveMongoSessionRepository.class);
IndexResolver<MongoSession> indexResolver = this.context.getBean(IndexResolver.class);
assertThat(repository).isNotNull();
assertThat(indexResolver).isNotNull();
assertThat(repository).extracting("mongoSessionConverter").hasFieldOrPropertyWithValue("indexResolver",
indexResolver);
}
/**
* Reflectively extract the {@link AbstractMongoSessionConverter} from the
* {@link ReactiveMongoSessionRepository}. This is to avoid expanding the surface area
* of the API.
*/
private AbstractMongoSessionConverter findMongoSessionConverter(ReactiveMongoSessionRepository repository) {
Field field = ReflectionUtils.findField(ReactiveMongoSessionRepository.class, "mongoSessionConverter");
ReflectionUtils.makeAccessible(field);
try {
return (AbstractMongoSessionConverter) field.get(repository);
}
catch (IllegalAccessException ex) {
throw new RuntimeException(ex);
}
}
/**
* A configuration with all the right parts.
*/
@EnableMongoWebSession
static class GoodConfig {
@Bean
ReactiveMongoOperations operations() {
return mock(ReactiveMongoOperations.class);
}
}
/**
* A configuration where no {@link ReactiveMongoOperations} is defined. It's BAD!
*/
@EnableMongoWebSession
static class BadConfig {
}
@EnableMongoWebSession
static class OverrideSessionConverterConfig {
@Bean
ReactiveMongoOperations operations() {
return mock(ReactiveMongoOperations.class);
}
@Bean
AbstractMongoSessionConverter mongoSessionConverter() {
return new JacksonMongoSessionConverter();
}
}
@EnableMongoWebSession(maxInactiveIntervalInSeconds = 123, collectionName = "test-case")
static class OverrideMongoParametersConfig {
@Bean
ReactiveMongoOperations operations() {
return mock(ReactiveMongoOperations.class);
}
}
@EnableMongoWebSession
static class ConfigWithReactiveAndImperativeMongoOperations {
@Bean
ReactiveMongoOperations reactiveMongoOperations() {
return mock(ReactiveMongoOperations.class);
}
@Bean
IndexOperations indexOperations() {
IndexOperations indexOperations = mock(IndexOperations.class);
given(indexOperations.getIndexInfo()).willReturn(Collections.emptyList());
return indexOperations;
}
@Bean
MongoOperations mongoOperations(IndexOperations indexOperations) {
MongoOperations mongoOperations = mock(MongoOperations.class);
given(mongoOperations.indexOps((String) any())).willReturn(indexOperations);
return mongoOperations;
}
}
@EnableSpringWebSession
static class CustomizedReactiveConfiguration extends ReactiveMongoWebSessionConfiguration {
CustomizedReactiveConfiguration() {
this.setCollectionName("custom-collection");
this.setMaxInactiveIntervalInSeconds(123);
}
@Bean
ReactiveMongoOperations reactiveMongoOperations() {
return mock(ReactiveMongoOperations.class);
}
}
@EnableMongoWebSession
static class SessionRepositoryCustomizerConfiguration {
@Bean
ReactiveMongoOperations operations() {
return mock(ReactiveMongoOperations.class);
}
@Bean
@Order(0)
ReactiveSessionRepositoryCustomizer<ReactiveMongoSessionRepository> sessionRepositoryCustomizerOne() {
return (sessionRepository) -> sessionRepository.setMaxInactiveIntervalInSeconds(0);
}
@Bean
@Order(1)
ReactiveSessionRepositoryCustomizer<ReactiveMongoSessionRepository> sessionRepositoryCustomizerTwo() {
return (sessionRepository) -> sessionRepository.setMaxInactiveIntervalInSeconds(10000);
}
}
@EnableMongoWebSession
static class CustomIndexResolverConfigurationWithDefaultMongoSessionConverter {
@Bean
ReactiveMongoOperations operations() {
return mock(ReactiveMongoOperations.class);
}
@Bean
@SuppressWarnings("unchecked")
IndexResolver<MongoSession> indexResolver() {
return mock(IndexResolver.class);
}
}
@EnableMongoWebSession
static class CustomIndexResolverConfigurationWithProvidedtMongoSessionConverter {
@Bean
ReactiveMongoOperations operations() {
return mock(ReactiveMongoOperations.class);
}
@Bean
JacksonMongoSessionConverter jacksonMongoSessionConverter() {
return new JacksonMongoSessionConverter();
}
@Bean
@SuppressWarnings("unchecked")
IndexResolver<MongoSession> indexResolver() {
return mock(IndexResolver.class);
}
}
}

17
spring-session-data-mongodb/src/test/resources/logback.xml
View File

@@ -1,17 +0,0 @@
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%8.-8thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<!-- <logger name="org.springframework.web" level="TRACE" />-->
<!-- <logger name="org.springframework.web.reactive" level="TRACE" />-->
<!-- <logger name="org.springframework.security" level="TRACE" />-->
<!-- <logger name="org.springframework.session" level="TRACE" />-->
<!-- <logger name="org.springframework.data.mongodb" level="TRACE" />-->
<root level="WARN">
<appender-ref ref="STDOUT" />
</root>
</configuration>

2
spring-session-data-redis/spring-session-data-redis.gradle
View File

@@ -12,7 +12,7 @@ dependencies {
optional "org.springframework:spring-web"
testCompile "io.projectreactor:reactor-test"
testCompile "javax.servlet:javax.servlet-api"
testCompile "jakarta.servlet:jakarta.servlet-api"
testCompile "org.springframework:spring-web"
testCompile "org.springframework.security:spring-security-core"
testCompile "org.junit.jupiter:junit-jupiter-api"

2
spring-session-data-redis/src/integration-test/java/org/springframework/session/data/redis/AbstractRedisITests.java
View File

@@ -29,7 +29,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
*/
public abstract class AbstractRedisITests {
private static final String DOCKER_IMAGE = "redis:5.0.10";
private static final String DOCKER_IMAGE = "redis:5.0.14";
protected static class BaseConfig {

24
spring-session-data-redis/src/integration-test/java/org/springframework/session/data/redis/RedisIndexedSessionRepositoryITests.java
View File

@@ -527,6 +527,30 @@ class RedisIndexedSessionRepositoryITests extends AbstractRedisITests {
assertThat(findByPrincipalName.keySet()).containsOnly(changeSessionId);
}
@Test // gh-1987
void changeSessionIdWhenPrincipalNameChangesFromNullThenIndexShouldNotBeCreated() {
String principalName = null;
String principalNameChanged = "findByChangedPrincipalName" + UUID.randomUUID();
RedisSession toSave = this.repository.createSession();
toSave.setAttribute(INDEX_NAME, principalName);
this.repository.save(toSave);
RedisSession findById = this.repository.findById(toSave.getId());
String changeSessionId = findById.changeSessionId();
findById.setAttribute(INDEX_NAME, principalNameChanged);
this.repository.save(findById);
Map<String, RedisSession> findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME,
principalName);
assertThat(findByPrincipalName).isEmpty();
findByPrincipalName = this.repository.findByIndexNameAndIndexValue(INDEX_NAME, principalNameChanged);
assertThat(findByPrincipalName).hasSize(1);
assertThat(findByPrincipalName.keySet()).containsOnly(changeSessionId);
}
@Test
void changeSessionIdWhenOnlyChangeId() {
String attrName = "changeSessionId";

13
spring-session-data-redis/src/main/java/org/springframework/session/data/redis/ReactiveRedisSessionRepository.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2021 the original author or authors.
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -37,7 +37,6 @@ import org.springframework.util.Assert;
* {@link ReactiveRedisOperations}.
*
* @author Vedran Pavic
* @author Kai Zhao
* @since 2.2.0
*/
public class ReactiveRedisSessionRepository
@@ -275,14 +274,8 @@ public class ReactiveRedisSessionRepository
String sessionKey = getSessionKey(getId());
Mono<Boolean> update = ReactiveRedisSessionRepository.this.sessionRedisOperations.opsForHash()
.putAll(sessionKey, new HashMap<>(this.delta));
Mono<Boolean> setTtl;
if (getMaxInactiveInterval().getSeconds() >= 0) {
setTtl = ReactiveRedisSessionRepository.this.sessionRedisOperations.expire(sessionKey,
getMaxInactiveInterval());
}
else {
setTtl = ReactiveRedisSessionRepository.this.sessionRedisOperations.persist(sessionKey);
}
Mono<Boolean> setTtl = ReactiveRedisSessionRepository.this.sessionRedisOperations.expire(sessionKey,
getMaxInactiveInterval());
return update.and(setTtl).and((s) -> {
this.delta.clear();

12
spring-session-data-redis/src/main/java/org/springframework/session/data/redis/RedisIndexedSessionRepository.java
View File

@@ -858,11 +858,13 @@ public class RedisIndexedSessionRepository
catch (NonTransientDataAccessException ex) {
handleErrNoSuchKeyError(ex);
}
String originalPrincipalRedisKey = getPrincipalKey(this.originalPrincipalName);
RedisIndexedSessionRepository.this.sessionRedisOperations.boundSetOps(originalPrincipalRedisKey)
.remove(this.originalSessionId);
RedisIndexedSessionRepository.this.sessionRedisOperations.boundSetOps(originalPrincipalRedisKey)
.add(sessionId);
if (this.originalPrincipalName != null) {
String originalPrincipalRedisKey = getPrincipalKey(this.originalPrincipalName);
RedisIndexedSessionRepository.this.sessionRedisOperations.boundSetOps(originalPrincipalRedisKey)
.remove(this.originalSessionId);
RedisIndexedSessionRepository.this.sessionRedisOperations.boundSetOps(originalPrincipalRedisKey)
.add(sessionId);
}
}
this.originalSessionId = sessionId;
}

5
spring-session-data-redis/src/main/java/org/springframework/session/data/redis/config/annotation/web/server/EnableRedisWebSession.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2021 the original author or authors.
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -56,7 +56,6 @@ import org.springframework.web.server.session.WebSessionManager;
* More advanced configurations can extend {@link RedisWebSessionConfiguration} instead.
*
* @author Vedran Pavic
* @author Kai Zhao
* @since 2.0.0
* @see EnableSpringWebSession
*/
@@ -69,7 +68,7 @@ public @interface EnableRedisWebSession {
/**
* The session timeout in seconds. By default, it is set to 1800 seconds (30 minutes).
* A negative number means permanently valid.
* This should be a non-negative integer.
* @return the seconds a session can be inactive before expiring
*/
int maxInactiveIntervalInSeconds() default MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS;

30
spring-session-data-redis/src/test/java/org/springframework/session/data/redis/ReactiveRedisSessionRepositoryTests.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2021 the original author or authors.
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -49,7 +49,6 @@ import static org.mockito.Mockito.verifyNoMoreInteractions;
* Tests for {@link ReactiveRedisSessionRepository}.
*
* @author Vedran Pavic
* @author Kai Zhao
*/
class ReactiveRedisSessionRepositoryTests {
@@ -151,33 +150,6 @@ class ReactiveRedisSessionRepositoryTests {
.isEqualTo(newSession.getLastAccessedTime().toEpochMilli());
}
@Test
void saveCustomNegativeMaxInactiveIntervalNewSession() {
given(this.redisOperations.opsForHash()).willReturn(this.hashOperations);
given(this.hashOperations.putAll(anyString(), any())).willReturn(Mono.just(true));
given(this.redisOperations.persist(anyString())).willReturn(Mono.just(true));
MapSession mapSession = new MapSession();
mapSession.setMaxInactiveInterval(Duration.ofSeconds(-1));
RedisSession newSession = this.repository.new RedisSession(mapSession, true);
StepVerifier.create(this.repository.save(newSession)).verifyComplete();
verify(this.redisOperations).opsForHash();
verify(this.hashOperations).putAll(anyString(), this.delta.capture());
verify(this.redisOperations).persist(anyString());
verifyNoMoreInteractions(this.redisOperations);
verifyNoMoreInteractions(this.hashOperations);
Map<String, Object> delta = this.delta.getAllValues().get(0);
assertThat(delta.size()).isEqualTo(3);
assertThat(delta.get(RedisSessionMapper.CREATION_TIME_KEY))
.isEqualTo(newSession.getCreationTime().toEpochMilli());
assertThat(delta.get(RedisSessionMapper.MAX_INACTIVE_INTERVAL_KEY))
.isEqualTo((int) newSession.getMaxInactiveInterval().getSeconds());
assertThat(delta.get(RedisSessionMapper.LAST_ACCESSED_TIME_KEY))
.isEqualTo(newSession.getLastAccessedTime().toEpochMilli());
}
@Test
void saveSessionNothingChanged() {
given(this.redisOperations.hasKey(anyString())).willReturn(Mono.just(true));

9
spring-session-docs/antora.yml
View File

@@ -1,9 +0,0 @@
name: session
title: Spring Session
version: ~
display_version: 2.6
start_page: ROOT:index.adoc
nav:
- modules/ROOT/nav.adoc

63
spring-session-docs/modules/ROOT/examples/java/docs/FindByIndexNameSessionRepositoryTests.java
View File

@@ -1,63 +0,0 @@
/*
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package docs;
import java.util.Map;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import org.springframework.session.FindByIndexNameSessionRepository;
import org.springframework.session.Session;
/**
* @author Rob Winch
*
*/
class FindByIndexNameSessionRepositoryTests {
@Mock
FindByIndexNameSessionRepository<Session> sessionRepository;
@Mock
Session session;
@BeforeEach
void setUp() {
MockitoAnnotations.initMocks(this);
}
@Test
void setUsername() {
// tag::set-username[]
String username = "username";
this.session.setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, username);
// end::set-username[]
}
@Test
@SuppressWarnings("unused")
void findByUsername() {
// tag::findby-username[]
String username = "username";
Map<String, Session> sessionIdToSession = this.sessionRepository.findByPrincipalName(username);
// end::findby-username[]
}
}

53
spring-session-docs/modules/ROOT/examples/java/docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests.java
View File

@@ -1,53 +0,0 @@
/*
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package docs;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.session.Session;
import org.springframework.session.web.http.SessionRepositoryFilter;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit.jupiter.SpringExtension;
import org.springframework.test.context.web.WebAppConfiguration;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
/**
* @author Rob Winch
*/
@ExtendWith(SpringExtension.class)
@ContextConfiguration
@WebAppConfiguration
public class HttpSessionConfigurationNoOpConfigureRedisActionXmlTests {
@Autowired
SessionRepositoryFilter<? extends Session> filter;
@Test
void redisConnectionFactoryNotUsedSinceNoValidation() {
assertThat(this.filter).isNotNull();
}
static RedisConnectionFactory connectionFactory() {
return mock(RedisConnectionFactory.class);
}
}

211
spring-session-docs/modules/ROOT/examples/java/docs/IndexDocTests.java
View File

@@ -1,211 +0,0 @@
/*
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package docs;
import java.time.Duration;
import java.util.concurrent.ConcurrentHashMap;
import com.hazelcast.config.Config;
import com.hazelcast.core.Hazelcast;
import com.hazelcast.core.HazelcastInstance;
import org.junit.jupiter.api.Test;
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
import org.springframework.data.redis.core.ReactiveRedisTemplate;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.JdkSerializationRedisSerializer;
import org.springframework.data.redis.serializer.RedisSerializationContext;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.mock.web.MockServletContext;
import org.springframework.session.MapSession;
import org.springframework.session.MapSessionRepository;
import org.springframework.session.ReactiveSessionRepository;
import org.springframework.session.Session;
import org.springframework.session.SessionRepository;
import org.springframework.session.data.redis.ReactiveRedisSessionRepository;
import org.springframework.session.data.redis.RedisIndexedSessionRepository;
import org.springframework.session.hazelcast.HazelcastIndexedSessionRepository;
import org.springframework.session.jdbc.JdbcIndexedSessionRepository;
import org.springframework.session.web.http.SessionRepositoryFilter;
import org.springframework.transaction.support.TransactionTemplate;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import static org.assertj.core.api.Assertions.assertThat;
/**
* @author Rob Winch
* @author Vedran Pavic
*/
class IndexDocTests {
private static final String ATTR_USER = "user";
@Test
void repositoryDemo() {
RepositoryDemo<MapSession> demo = new RepositoryDemo<>();
demo.repository = new MapSessionRepository(new ConcurrentHashMap<>());
demo.demo();
}
// tag::repository-demo[]
public class RepositoryDemo<S extends Session> {
private SessionRepository<S> repository; // <1>
public void demo() {
S toSave = this.repository.createSession(); // <2>
// <3>
User rwinch = new User("rwinch");
toSave.setAttribute(ATTR_USER, rwinch);
this.repository.save(toSave); // <4>
S session = this.repository.findById(toSave.getId()); // <5>
// <6>
User user = session.getAttribute(ATTR_USER);
assertThat(user).isEqualTo(rwinch);
}
// ... setter methods ...
}
// end::repository-demo[]
@Test
void expireRepositoryDemo() {
ExpiringRepositoryDemo<MapSession> demo = new ExpiringRepositoryDemo<>();
demo.repository = new MapSessionRepository(new ConcurrentHashMap<>());
demo.demo();
}
// tag::expire-repository-demo[]
public class ExpiringRepositoryDemo<S extends Session> {
private SessionRepository<S> repository; // <1>
public void demo() {
S toSave = this.repository.createSession(); // <2>
// ...
toSave.setMaxInactiveInterval(Duration.ofSeconds(30)); // <3>
this.repository.save(toSave); // <4>
S session = this.repository.findById(toSave.getId()); // <5>
// ...
}
// ... setter methods ...
}
// end::expire-repository-demo[]
@Test
@SuppressWarnings("unused")
void newRedisIndexedSessionRepository() {
// tag::new-redisindexedsessionrepository[]
RedisTemplate<Object, Object> redisTemplate = new RedisTemplate<>();
// ... configure redisTemplate ...
SessionRepository<? extends Session> repository = new RedisIndexedSessionRepository(redisTemplate);
// end::new-redisindexedsessionrepository[]
}
@Test
@SuppressWarnings("unused")
void newReactiveRedisSessionRepository() {
LettuceConnectionFactory connectionFactory = new LettuceConnectionFactory();
RedisSerializationContext<String, Object> serializationContext = RedisSerializationContext
.<String, Object>newSerializationContext(new JdkSerializationRedisSerializer()).build();
// tag::new-reactiveredissessionrepository[]
// ... create and configure connectionFactory and serializationContext ...
ReactiveRedisTemplate<String, Object> redisTemplate = new ReactiveRedisTemplate<>(connectionFactory,
serializationContext);
ReactiveSessionRepository<? extends Session> repository = new ReactiveRedisSessionRepository(redisTemplate);
// end::new-reactiveredissessionrepository[]
}
@Test
@SuppressWarnings("unused")
void mapRepository() {
// tag::new-mapsessionrepository[]
SessionRepository<? extends Session> repository = new MapSessionRepository(new ConcurrentHashMap<>());
// end::new-mapsessionrepository[]
}
@Test
@SuppressWarnings("unused")
void newJdbcIndexedSessionRepository() {
// tag::new-jdbcindexedsessionrepository[]
JdbcTemplate jdbcTemplate = new JdbcTemplate();
// ... configure jdbcTemplate ...
TransactionTemplate transactionTemplate = new TransactionTemplate();
// ... configure transactionTemplate ...
SessionRepository<? extends Session> repository = new JdbcIndexedSessionRepository(jdbcTemplate,
transactionTemplate);
// end::new-jdbcindexedsessionrepository[]
}
@Test
@SuppressWarnings("unused")
void newHazelcastIndexedSessionRepository() {
// tag::new-hazelcastindexedsessionrepository[]
Config config = new Config();
// ... configure Hazelcast ...
HazelcastInstance hazelcastInstance = Hazelcast.newHazelcastInstance(config);
HazelcastIndexedSessionRepository repository = new HazelcastIndexedSessionRepository(hazelcastInstance);
// end::new-hazelcastindexedsessionrepository[]
}
@Test
void runSpringHttpSessionConfig() {
AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
context.register(SpringHttpSessionConfig.class);
context.setServletContext(new MockServletContext());
context.refresh();
try {
context.getBean(SessionRepositoryFilter.class);
}
finally {
context.close();
}
}
private static final class User {
private User(String username) {
}
}
}

63
spring-session-docs/modules/ROOT/examples/java/docs/RedisHttpSessionConfigurationNoOpConfigureRedisActionTests.java
View File

@@ -1,63 +0,0 @@
/*
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package docs;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.session.data.redis.config.ConfigureRedisAction;
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit.jupiter.SpringExtension;
import org.springframework.test.context.web.WebAppConfiguration;
import static org.mockito.Mockito.mock;
/**
* @author Rob Winch
*/
@ExtendWith(SpringExtension.class)
@ContextConfiguration
@WebAppConfiguration
class RedisHttpSessionConfigurationNoOpConfigureRedisActionTests {
@Test
void redisConnectionFactoryNotUsedSinceNoValidation() {
}
@EnableRedisHttpSession
@Configuration
static class Config {
// tag::configure-redis-action[]
@Bean
ConfigureRedisAction configureRedisAction() {
return ConfigureRedisAction.NO_OP;
}
// end::configure-redis-action[]
@Bean
RedisConnectionFactory redisConnectionFactory() {
return mock(RedisConnectionFactory.class);
}
}
}

37
spring-session-docs/modules/ROOT/examples/java/docs/SpringHttpSessionConfig.java
View File

@@ -1,37 +0,0 @@
/*
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package docs;
import java.util.concurrent.ConcurrentHashMap;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.session.MapSessionRepository;
import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
// tag::class[]
@EnableSpringHttpSession
@Configuration
public class SpringHttpSessionConfig {
@Bean
public MapSessionRepository sessionRepository() {
return new MapSessionRepository(new ConcurrentHashMap<>());
}
}
// end::class[]

36
spring-session-docs/modules/ROOT/examples/java/docs/SpringWebSessionConfig.java
View File

@@ -1,36 +0,0 @@
/*
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package docs;
import java.util.concurrent.ConcurrentHashMap;
import org.springframework.context.annotation.Bean;
import org.springframework.session.ReactiveMapSessionRepository;
import org.springframework.session.ReactiveSessionRepository;
import org.springframework.session.config.annotation.web.server.EnableSpringWebSession;
// tag::class[]
@EnableSpringWebSession
public class SpringWebSessionConfig {
@Bean
public ReactiveSessionRepository reactiveSessionRepository() {
return new ReactiveMapSessionRepository(new ConcurrentHashMap<>());
}
}
// end::class[]

94
spring-session-docs/modules/ROOT/examples/java/docs/http/AbstractHttpSessionListenerTests.java
View File

@@ -1,94 +0,0 @@
/*
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package docs.http;
import java.util.Properties;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationListener;
import org.springframework.data.redis.connection.RedisConnection;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.core.session.SessionDestroyedEvent;
import org.springframework.session.MapSession;
import org.springframework.session.Session;
import org.springframework.test.context.junit.jupiter.SpringExtension;
import org.springframework.test.context.web.WebAppConfiguration;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
/**
* @author Rob Winch
* @author Mark Paluch
* @since 1.2
*/
@ExtendWith(SpringExtension.class)
@WebAppConfiguration
public abstract class AbstractHttpSessionListenerTests {
@Autowired
ApplicationEventPublisher publisher;
@Autowired
SecuritySessionDestroyedListener listener;
@Test
void springSessionDestroyedTranslatedToSpringSecurityDestroyed() {
Session session = new MapSession();
this.publisher.publishEvent(new org.springframework.session.events.SessionDestroyedEvent(this, session));
assertThat(this.listener.getEvent().getId()).isEqualTo(session.getId());
}
static RedisConnectionFactory createMockRedisConnection() {
RedisConnectionFactory factory = mock(RedisConnectionFactory.class);
RedisConnection connection = mock(RedisConnection.class);
given(factory.getConnection()).willReturn(connection);
given(connection.getConfig(anyString())).willReturn(new Properties());
return factory;
}
static class SecuritySessionDestroyedListener implements ApplicationListener<SessionDestroyedEvent> {
private SessionDestroyedEvent event;
/*
* (non-Javadoc)
*
* @see org.springframework.context.ApplicationListener#onApplicationEvent(org.
* springframework.context.ApplicationEvent)
*/
@Override
public void onApplicationEvent(SessionDestroyedEvent event) {
this.event = event;
}
SessionDestroyedEvent getEvent() {
return this.event;
}
}
}

55
spring-session-docs/modules/ROOT/examples/java/docs/http/HazelcastHttpSessionConfig.java
View File

@@ -1,55 +0,0 @@
/*
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package docs.http;
import com.hazelcast.config.Config;
import com.hazelcast.config.MapAttributeConfig;
import com.hazelcast.config.MapIndexConfig;
import com.hazelcast.config.SerializerConfig;
import com.hazelcast.core.Hazelcast;
import com.hazelcast.core.HazelcastInstance;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.session.MapSession;
import org.springframework.session.hazelcast.HazelcastIndexedSessionRepository;
import org.springframework.session.hazelcast.HazelcastSessionSerializer;
import org.springframework.session.hazelcast.PrincipalNameExtractor;
import org.springframework.session.hazelcast.config.annotation.web.http.EnableHazelcastHttpSession;
//tag::config[]
@EnableHazelcastHttpSession // <1>
@Configuration
public class HazelcastHttpSessionConfig {
@Bean
public HazelcastInstance hazelcastInstance() {
Config config = new Config();
MapAttributeConfig attributeConfig = new MapAttributeConfig()
.setName(HazelcastIndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE)
.setExtractor(PrincipalNameExtractor.class.getName());
config.getMapConfig(HazelcastIndexedSessionRepository.DEFAULT_SESSION_MAP_NAME) // <2>
.addMapAttributeConfig(attributeConfig).addMapIndexConfig(
new MapIndexConfig(HazelcastIndexedSessionRepository.PRINCIPAL_NAME_ATTRIBUTE, false));
SerializerConfig serializerConfig = new SerializerConfig();
serializerConfig.setImplementation(new HazelcastSessionSerializer()).setTypeClass(MapSession.class);
config.getSerializationConfig().addSerializerConfig(serializerConfig); // <3>
return Hazelcast.newHazelcastInstance(config); // <4>
}
}
// end::config[]

46
spring-session-docs/modules/ROOT/examples/java/docs/http/HttpSessionListenerJavaConfigTests.java
View File

@@ -1,46 +0,0 @@
/*
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package docs.http;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.test.context.ContextConfiguration;
/**
* @author Rob Winch
*
*/
@ContextConfiguration(classes = { HttpSessionListenerJavaConfigTests.MockConfig.class, RedisHttpSessionConfig.class })
class HttpSessionListenerJavaConfigTests extends AbstractHttpSessionListenerTests {
@Configuration
static class MockConfig {
@Bean
static RedisConnectionFactory redisConnectionFactory() {
return AbstractHttpSessionListenerTests.createMockRedisConnection();
}
@Bean
SecuritySessionDestroyedListener securitySessionDestroyedListener() {
return new SecuritySessionDestroyedListener();
}
}
}

37
spring-session-docs/modules/ROOT/examples/java/docs/http/RedisHttpSessionConfig.java
View File

@@ -1,37 +0,0 @@
/*
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package docs.http;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.web.session.HttpSessionEventPublisher;
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
// tag::config[]
@Configuration
@EnableRedisHttpSession
public class RedisHttpSessionConfig {
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
// ...
}
// end::config[]

82
spring-session-docs/modules/ROOT/examples/java/docs/security/RememberMeSecurityConfiguration.java
View File

@@ -1,82 +0,0 @@
/*
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package docs.security;
import java.util.concurrent.ConcurrentHashMap;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.session.MapSessionRepository;
import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
import org.springframework.session.security.web.authentication.SpringSessionRememberMeServices;
/**
* @author rwinch
*/
@EnableWebSecurity
@EnableSpringHttpSession
public class RememberMeSecurityConfiguration extends WebSecurityConfigurerAdapter {
// @formatter:off
// tag::http-rememberme[]
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// ... additional configuration ...
.rememberMe((rememberMe) -> rememberMe
.rememberMeServices(rememberMeServices())
);
// end::http-rememberme[]
http
.formLogin(Customizer.withDefaults())
.authorizeRequests((authorize) -> authorize
.anyRequest().authenticated()
);
}
// tag::rememberme-bean[]
@Bean
public SpringSessionRememberMeServices rememberMeServices() {
SpringSessionRememberMeServices rememberMeServices =
new SpringSessionRememberMeServices();
// optionally customize
rememberMeServices.setAlwaysRemember(true);
return rememberMeServices;
}
// end::rememberme-bean[]
// @formatter:on
@Override
@Bean
public InMemoryUserDetailsManager userDetailsService() {
return new InMemoryUserDetailsManager(
User.withUsername("user").password("{noop}password").roles("USER").build());
}
@Bean
MapSessionRepository sessionRepository() {
return new MapSessionRepository(new ConcurrentHashMap<>());
}
}
// end::class[]

92
spring-session-docs/modules/ROOT/examples/java/docs/security/RememberMeSecurityConfigurationTests.java
View File

@@ -1,92 +0,0 @@
/*
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package docs.security;
import java.time.Duration;
import java.util.Base64;
import javax.servlet.http.Cookie;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.session.Session;
import org.springframework.session.SessionRepository;
import org.springframework.session.web.http.SessionRepositoryFilter;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit.jupiter.SpringExtension;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.context.WebApplicationContext;
import static org.assertj.core.api.Assertions.assertThat;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
/**
* @author rwinch
* @author Vedran Pavic
*/
@ExtendWith(SpringExtension.class)
@ContextConfiguration(classes = RememberMeSecurityConfiguration.class)
@WebAppConfiguration
@SuppressWarnings("rawtypes")
class RememberMeSecurityConfigurationTests<T extends Session> {
@Autowired
WebApplicationContext context;
@Autowired
SessionRepositoryFilter springSessionRepositoryFilter;
@Autowired
SessionRepository<T> sessions;
private MockMvc mockMvc;
@BeforeEach
void setup() {
// @formatter:off
this.mockMvc = MockMvcBuilders
.webAppContextSetup(this.context)
.addFilters(this.springSessionRepositoryFilter)
.apply(springSecurity())
.build();
// @formatter:on
}
@Test
void authenticateWhenSpringSessionRememberMeEnabledThenCookieMaxAgeAndSessionExpirationSet() throws Exception {
// @formatter:off
MvcResult result = this.mockMvc
.perform(formLogin())
.andReturn();
// @formatter:on
Cookie cookie = result.getResponse().getCookie("SESSION");
assertThat(cookie.getMaxAge()).isEqualTo(Integer.MAX_VALUE);
T session = this.sessions.findById(new String(Base64.getDecoder().decode(cookie.getValue())));
assertThat(session.getMaxInactiveInterval()).isEqualTo(Duration.ofDays(30));
}
}
// end::class[]

92
spring-session-docs/modules/ROOT/examples/java/docs/security/RememberMeSecurityConfigurationXmlTests.java
View File

@@ -1,92 +0,0 @@
/*
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package docs.security;
import java.time.Duration;
import java.util.Base64;
import javax.servlet.http.Cookie;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.session.Session;
import org.springframework.session.SessionRepository;
import org.springframework.session.web.http.SessionRepositoryFilter;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit.jupiter.SpringExtension;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.context.WebApplicationContext;
import static org.assertj.core.api.Assertions.assertThat;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
/**
* @author rwinch
* @author Vedran Pavic
*/
@ExtendWith(SpringExtension.class)
@ContextConfiguration
@WebAppConfiguration
@SuppressWarnings("rawtypes")
class RememberMeSecurityConfigurationXmlTests<T extends Session> {
@Autowired
WebApplicationContext context;
@Autowired
SessionRepositoryFilter springSessionRepositoryFilter;
@Autowired
SessionRepository<T> sessions;
private MockMvc mockMvc;
@BeforeEach
void setup() {
// @formatter:off
this.mockMvc = MockMvcBuilders
.webAppContextSetup(this.context)
.addFilters(this.springSessionRepositoryFilter)
.apply(springSecurity())
.build();
// @formatter:on
}
@Test
void authenticateWhenSpringSessionRememberMeEnabledThenCookieMaxAgeAndSessionExpirationSet() throws Exception {
// @formatter:off
MvcResult result = this.mockMvc
.perform(formLogin())
.andReturn();
// @formatter:on
Cookie cookie = result.getResponse().getCookie("SESSION");
assertThat(cookie.getMaxAge()).isEqualTo(Integer.MAX_VALUE);
T session = this.sessions.findById(new String(Base64.getDecoder().decode(cookie.getValue())));
assertThat(session.getMaxInactiveInterval()).isEqualTo(Duration.ofDays(30));
}
}
// end::class[]

56
spring-session-docs/modules/ROOT/examples/java/docs/security/SecurityConfiguration.java
View File

@@ -1,56 +0,0 @@
/*
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package docs.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.session.FindByIndexNameSessionRepository;
import org.springframework.session.Session;
import org.springframework.session.security.SpringSessionBackedSessionRegistry;
/**
* @author Joris Kuipers
*/
// tag::class[]
@Configuration
public class SecurityConfiguration<S extends Session> extends WebSecurityConfigurerAdapter {
@Autowired
private FindByIndexNameSessionRepository<S> sessionRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
// other config goes here...
.sessionManagement((sessionManagement) -> sessionManagement
.maximumSessions(2)
.sessionRegistry(sessionRegistry())
);
// @formatter:on
}
@Bean
public SpringSessionBackedSessionRegistry<S> sessionRegistry() {
return new SpringSessionBackedSessionRegistry<>(this.sessionRepository);
}
}
// end::class[]

47
spring-session-docs/modules/ROOT/examples/java/docs/websocket/WebSocketConfig.java
View File

@@ -1,47 +0,0 @@
/*
* Copyright 2014-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package docs.websocket;
import org.springframework.context.annotation.Configuration;
import org.springframework.messaging.simp.config.MessageBrokerRegistry;
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
/**
* @author Rob Winch
*/
// tag::class[]
@Configuration
@EnableScheduling
@EnableWebSocketMessageBroker
public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/messages").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry registry) {
registry.enableSimpleBroker("/queue/", "/topic/");
registry.setApplicationDestinationPrefixes("/app");
}
}
// end::class[]

22
spring-session-docs/modules/ROOT/examples/resources/docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests-context.xml
View File

@@ -1,22 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util https://www.springframework.org/schema/util/spring-util-4.1.xsd">
<context:annotation-config/>
<bean class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration"/>
<!-- tag::configure-redis-action[] -->
<util:constant
static-field="org.springframework.session.data.redis.config.ConfigureRedisAction.NO_OP"/>
<!-- end::configure-redis-action[] -->
<bean class="docs.HttpSessionConfigurationNoOpConfigureRedisActionXmlTests"
factory-method="connectionFactory"/>
</beans>

22
spring-session-docs/modules/ROOT/examples/resources/docs/http/HttpSessionListenerXmlTests-context.xml
View File

@@ -1,22 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util https://www.springframework.org/schema/util/spring-util-4.1.xsd">
<!-- tag::config[] -->
<bean class="org.springframework.security.web.session.HttpSessionEventPublisher"/>
<!-- end::config[] -->
<context:annotation-config/>
<bean class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration"/>
<bean class="docs.http.AbstractHttpSessionListenerTests"
factory-method="createMockRedisConnection"/>
<bean class="docs.http.AbstractHttpSessionListenerTests$SecuritySessionDestroyedListener"/>
</beans>

32
spring-session-docs/modules/ROOT/examples/resources/docs/security/RememberMeSecurityConfigurationXmlTests-context.xml
View File

@@ -1,32 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">
<!-- tag::config[] -->
<security:http>
<!-- ... -->
<security:form-login />
<security:remember-me services-ref="rememberMeServices"/>
</security:http>
<bean id="rememberMeServices"
class="org.springframework.session.security.web.authentication.SpringSessionRememberMeServices"
p:alwaysRemember="true"/>
<!-- end::config[] -->
<security:user-service>
<security:user name="user" password="{noop}password" authorities="ROLE_USER"/>
</security:user-service>
<bean class="org.springframework.session.config.annotation.web.http.SpringHttpSessionConfiguration"/>
<bean id="springSessionRepository" class="org.springframework.session.MapSessionRepository">
<constructor-arg>
<bean class="java.util.concurrent.ConcurrentHashMap"/>
</constructor-arg>
</bean>
</beans>

22
spring-session-docs/modules/ROOT/examples/resources/docs/security/security-config.xml
View File

@@ -1,22 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd">
<!-- tag::config[] -->
<security:http>
<!-- other config goes here... -->
<security:session-management>
<security:concurrency-control max-sessions="2" session-registry-ref="sessionRegistry"/>
</security:session-management>
</security:http>
<bean id="sessionRegistry"
class="org.springframework.session.security.SpringSessionBackedSessionRegistry">
<constructor-arg ref="sessionRepository"/>
</bean>
<!-- end::config[] -->
</beans>

1
spring-session-docs/modules/ROOT/examples/session-jdbc-main-resources-dir
View File

@@ -1 +0,0 @@
../../../../spring-session-jdbc/src/main/resources

1
spring-session-docs/modules/ROOT/examples/spring-session-samples
View File

@@ -1 +0,0 @@
../../../../spring-session-samples

25
spring-session-docs/modules/ROOT/nav.adoc
View File

@@ -1,25 +0,0 @@
* xref:whats-new.adoc[What's New]
* xref:samples.adoc[Samples & Guides (Start Here)]
** Boot Samples
*** HttpSession
**** Redis
***** {gh-samples-url}spring-session-sample-boot-redis-json[JSON serialization]
***** {gh-samples-url}spring-session-sample-boot-redis-simple[Simple Redis]
***** xref:guides/boot-redis.adoc[Redis with Events]
**** xref:guides/boot-mongo.adoc[MongoDB]
**** xref:guides/boot-jdbc.adoc[JDBC]
**** {gh-samples-url}spring-session-sample-boot-hazelcast[HttpSession with Hazelcast]
*** xref:guides/boot-findbyusername.adoc[Find by Username]
*** xref:guides/boot-websocket.adoc[WebSockets]
** WebFlux
*** {gh-samples-url}spring-session-sample-boot-webflux[Redis]
*** xref:guides/boot-webflux-custom-cookie.adoc[Custom Cookie]
** Java Configuration
** XML Configuration
* xref:modules.adoc[Modules]
* xref:http-session.adoc[HttpSession Integration]
* xref:web-socket.adoc[WebSocket Integration]
* xref:web-session.adoc[WebSession Integration]
* xref:spring-security.adoc[Spring Security Integration]
* xref:api.adoc[API Documentation]
* xref:upgrading.adoc[Upgrading]

730
spring-session-docs/modules/ROOT/pages/api.adoc
View File

@@ -1,730 +0,0 @@
[[api]]
= API Documentation
You can browse the complete link:../../api/[Javadoc] online. The key APIs are described in the following sections:
* <<api-session>>
* <<api-sessionrepository>>
* <<api-findbyindexnamesessionrepository>>
* <<api-reactivesessionrepository>>
* <<api-enablespringhttpsession>>
* <<api-enablespringwebsession>>
* <<api-redisindexedsessionrepository>>
* <<api-reactiveredissessionrepository>>
* <<api-mapsessionrepository>>
* <<api-reactivemapsessionrepository>>
* <<api-jdbcindexedsessionrepository>>
* <<api-hazelcastindexedsessionrepository>>
* <<api-cookieserializer>>
[[api-session]]
== Using `Session`
A `Session` is a simplified `Map` of name value pairs.
Typical usage might look like the following listing:
====
[source,java,indent=0]
----
include::{indexdoc-tests}[tags=repository-demo]
----
<1> We create a `SessionRepository` instance with a generic type, `S`, that extends `Session`. The generic type is defined in our class.
<2> We create a new `Session` by using our `SessionRepository` and assign it to a variable of type `S`.
<3> We interact with the `Session`. In our example, we demonstrate saving a `User` to the `Session`.
<4> We now save the `Session`. This is why we needed the generic type `S`. The `SessionRepository` only allows saving `Session` instances that were created or retrieved by using the same `SessionRepository`. This allows for the `SessionRepository` to make implementation specific optimizations (that is, writing only attributes that have changed).
<5> We retrieve the `Session` from the `SessionRepository`.
<6> We obtain the persisted `User` from our `Session` without the need for explicitly casting our attribute.
====
The `Session` API also provides attributes related to the `Session` instance's expiration.
Typical usage might look like the following listing:
====
[source,java,indent=0]
----
include::{indexdoc-tests}[tags=expire-repository-demo]
----
<1> We create a `SessionRepository` instance with a generic type, `S`, that extends `Session`. The generic type is defined in our class.
<2> We create a new `Session` by using our `SessionRepository` and assign it to a variable of type `S`.
<3> We interact with the `Session`.
In our example, we demonstrate updating the amount of time the `Session` can be inactive before it expires.
<4> We now save the `Session`.
This is why we needed the generic type, `S`.
The `SessionRepository` allows saving only `Session` instances that were created or retrieved using the same `SessionRepository`.
This allows for the `SessionRepository` to make implementation specific optimizations (that is, writing only attributes that have changed).
The last accessed time is automatically updated when the `Session` is saved.
<5> We retrieve the `Session` from the `SessionRepository`.
If the `Session` were expired, the result would be null.
====
[[api-sessionrepository]]
== Using `SessionRepository`
A `SessionRepository` is in charge of creating, retrieving, and persisting `Session` instances.
If possible, you should not interact directly with a `SessionRepository` or a `Session`.
Instead, developers should prefer interacting with `SessionRepository` and `Session` indirectly through the xref:http-session.adoc#httpsession[`HttpSession`] and xref:web-socket.adoc#websocket[WebSocket] integration.
[[api-findbyindexnamesessionrepository]]
== Using `FindByIndexNameSessionRepository`
Spring Session's most basic API for using a `Session` is the `SessionRepository`.
This API is intentionally very simple, so that you can easily provide additional implementations with basic functionality.
Some `SessionRepository` implementations may also choose to implement `FindByIndexNameSessionRepository`.
For example, Spring's Redis, JDBC, and Hazelcast support libraries all implement `FindByIndexNameSessionRepository`.
The `FindByIndexNameSessionRepository` provides a method to look up all the sessions with a given index name and index value.
As a common use case that is supported by all provided `FindByIndexNameSessionRepository` implementations, you can use a convenient method to look up all the sessions for a particular user.
This is done by ensuring that the session attribute with the name of `FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME` is populated with the username.
It is your responsibility to ensure that the attribute is populated, since Spring Session is not aware of the authentication mechanism being used.
An example of how to use this can be seen in the following listing:
====
[source,java,indent=0]
----
include::{docs-test-dir}docs/FindByIndexNameSessionRepositoryTests.java[tags=set-username]
----
====
NOTE: Some implementations of `FindByIndexNameSessionRepository` provide hooks to automatically index other session attributes.
For example, many implementations automatically ensure that the current Spring Security user name is indexed with the index name of `FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME`.
Once the session is indexed, you can find by using code similar to the following:
====
[source,java,indent=0]
----
include::{docs-test-dir}docs/FindByIndexNameSessionRepositoryTests.java[tags=findby-username]
----
====
[[api-reactivesessionrepository]]
== Using `ReactiveSessionRepository`
A `ReactiveSessionRepository` is in charge of creating, retrieving, and persisting `Session` instances in a non-blocking and reactive manner.
If possible, you should not interact directly with a `ReactiveSessionRepository` or a `Session`.
Instead, you should prefer interacting with `ReactiveSessionRepository` and `Session` indirectly through the xref:web-session.adoc#websession[WebSession] integration.
[[api-enablespringhttpsession]]
== Using `@EnableSpringHttpSession`
You can add the `@EnableSpringHttpSession` annotation to a `@Configuration` class to expose the `SessionRepositoryFilter` as a bean named `springSessionRepositoryFilter`.
In order to use the annotation, you must provide a single `SessionRepository` bean.
The following example shows how to do so:
====
[source,java,indent=0]
----
include::{docs-test-dir}docs/SpringHttpSessionConfig.java[tags=class]
----
====
Note that no infrastructure for session expirations is configured for you.
This is because things such as session expiration are highly implementation-dependent.
This means that, if you need to clean up expired sessions, you are responsible for cleaning up the expired sessions.
[[api-enablespringwebsession]]
== Using `@EnableSpringWebSession`
You can add the `@EnableSpringWebSession` annotation to a `@Configuration` class to expose the `WebSessionManager` as a bean named `webSessionManager`.
To use the annotation, you must provide a single `ReactiveSessionRepository` bean.
The following example shows how to do so:
====
[source,java,indent=0]
----
include::{docs-test-dir}docs/SpringWebSessionConfig.java[tags=class]
----
====
Note that no infrastructure for session expirations is configured for you.
This is because things such as session expiration are highly implementation-dependent.
This means that, if you require cleaning up expired sessions, you are responsible for cleaning up the expired sessions.
[[api-redisindexedsessionrepository]]
== Using `RedisIndexedSessionRepository`
`RedisIndexedSessionRepository` is a `SessionRepository` that is implemented by using Spring Data's `RedisOperations`.
In a web environment, this is typically used in combination with `SessionRepositoryFilter`.
The implementation supports `SessionDestroyedEvent` and `SessionCreatedEvent` through `SessionMessageListener`.
[[api-redisindexedsessionrepository-new]]
=== Instantiating a `RedisIndexedSessionRepository`
You can see a typical example of how to create a new instance in the following listing:
====
[source,java,indent=0]
----
include::{indexdoc-tests}[tags=new-redisindexedsessionrepository]
----
====
For additional information on how to create a `RedisConnectionFactory`, see the Spring Data Redis Reference.
[[api-redisindexedsessionrepository-config]]
=== Using `@EnableRedisHttpSession`
In a web environment, the simplest way to create a new `RedisIndexedSessionRepository` is to use `@EnableRedisHttpSession`.
You can find complete example usage in the xref:samples.adoc#samples[Samples and Guides (Start Here)].
You can use the following attributes to customize the configuration:
* *maxInactiveIntervalInSeconds*: The amount of time before the session expires, in seconds.
* *redisNamespace*: Allows configuring an application specific namespace for the sessions. Redis keys and channel IDs start with the prefix of `<redisNamespace>:`.
* *flushMode*: Allows specifying when data is written to Redis. The default is only when `save` is invoked on `SessionRepository`.
A value of `FlushMode.IMMEDIATE` writes to Redis as soon as possible.
==== Custom `RedisSerializer`
You can customize the serialization by creating a bean named `springSessionDefaultRedisSerializer` that implements `RedisSerializer<Object>`.
=== Redis `TaskExecutor`
`RedisIndexedSessionRepository` is subscribed to receive events from Redis by using a `RedisMessageListenerContainer`.
You can customize the way those events are dispatched by creating a bean named `springSessionRedisTaskExecutor`, a bean `springSessionRedisSubscriptionExecutor`, or both.
You can find more details on configuring Redis task executors https://docs.spring.io/spring-data-redis/docs/{spring-data-redis-version}/reference/html/#redis:pubsub:subscribe:containers[here].
[[api-redisindexedsessionrepository-storage]]
=== Storage Details
The following sections outline how Redis is updated for each operation.
The following example shows an example of creating a new session:
====
----
HMSET spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe creationTime 1404360000000 \
maxInactiveInterval 1800 \
lastAccessedTime 1404360000000 \
sessionAttr:attrName someAttrValue \
sessionAttr:attrName2 someAttrValue2
EXPIRE spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe 2100
APPEND spring:session:sessions:expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe ""
EXPIRE spring:session:sessions:expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe 1800
SADD spring:session:expirations:1439245080000 expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe
EXPIRE spring:session:expirations1439245080000 2100
----
====
The subsequent sections describe the details.
==== Saving a Session
Each session is stored in Redis as a `Hash`.
Each session is set and updated by using the `HMSET` command.
The following example shows how each session is stored:
====
----
HMSET spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe creationTime 1404360000000 \
maxInactiveInterval 1800 \
lastAccessedTime 1404360000000 \
sessionAttr:attrName someAttrValue \
sessionAttr:attrName2 someAttrValue2
----
====
In the preceding example, the following statements are true about the session:
* The session ID is 33fdd1b6-b496-4b33-9f7d-df96679d32fe.
* The session was created at 1404360000000 (in milliseconds since midnight of 1/1/1970 GMT).
* The session expires in 1800 seconds (30 minutes).
* The session was last accessed at 1404360000000 (in milliseconds since midnight of 1/1/1970 GMT).
* The session has two attributes.
The first is `attrName`, with a value of `someAttrValue`.
The second session attribute is named `attrName2`, with a value of `someAttrValue2`.
[[api-redisindexedsessionrepository-writes]]
==== Optimized Writes
The `Session` instances managed by `RedisIndexedSessionRepository` keeps track of the properties that have changed and updates only those.
This means that, if an attribute is written once and read many times, we need to write that attribute only once.
For example, assume the `attrName2` session attribute from the lsiting in the preceding section was updated.
The following command would be run upon saving:
====
----
HMSET spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe sessionAttr:attrName2 newValue
----
====
[[api-redisindexedsessionrepository-expiration]]
==== Session Expiration
An expiration is associated with each session by using the `EXPIRE` command, based upon the `Session.getMaxInactiveInterval()`.
The following example shows a typical `EXPIRE` command:
====
----
EXPIRE spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe 2100
----
====
Note that the expiration that is set to five minutes after the session actually expires.
This is necessary so that the value of the session can be accessed when the session expires.
An expiration is set on the session itself five minutes after it actually expires to ensure that it is cleaned up, but only after we perform any necessary processing.
NOTE: The `SessionRepository.findById(String)` method ensures that no expired sessions are returned.
This means that you need not check the expiration before using a session.
Spring Session relies on the delete and expired https://redis.io/topics/notifications[keyspace notifications] from Redis to fire a <<api-redisindexedsessionrepository-sessiondestroyedevent,`SessionDeletedEvent`>> and a <<api-redisindexedsessionrepository-sessiondestroyedevent,`SessionExpiredEvent`>>, respectively.
`SessionDeletedEvent` or `SessionExpiredEvent` ensure that resources associated with the `Session` are cleaned up.
For example, when you use Spring Session's WebSocket support, the Redis expired or delete event triggers any WebSocket connections associated with the session to be closed.
Expiration is not tracked directly on the session key itself, since this would mean the session data would no longer be available. Instead, a special session expires key is used. In the preceding example, the expires key is as follows:
====
----
APPEND spring:session:sessions:expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe ""
EXPIRE spring:session:sessions:expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe 1800
----
====
When a session expires key is deleted or expires, the keyspace notification triggers a lookup of the actual session, and a `SessionDestroyedEvent` is fired.
One problem with relying on Redis expiration exclusively is that, if the key has not been accessed, Redis makes no guarantee of when the expired event is fired.
Specifically, the background task that Redis uses to clean up expired keys is a low-priority task and may not trigger the key expiration.
For additional details, see the https://redis.io/topics/notifications[Timing of Expired Events] section in the Redis documentation.
To circumvent the fact that expired events are not guaranteed to happen, we can ensure that each key is accessed when it is expected to expire.
This means that, if the TTL is expired on the key, Redis removes the key and fires the expired event when we try to access the key.
For this reason, each session expiration is also tracked to the nearest minute.
This lets a background task access the potentially expired sessions to ensure that Redis expired events are fired in a more deterministic fashion.
The following example shows these events:
====
----
SADD spring:session:expirations:1439245080000 expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe
EXPIRE spring:session:expirations1439245080000 2100
----
====
The background task then uses these mappings to explicitly request each key.
By accessing the key, rather than deleting it, we ensure that Redis deletes the key for us only if the TTL is expired.
NOTE: We do not explicitly delete the keys, since, in some instances, there may be a race condition that incorrectly identifies a key as expired when it is not.
Short of using distributed locks (which would kill our performance), there is no way to ensure the consistency of the expiration mapping.
By simply accessing the key, we ensure that the key is only removed if the TTL on that key is expired.
[[api-redisindexedsessionrepository-sessiondestroyedevent]]
=== `SessionDeletedEvent` and `SessionExpiredEvent`
`SessionDeletedEvent` and `SessionExpiredEvent` are both types of `SessionDestroyedEvent`.
`RedisIndexedSessionRepository` supports firing a `SessionDeletedEvent` when a `Session` is deleted or a `SessionExpiredEvent` when a `Session` expires.
This is necessary to ensure resources associated with the `Session` are properly cleaned up.
For example, when integrating with WebSockets, the `SessionDestroyedEvent` is in charge of closing any active WebSocket connections.
Firing `SessionDeletedEvent` or `SessionExpiredEvent` is made available through the `SessionMessageListener`, which listens to https://redis.io/topics/notifications[Redis Keyspace events].
In order for this to work, Redis Keyspace events for Generic commands and Expired events needs to be enabled.
The following example shows how to do so:
====
[source,bash]
----
redis-cli config set notify-keyspace-events Egx
----
====
If you use `@EnableRedisHttpSession`, managing the `SessionMessageListener` and enabling the necessary Redis Keyspace events is done automatically.
However, in a secured Redis enviornment, the config command is disabled.
This means that Spring Session cannot configure Redis Keyspace events for you.
To disable the automatic configuration, add `ConfigureRedisAction.NO_OP` as a bean.
For example, with Java configuration, you can use the following:
====
[source,java,indent=0]
----
include::{docs-test-dir}docs/RedisHttpSessionConfigurationNoOpConfigureRedisActionTests.java[tags=configure-redis-action]
----
====
In XML configuration, you can use the following:
====
[source,xml,indent=0]
----
include::{docs-test-resources-dir}docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests-context.xml[tags=configure-redis-action]
----
====
[[api-redisindexedsessionrepository-sessioncreatedevent]]
=== Using `SessionCreatedEvent`
When a session is created, an event is sent to Redis with a channel ID of `spring:session:channel:created:33fdd1b6-b496-4b33-9f7d-df96679d32fe`,
where `33fdd1b6-b496-4b33-9f7d-df96679d32fe` is the session ID. The body of the event is the session that was created.
If registered as a `MessageListener` (the default), `RedisIndexedSessionRepository` then translates the Redis message into a `SessionCreatedEvent`.
[[api-redisindexedsessionrepository-cli]]
=== Viewing the Session in Redis
After https://redis.io/topics/quickstart[installing redis-cli], you can inspect the values in Redis https://redis.io/commands#hash[using the redis-cli].
For example, you can enter the following into a terminal:
====
[source,bash]
----
$ redis-cli
redis 127.0.0.1:6379> keys *
1) "spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021" <1>
2) "spring:session:expirations:1418772300000" <2>
----
<1> The suffix of this key is the session identifier of the Spring Session.
<2> This key contains all the session IDs that should be deleted at the time `1418772300000`.
====
You can also view the attributes of each session.
The following example shows how to do so:
====
[source,bash]
----
redis 127.0.0.1:6379> hkeys spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021
1) "lastAccessedTime"
2) "creationTime"
3) "maxInactiveInterval"
4) "sessionAttr:username"
redis 127.0.0.1:6379> hget spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021 sessionAttr:username
"\xac\xed\x00\x05t\x00\x03rob"
----
====
[[api-reactiveredissessionrepository]]
== Using `ReactiveRedisSessionRepository`
`ReactiveRedisSessionRepository` is a `ReactiveSessionRepository` that is implemented by using Spring Data's `ReactiveRedisOperations`.
In a web environment, this is typically used in combination with `WebSessionStore`.
[[api-reactiveredissessionrepository-new]]
=== Instantiating a `ReactiveRedisSessionRepository`
The following example shows how to create a new instance:
====
[source,java,indent=0]
----
include::{indexdoc-tests}[tags=new-reactiveredissessionrepository]
----
====
For additional information on how to create a `ReactiveRedisConnectionFactory`, see the Spring Data Redis Reference.
[[api-reactiveredissessionrepository-config]]
=== Using `@EnableRedisWebSession`
In a web environment, the simplest way to create a new `ReactiveRedisSessionRepository` is to use `@EnableRedisWebSession`.
You can use the following attributes to customize the configuration:
* *maxInactiveIntervalInSeconds*: The amount of time before the session expires, in seconds
* *redisNamespace*: Allows configuring an application specific namespace for the sessions. Redis keys and channel IDs start with q prefix of `<redisNamespace>:`.
* *flushMode*: Allows specifying when data is written to Redis. The default is only when `save` is invoked on `ReactiveSessionRepository`.
A value of `FlushMode.IMMEDIATE` writes to Redis as soon as possible.
[[api-reactiveredissessionrepository-writes]]
==== Optimized Writes
The `Session` instances managed by `ReactiveRedisSessionRepository` keep track of the properties that have changed and updates only those.
This means that, if an attribute is written once and read many times, we need to write that attribute only once.
[[api-reactiveredissessionrepository-cli]]
=== Viewing the Session in Redis
After https://redis.io/topics/quickstart[installing redis-cli], you can inspect the values in Redis https://redis.io/commands#hash[using the redis-cli].
For example, you can enter the following command into a terminal window:
====
[source,bash]
----
$ redis-cli
redis 127.0.0.1:6379> keys *
1) "spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021" <1>
----
<1> The suffix of this key is the session identifier of the Spring Session.
====
You can also view the attributes of each session by using the `hkeys` command.
The following example shows how to do so:
====
[source,bash]
----
redis 127.0.0.1:6379> hkeys spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021
1) "lastAccessedTime"
2) "creationTime"
3) "maxInactiveInterval"
4) "sessionAttr:username"
redis 127.0.0.1:6379> hget spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021 sessionAttr:username
"\xac\xed\x00\x05t\x00\x03rob"
----
====
[[api-mapsessionrepository]]
== Using `MapSessionRepository`
The `MapSessionRepository` allows for persisting `Session` in a `Map`, with the key being the `Session` ID and the value being the `Session`.
You can use the implementation with a `ConcurrentHashMap` as a testing or convenience mechanism.
Alternatively, you can use it with distributed `Map` implementations. For example, it can be used with Hazelcast.
[[api-mapsessionrepository-new]]
=== Instantiating `MapSessionRepository`
The following example shows how to create a new instance:
====
[source,java,indent=0]
----
include::{indexdoc-tests}[tags=new-mapsessionrepository]
----
====
[[api-mapsessionrepository-hazelcast]]
=== Using Spring Session and Hazlecast
The xref:samples.adoc#samples[Hazelcast Sample] is a complete application that demonstrates how to use Spring Session with Hazelcast.
To run it, use the following command:
====
----
./gradlew :samples:hazelcast:tomcatRun
----
====
The xref:samples.adoc#samples[Hazelcast Spring Sample] is a complete application that demonstrates how to use Spring Session with Hazelcast and Spring Security.
It includes example Hazelcast `MapListener` implementations that support firing `SessionCreatedEvent`, `SessionDeletedEvent`, and `SessionExpiredEvent`.
To run it, use the following command:
====
----
./gradlew :samples:hazelcast-spring:tomcatRun
----
====
[[api-reactivemapsessionrepository]]
== Using `ReactiveMapSessionRepository`
The `ReactiveMapSessionRepository` allows for persisting `Session` in a `Map`, with the key being the `Session` ID and the value being the `Session`.
You can use the implementation with a `ConcurrentHashMap` as a testing or convenience mechanism.
Alternatively, you can use it with distributed `Map` implementations, with the requirement that the supplied `Map` must be non-blocking.
[[api-jdbcindexedsessionrepository]]
== Using `JdbcIndexedSessionRepository`
`JdbcIndexedSessionRepository` is a `SessionRepository` implementation that uses Spring's `JdbcOperations` to store sessions in a relational database.
In a web environment, this is typically used in combination with `SessionRepositoryFilter`.
Note that this implementation does not support publishing of session events.
[[api-jdbcindexedsessionrepository-new]]
=== Instantiating a `JdbcIndexedSessionRepository`
The following example shows how to create a new instance:
====
[source,java,indent=0]
----
include::{indexdoc-tests}[tags=new-jdbcindexedsessionrepository]
----
====
For additional information on how to create and configure `JdbcTemplate` and `PlatformTransactionManager`, see the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/data-access.html[Spring Framework Reference Documentation].
[[api-jdbcindexedsessionrepository-config]]
=== Using `@EnableJdbcHttpSession`
In a web environment, the simplest way to create a new `JdbcIndexedSessionRepository` is to use `@EnableJdbcHttpSession`.
You can find complete example usage in the xref:samples.adoc#samples[Samples and Guides (Start Here)]
You can use the following attributes to customize the configuration:
* *tableName*: The name of database table used by Spring Session to store sessions
* *maxInactiveIntervalInSeconds*: The amount of time before the session will expire in seconds
==== Customizing `LobHandler`
You can customize BLOB handling by creating a bean named `springSessionLobHandler` that implements `LobHandler`.
==== Customizing `ConversionService`
You can customize the default serialization and deserialization of the session by providing a `ConversionService` instance.
When working in a typical Spring environment, the default `ConversionService` bean (named `conversionService`) is automatically picked up and used for serialization and deserialization.
However, you can override the default `ConversionService` by providing a bean named `springSessionConversionService`.
[[api-jdbcindexedsessionrepository-storage]]
=== Storage Details
By default, this implementation uses `SPRING_SESSION` and `SPRING_SESSION_ATTRIBUTES` tables to store sessions.
Note that you can customize the table name, as already described. In that case, the table used to store attributes is named by using the provided table name suffixed with `_ATTRIBUTES`.
If further customizations are needed, you can customize the SQL queries used by the repository by using `set*Query` setter methods. In this case, you need to manually configure the `sessionRepository` bean.
Due to the differences between the various database vendors, especially when it comes to storing binary data, make sure to use SQL scripts specific to your database.
Scripts for most major database vendors are packaged as `org/springframework/session/jdbc/schema-\*.sql`, where `*` is the target database type.
For example, with PostgreSQL, you can use the following schema script:
====
[source,sql,indent=0]
----
include::{session-jdbc-main-resources-dir}org/springframework/session/jdbc/schema-postgresql.sql[]
----
====
With MySQL database, you can use the following script:
====
[source,sql,indent=0]
----
include::{session-jdbc-main-resources-dir}org/springframework/session/jdbc/schema-mysql.sql[]
----
====
=== Transaction Management
All JDBC operations in `JdbcIndexedSessionRepository` are performed in a transactional manner.
Transactions are performed with propagation set to `REQUIRES_NEW` in order to avoid unexpected behavior due to interference with existing transactions (for example, running a `save` operation in a thread that already participates in a read-only transaction).
[[api-hazelcastindexedsessionrepository]]
== Using `HazelcastIndexedSessionRepository`
`HazelcastIndexedSessionRepository` is a `SessionRepository` implementation that stores sessions in Hazelcast's distributed `IMap`.
In a web environment, this is typically used in combination with `SessionRepositoryFilter`.
[[api-hazelcastindexedsessionrepository-new]]
=== Instantiating a `HazelcastIndexedSessionRepository`
The following example shows how to create a new instance:
====
[source,java,indent=0]
----
include::{indexdoc-tests}[tags=new-hazelcastindexedsessionrepository]
----
====
For additional information on how to create and configure Hazelcast instance, see the https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-configuration[Hazelcast documentation].
[[api-enablehazelcasthttpsession]]
=== Using `@EnableHazelcastHttpSession`
To use https://hazelcast.org/[Hazelcast] as your backing source for the `SessionRepository`, you can add the `@EnableHazelcastHttpSession` annotation to a `@Configuration` class.
Doing so extends the functionality provided by the `@EnableSpringHttpSession` annotation but makes the `SessionRepository` for you in Hazelcast.
You must provide a single `HazelcastInstance` bean for the configuration to work.
You can find a complete configuration example in the xref:samples.adoc#samples[Samples and Guides (Start Here)].
[[api-enablehazelcasthttpsession-customize]]
=== Basic Customization
You can use the following attributes on `@EnableHazelcastHttpSession` to customize the configuration:
* *maxInactiveIntervalInSeconds*: The amount of time before the session expires, in seconds. The default is 1800 seconds (30 minutes)
* *sessionMapName*: The name of the distributed `Map` that is used in Hazelcast to store the session data.
[[api-enablehazelcasthttpsession-events]]
=== Session Events
Using a `MapListener` to respond to entries being added, evicted, and removed from the distributed `Map` causes these events to trigger publishing of `SessionCreatedEvent`, `SessionExpiredEvent`, and `SessionDeletedEvent` events (respectively) through the `ApplicationEventPublisher`.
[[api-enablehazelcasthttpsession-storage]]
=== Storage Details
Sessions are stored in a distributed `IMap` in Hazelcast.
The `IMap` interface methods are used to `get()` and `put()` Sessions.
Additionally, the `values()` method supports a `FindByIndexNameSessionRepository#findByIndexNameAndIndexValue` operation, together with appropriate `ValueExtractor` (which needs to be registered with Hazelcast). See the xref:samples.adoc#samples[ Hazelcast Spring Sample] for more details on this configuration.
The expiration of a session in the `IMap` is handled by Hazelcast's support for setting the time to live on an entry when it is `put()` into the `IMap`. Entries (sessions) that have been idle longer than the time to live are automatically removed from the `IMap`.
You should not need to configure any settings such as `max-idle-seconds` or `time-to-live-seconds` for the `IMap` within the Hazelcast configuration.
Note that if you use Hazelcast's `MapStore` to persist your sessions `IMap`, the following limitations apply when reloading the sessions from `MapStore`:
* Reloading triggers `EntryAddedListener` results in `SessionCreatedEvent` being re-published
* Reloading uses default TTL for a given `IMap` results in sessions losing their original TTL
[[api-cookieserializer]]
== Using `CookieSerializer`
A `CookieSerializer` is responsible for defining how the session cookie is written.
Spring Session comes with a default implementation using `DefaultCookieSerializer`.
[[api-cookieserializer-bean]]
=== Exposing `CookieSerializer` as a bean
Exposing the `CookieSerializer` as a Spring bean augments the existing configuration when you use configurations like `@EnableRedisHttpSession`.
The following example shows how to do so:
====
[source,java]
----
include::{samples-dir}spring-session-sample-javaconfig-custom-cookie/src/main/java/sample/Config.java[tags=cookie-serializer]
----
<1> We customize the name of the cookie to be `JSESSIONID`.
<2> We customize the path of the cookie to be `/` (rather than the default of the context root).
<3> We customize the domain name pattern (a regular expression) to be `^.+?\\.(\\w+\\.[a-z]+)$`.
This allows sharing a session across domains and applications.
If the regular expression does not match, no domain is set and the existing domain is used.
If the regular expression matches, the first https://docs.oracle.com/javase/tutorial/essential/regex/groups.html[grouping] is used as the domain.
This means that a request to https://child.example.com sets the domain to `example.com`.
However, a request to http://localhost:8080/ or https://192.168.1.100:8080/ leaves the cookie unset and, thus, still works in development without any changes being necessary for production.
====
WARNING: You should only match on valid domain characters, since the domain name is reflected in the response.
Doing so prevents a malicious user from performing such attacks as https://en.wikipedia.org/wiki/HTTP_response_splitting[HTTP Response Splitting].
[[api-cookieserializer-customization]]
=== Customizing `CookieSerializer`
You can customize how the session cookie is written by using any of the following configuration options on the `DefaultCookieSerializer`.
* `cookieName`: The name of the cookie to use.
Default: `SESSION`.
* `useSecureCookie`: Specifies whether a secure cookie should be used.
Default: Use the value of `HttpServletRequest.isSecure()` at the time of creation.
* `cookiePath`: The path of the cookie.
Default: The context root.
* `cookieMaxAge`: Specifies the max age of the cookie to be set at the time the session is created.
Default: `-1`, which indicates the cookie should be removed when the browser is closed.
* `jvmRoute`: Specifies a suffix to be appended to the session ID and included in the cookie.
Used to identify which JVM to route to for session affinity.
With some implementations (that is, Redis) this option provides no performance benefit.
However, it can help with tracing logs of a particular user.
* `domainName`: Allows specifying a specific domain name to be used for the cookie.
This option is simple to understand but often requires a different configuration between development and production environments.
See `domainNamePattern` as an alternative.
* `domainNamePattern`: A case-insensitive pattern used to extract the domain name from the `HttpServletRequest#getServerName()`.
The pattern should provide a single grouping that is used to extract the value of the cookie domain.
If the regular expression does not match, no domain is set and the existing domain is used.
If the regular expression matches, the first https://docs.oracle.com/javase/tutorial/essential/regex/groups.html[grouping] is used as the domain.
* `sameSite`: The value for the `SameSite` cookie directive.
To disable the serialization of the `SameSite` cookie directive, you may set this value to `null`.
Default: `Lax`
WARNING: You should only match on valid domain characters, since the domain name is reflected in the response.
Doing so prevents a malicious user from performing such attacks as https://en.wikipedia.org/wiki/HTTP_response_splitting[HTTP Response Splitting].
[[custom-sessionrepository]]
== Customizing `SessionRepository`
Implementing a custom <<api-sessionrepository,`SessionRepository`>> API should be a fairly straightforward task.
Coupling the custom implementation with <<api-enablespringhttpsession,`@EnableSpringHttpSession`>> support lets you reuse existing Spring Session configuration facilities and infrastructure.
There are, however, a couple of aspects that deserve closer consideration.
During the lifecycle of an HTTP request, the `HttpSession` is typically persisted to `SessionRepository` twice.
The first persist operation is to ensure that the session is available to the client as soon as the client has access to the session ID, and it is also necessary to write after the session is committed because further modifications to the session might be made.
Having this in mind, we generally recommend that a `SessionRepository` implementation keep track of changes to ensure that only deltas are saved.
This is particularly important in highly concurrent environments, where multiple requests operate on the same `HttpSession` and, therefore, cause race conditions, with requests overriding each other's changes to session attributes.
All of the `SessionRepository` implementations provided by Spring Session use the described approach to persist session changes and can be used for guidance when you implement custom `SessionRepository`.
Note that the same recommendations apply for implementing a custom <<api-reactivesessionrepository,`ReactiveSessionRepository`>> as well.
In this case, you should use the <<api-enablespringwebsession,`@EnableSpringWebSession`>>.

174
spring-session-docs/modules/ROOT/pages/guides/boot-mongo.adoc
View File

@@ -1,174 +0,0 @@
= Spring Session - MongoDB Repositories
Jakub Kubrynski, Greg Turnquist
:stylesdir: ../
:highlightjsdir: ../js/highlight
:docinfodir: guides
This guide describes how to use Spring Session backed by MongoDB.
NOTE: The completed guide can be found in the <<mongo-sample, mongo sample application>>.
[#index-link]
link:../index.html[Index]
== Updating Dependencies
Before you use Spring Session MongoDB, you must ensure to update your dependencies.
We assume you are working with a working Spring Boot web application.
If you are using Maven, ensure to add the following dependencies:
====
[source,xml]
[subs="verbatim,attributes"]
.pom.xml
----
<dependencies>
<!-- ... -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-mongodb</artifactId>
</dependency>
</dependencies>
----
====
ifeval::["{version-snapshot}" == "true"]
Since We are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
Ensure you have the following in your pom.xml:
====
[source,xml]
.pom.xml
----
<repositories>
<!-- ... -->
<repository>
<id>spring-snapshot</id>
<url>https://repo.spring.io/libs-snapshot</url>
</repository>
</repositories>
----
====
endif::[]
ifeval::["{version-milestone}" == "true"]
Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
Ensure you have the following in your pom.xml:
====
[source,xml]
.pom.xml
----
<repository>
<id>spring-milestone</id>
<url>https://repo.spring.io/libs-milestone</url>
</repository>
----
====
endif::[]
[[mongo-spring-configuration]]
== Spring Configuration
After adding the required dependencies, we can create our Spring configuration.
The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
// tag::config[]
All you have to do is to add the following Spring Configuration:
====
[source,java]
----
include::{samples-dir}spring-session-sample-boot-mongodb-traditional/src/main/java/org/springframework/session/mongodb/examples/config/HttpSessionConfig.java[tag=class]
----
<1> The `@EnableMongoHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
This filter is what replaces the default `HttpSession` with the MongoDB-backed bean.
<2> Configures the session timeout to 30 minutes.
====
// end::config[]
[[boot-mongo-configuration]]
== Configuring the MongoDB Connection
Spring Boot automatically creates a `MongoClient` that connects Spring Session to a MongoDB Server on localhost on port 27017 (default port).
In a production environment you need to ensure to update your configuration to point to your MongoDB server.
For example, you can include the following in your *application.properties*
====
.src/main/resources/application.properties
----
spring.data.mongodb.host=mongo-srv
spring.data.mongodb.port=27018
spring.data.mongodb.database=prod
----
====
For more information, refer to https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-connecting-to-mongodb[Connecting to MongoDB] portion of the Spring Boot documentation.
[[boot-servlet-configuration]]
== Servlet Container Initialization
Our <<boot-mongo-configuration,Spring Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
Fortunately, Spring Boot takes care of both of these steps for us.
[[mongo-sample]]
== MongoDB Sample Application
The MongoDB Sample Application demonstrates how to use Spring Session to transparently leverage MongoDB to back a web application's `HttpSession` when using Spring Boot.
[[mongo-running]]
=== Running the MongoDB Sample Application
You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
====
----
$ ./gradlew :samples:mongo:bootRun
----
====
You should now be able to access the application at http://localhost:8080/
[[boot-explore]]
=== Exploring the security Sample Application
Try using the application. Enter the following to log in:
* **Username** _user_
* **Password** _password_
Now click the **Login** button.
You should now see a message indicating your are logged in with the user entered previously.
The user's information is stored in MongoDB rather than Tomcat's `HttpSession` implementation.
[[mongo-how]]
=== How does it work?
Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Mongo.
Spring Session replaces the `HttpSession` with an implementation that is backed by Mongo.
When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Mongo.
When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
If you like, you can easily inspect the session using mongo client. For example, on a Linux based system you can type:
[NOTE]
====
The sample application uses an embedded MongoDB instance that listens on a randomly allocated port.
The port used by embedded MongoDB together with exact command to connect to it is logged during application startup.
====
$ mongo --port ...
> use test
> db.sessions.find().pretty()
Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `60f17293-839b-477c-bb92-07a9c3658843` with the value of your SESSION cookie:
> db.sessions.remove({"_id":"60f17293-839b-477c-bb92-07a9c3658843"})
Now visit the application at http://localhost:8080/ and observe that we are no longer authenticated.

256
spring-session-docs/modules/ROOT/pages/http-session.adoc
View File

@@ -1,256 +0,0 @@
[[httpsession]]
= `HttpSession` Integration
Spring Session provides transparent integration with `HttpSession`.
This means that developers can switch the `HttpSession` implementation out with an implementation that is backed by Spring Session.
[[httpsession-why]]
== Why Spring Session and `HttpSession`?
We have already mentioned that Spring Session provides transparent integration with `HttpSession`, but what benefits do we get out of this?
* *Clustered Sessions*: Spring Session makes it trivial to support <<httpsession-redis,clustered sessions>> without being tied to an application container specific solution.
* *RESTful APIs*: Spring Session lets providing session IDs in headers work with <<httpsession-rest,RESTful APIs>>
[[httpsession-redis]]
== `HttpSession` with Redis
Using Spring Session with `HttpSession` is enabled by adding a Servlet Filter before anything that uses the `HttpSession`.
You can choose from enabling this by using either:
* <<httpsession-redis-jc,Java-based Configuration>>
* <<httpsession-redis-xml,XML-based Configuration>>
[[httpsession-redis-jc]]
=== Redis Java-based Configuration
This section describes how to use Redis to back `HttpSession` by using Java based configuration.
NOTE: The xref:samples.adoc#samples[ HttpSession Sample] provides a working sample of how to integrate Spring Session and `HttpSession` by using Java configuration.
You can read the basic steps for integration in the next few sections, but we encourage you to follow along with the detailed HttpSession Guide when integrating with your own application.
include::guides/java-redis.adoc[tags=config,leveloffset=+2]
[[httpsession-redis-xml]]
=== Redis XML-based Configuration
This section describes how to use Redis to back `HttpSession` by using XML based configuration.
NOTE: The xref:samples.adoc#samples[ HttpSession XML Sample] provides a working sample of how to integrate Spring Session and `HttpSession` using XML configuration.
You can read the basic steps for integration in the next few sections, but we encourage you to follow along with the detailed HttpSession XML Guide when integrating with your own application.
include::guides/xml-redis.adoc[tags=config,leveloffset=+2]
[[httpsession-mongo]]
=== HttpSession with Mongo
Using Spring Session with `HttpSession` is enabled by adding a Servlet Filter before anything that uses the `HttpSession`.
This section describes how to use Mongo to back `HttpSession` using Java based configuration.
NOTE: The <<samples, HttpSession Mongo Sample>> provides a working sample on how to integrate Spring Session and `HttpSession` using Java configuration.
You can read the basic steps for integration below, but you are encouraged to follow along with the detailed HttpSession Guide when integrating with your own application.
include::guides/boot-mongo.adoc[tags=config,leveloffset=+3]
==== Session serialization mechanisms
To be able to persist session objects in MongoDB we need to provide the serialization/deserialization mechanism.
By default, Spring Session MongoDB will use `JdkMongoSessionConverter`.
However, you may switch to `JacksonMongoSessionConverter` by merely adding the following code to your Boot app:
[source,java]
----
@Bean
JacksonMongoSessionConverter mongoSessionConverter() {
return new JacksonMongoSessionConverter();
}
----
===== JacksonMongoSessionConverter
This mechanism uses Jackson to serialize session objects to/from JSON.
By creating the following bean:
[source,java]
----
@Bean
JacksonMongoSessionConverter mongoSessionConverter() {
return new JacksonMongoSessionConverter();
}
----
...you are able to switch from the default (JDK-based serialization) to using Jackson.
IMPORTANT: If you are integrating with Spring Security (by storing your sessions in MongoDB), this configuration will
register the proper whitelisted components so Spring Security works properly.
If you would like to provide custom Jackson modules you can do it by explicitly registering modules as shown below:
[source,java,indent=0]
----
include::{code-dir}/src/test/java/org/springframework/session/data/mongo/integration/MongoRepositoryJacksonITest.java[tag=sample]
----
===== JdkMongoSessionConverter
`JdkMongoSessionConverter` uses standard Java serialization to persist session attributes map to MongoDB in a binary form.
However, standard session elements like id, access time, etc are still written as a plain Mongo objects and can be read and queried without additional effort.
`JdkMongoSessionConverter` is used if no explicit `AbstractMongoSessionConverter` Bean has been defined.
There is also a constructor taking `Serializer` and `Deserializer` objects, allowing you to pass custom implementations, which is especially important when you want to use non-default classloader.
[[httpsession-jdbc]]
== `HttpSession` with JDBC
You can use Spring Session with `HttpSession` by adding a servlet filter before anything that uses the `HttpSession`.
You can choose to do in any of the following ways:
* <<httpsession-jdbc-jc,Java-based Configuration>>
* <<httpsession-jdbc-xml,XML-based Configuration>>
* <<httpsession-jdbc-boot,Spring Boot-based Configuration>>
[[httpsession-jdbc-jc]]
=== JDBC Java-based Configuration
This section describes how to use a relational database to back `HttpSession` when you use Java-based configuration.
NOTE: The xref:samples.adoc#samples[ HttpSession JDBC Sample] provides a working sample of how to integrate Spring Session and `HttpSession` by using Java configuration.
You can read the basic steps for integration in the next few sections, but we encouraged you to follow along with the detailed HttpSession JDBC Guide when integrating with your own application.
include::guides/java-jdbc.adoc[tags=config,leveloffset=+2]
[[httpsession-jdbc-xml]]
=== JDBC XML-based Configuration
This section describes how to use a relational database to back `HttpSession` when you use XML based configuration.
NOTE: The xref:samples.adoc#samples[ HttpSession JDBC XML Sample] provides a working sample of how to integrate Spring Session and `HttpSession` by using XML configuration.
You can read the basic steps for integration in the next few sections, but we encourage you to follow along with the detailed HttpSession JDBC XML Guide when integrating with your own application.
include::guides/xml-jdbc.adoc[tags=config,leveloffset=+2]
[[httpsession-jdbc-boot]]
=== JDBC Spring Boot-based Configuration
This section describes how to use a relational database to back `HttpSession` when you use Spring Boot.
NOTE: The xref:samples.adoc#samples[ HttpSession JDBC Spring Boot Sample] provides a working sample of how to integrate Spring Session and `HttpSession` by using Spring Boot.
You can read the basic steps for integration in the next few sections, but we encourage you to follow along with the detailed HttpSession JDBC Spring Boot Guide when integrating with your own application.
include::guides/boot-jdbc.adoc[tags=config,leveloffset=+2]
[[httpsession-hazelcast]]
== HttpSession with Hazelcast
Using Spring Session with `HttpSession` is enabled by adding a Servlet Filter before anything that uses the `HttpSession`.
This section describes how to use Hazelcast to back `HttpSession` by using Java-based configuration.
NOTE: The xref:samples.adoc#samples[ Hazelcast Spring Sample] provides a working sample of how to integrate Spring Session and `HttpSession` by using Java configuration.
You can read the basic steps for integration in the next few sections, but we encourage you to follow along with the detailed Hazelcast Spring Guide when integrating with your own application.
include::guides/java-hazelcast.adoc[tags=config,leveloffset=+1]
[[httpsession-how]]
== How `HttpSession` Integration Works
Fortunately, both `HttpSession` and `HttpServletRequest` (the API for obtaining an `HttpSession`) are both interfaces.
This means that we can provide our own implementations for each of these APIs.
NOTE: This section describes how Spring Session provides transparent integration with `HttpSession`. We offer this content so that you can understand what is happening under the covers. This functionality is already integrated and you do NOT need to implement this logic yourself.
First, we create a custom `HttpServletRequest` that returns a custom implementation of `HttpSession`.
It looks something like the following:
====
[source, java]
----
public class SessionRepositoryRequestWrapper extends HttpServletRequestWrapper {
public SessionRepositoryRequestWrapper(HttpServletRequest original) {
super(original);
}
public HttpSession getSession() {
return getSession(true);
}
public HttpSession getSession(boolean createNew) {
// create an HttpSession implementation from Spring Session
}
// ... other methods delegate to the original HttpServletRequest ...
}
----
====
Any method that returns an `HttpSession` is overridden.
All other methods are implemented by `HttpServletRequestWrapper` and delegate to the original `HttpServletRequest` implementation.
We replace the `HttpServletRequest` implementation by using a servlet `Filter` called `SessionRepositoryFilter`.
The following pseudocode shows how it works:
====
[source, java]
----
public class SessionRepositoryFilter implements Filter {
public doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
SessionRepositoryRequestWrapper customRequest =
new SessionRepositoryRequestWrapper(httpRequest);
chain.doFilter(customRequest, response, chain);
}
// ...
}
----
====
By passing a custom `HttpServletRequest` implementation into the `FilterChain`, we ensure that anything invoked after our `Filter` uses the custom `HttpSession` implementation.
This highlights why it is important that Spring Session's `SessionRepositoryFilter` be placed before anything that interacts with the `HttpSession`.
[[httpsession-rest]]
== `HttpSession` and RESTful APIs
Spring Session can work with RESTful APIs by letting the session be provided in a header.
NOTE: The xref:samples.adoc#samples[ REST Sample] provides a working sample of how to use Spring Session in a REST application to support authenticating with a header.
You can follow the basic steps for integration described in the next few sections, but we encourage you to follow along with the detailed REST Guide when integrating with your own application.
include::guides/java-rest.adoc[tags=config,leveloffset=+1]
[[httpsession-httpsessionlistener]]
== Using `HttpSessionListener`
Spring Session supports `HttpSessionListener` by translating `SessionDestroyedEvent` and `SessionCreatedEvent` into `HttpSessionEvent` by declaring `SessionEventHttpSessionListenerAdapter`.
To use this support, you need to:
* Ensure your `SessionRepository` implementation supports and is configured to fire `SessionDestroyedEvent` and `SessionCreatedEvent`.
* Configure `SessionEventHttpSessionListenerAdapter` as a Spring bean.
* Inject every `HttpSessionListener` into the `SessionEventHttpSessionListenerAdapter`
If you use the configuration support documented in <<httpsession-redis,`HttpSession` with Redis>>, all you need to do is register every `HttpSessionListener` as a bean.
For example, assume you want to support Spring Security's concurrency control and need to use `HttpSessionEventPublisher`. In that case, you can add `HttpSessionEventPublisher` as a bean.
In Java configuration, this might look like the following:
====
[source,java,indent=0]
----
include::{docs-test-dir}docs/http/RedisHttpSessionConfig.java[tags=config]
----
====
In XML configuration, this might look like the following:
====
[source,xml,indent=0]
----
include::{docs-test-resources-dir}docs/http/HttpSessionListenerXmlTests-context.xml[tags=config]
----
====

74
spring-session-docs/modules/ROOT/pages/index.adoc
View File

@@ -1,74 +0,0 @@
= Spring Session
Rob Winch; Vedran Pavić; Jay Bryant; Eleftheria Stein-Kousathana
:doctype: book
:indexdoc-tests: {docs-test-dir}docs/IndexDocTests.java
:websocketdoc-test-dir: {docs-test-dir}docs/websocket/
[[abstract]]
Spring Session provides an API and implementations for managing a user's session information.
[[introduction]]
Spring Session provides an API and implementations for managing a user's session information while also making it trivial to support clustered sessions without being tied to an application container-specific solution.
It also provides transparent integration with:
* xref:http-session.adoc#httpsession[HttpSession]: Allows replacing the `HttpSession` in an application container-neutral way, with support for providing session IDs in headers to work with RESTful APIs.
* xref:web-socket.adoc#websocket[WebSocket]: Provides the ability to keep the `HttpSession` alive when receiving WebSocket messages
* xref:web-session.adoc#websession[WebSession]: Allows replacing the Spring WebFlux's `WebSession` in an application container-neutral way.
[[community]]
== Spring Session Community
We are glad to consider you a part of our community.
The following sections provide additional about how to interact with the Spring Session community.
[[community-support]]
=== Support
You can get help by asking questions on https://stackoverflow.com/questions/tagged/spring-session[Stack Overflow with the `spring-session` tag].
Similarly, we encourage helping others by answering questions on Stack Overflow.
[[community-source]]
=== Source Code
You can find the source code on GitHub at https://github.com/spring-projects/spring-session/
[[community-issues]]
=== Issue Tracking
We track issues in GitHub issues at https://github.com/spring-projects/spring-session/issues
[[community-contributing]]
=== Contributing
We appreciate https://help.github.com/articles/using-pull-requests/[pull requests].
[[community-license]]
=== License
Spring Session is Open Source software released under the https://www.apache.org/licenses/LICENSE-2.0[Apache 2.0 license].
[[community-extensions]]
=== Community Extensions
|===
| Name | Location
| Spring Session Infinispan
| https://infinispan.org/infinispan-spring-boot/master/spring_boot_starter.html#_enabling_spring_session_support
|===
[[minimum-requirements]]
== Minimum Requirements
The minimum requirements for Spring Session are:
* Java 8+.
* If you run in a Servlet Container (not required), Servlet 3.1+.
* If you use other Spring libraries (not required), the minimum required version is Spring 5.0.x.
* `@EnableRedisHttpSession` requires Redis 2.8+. This is necessary to support xref:api.adoc#api-redisindexedsessionrepository-expiration[Session Expiration]
* `@EnableHazelcastHttpSession` requires Hazelcast 3.6+. This is necessary to support xref:api.adoc#api-enablehazelcasthttpsession-storage[`FindByIndexNameSessionRepository`]
NOTE: At its core, Spring Session has a required dependency only on `spring-jcl`.
For an example of using Spring Session without any other Spring dependencies, see the xref:samples.adoc#samples[hazelcast sample] application.

22
spring-session-docs/modules/ROOT/pages/modules.adoc
View File

@@ -1,22 +0,0 @@
[[modules]]
= Spring Session Modules
In Spring Session 1.x, all of the Spring Session's `SessionRepository` implementations were available within the `spring-session` artifact.
While convenient, this approach was not sustainable long-term as more features and `SessionRepository` implementations were added to the project.
With Spring Session 2.0, several modules were split off to be separate modules as well as managed repositories.
Spring Session for MongoDB was retired, but was later reactivated as a separate module.
As of Spring Session 2.6, Spring Session for MongoDB was merged back into Spring Session.
Now the situation with the various repositories and modules is as follows:
* https://github.com/spring-projects/spring-session[`spring-session` repository]
** Hosts the Spring Session Core, Spring Session for MongoDB, Spring Session for Redis, Spring Session JDBC, and Spring Session Hazelcast modules.
* https://github.com/spring-projects/spring-session-data-geode[`spring-session-data-geode` repository]
** Hosts the Spring Session Data Geode modules. Spring Session Data Geode has its own user guide, which you can find at the [https://spring.io/projects/spring-session-data-geode#learn site].
Finally, Spring Session also provides a Maven BOM ("`bill of materials`") module in order to help users with version management concerns:
* https://github.com/spring-projects/spring-session-bom[`spring-session-bom` repository]
** Hosts the Spring Session BOM module

108
spring-session-docs/modules/ROOT/pages/samples.adoc
View File

@@ -1,108 +0,0 @@
[[samples]]
= Samples and Guides (Start Here)
To get started with Spring Session, the best place to start is our Sample Applications.
.Sample Applications that use Spring Boot
|===
| Source | Description | Guide
| {gh-samples-url}spring-session-sample-boot-redis[HttpSession with Redis]
| Demonstrates how to use Spring Session to replace the `HttpSession` with Redis.
| link:guides/boot-redis.html[HttpSession with Redis Guide]
| {gh-samples-url}spring-session-sample-boot-jdbc[HttpSession with JDBC]
| Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store.
| link:guides/boot-jdbc.html[HttpSession with JDBC Guide]
| {gh-samples-url}spring-session-sample-boot-hazelcast[HttpSession with Hazelcast]
| Demonstrates how to use Spring Session to replace the `HttpSession` with Hazelcast.
|
| {gh-samples-url}spring-session-sample-boot-findbyusername[Find by Username]
| Demonstrates how to use Spring Session to find sessions by username.
| link:guides/boot-findbyusername.html[Find by Username Guide]
| {gh-samples-url}spring-session-sample-boot-websocket[WebSockets]
| Demonstrates how to use Spring Session with WebSockets.
| link:guides/boot-websocket.html[WebSockets Guide]
| {gh-samples-url}spring-session-sample-boot-webflux[WebFlux]
| Demonstrates how to use Spring Session to replace the Spring WebFlux's `WebSession` with Redis.
|
| {gh-samples-url}spring-session-sample-boot-webflux-custom-cookie[WebFlux with Custom Cookie]
| Demonstrates how to use Spring Session to customize the Session cookie in a WebFlux based application.
| link:guides/boot-webflux-custom-cookie.html[WebFlux with Custom Cookie Guide]
| {gh-samples-url}spring-session-sample-boot-redis-json[HttpSession with Redis JSON serialization]
| Demonstrates how to use Spring Session to replace the `HttpSession` with Redis using JSON serialization.
|
| {gh-samples-url}spring-session-sample-boot-redis-simple[HttpSession with simple Redis `SessionRepository`]
| Demonstrates how to use Spring Session to replace the `HttpSession` with Redis using `RedisSessionRepository`.
|
| {gh-samples-url}spring-session-sample-boot-mongodb-traditional[Spring Session with MongoDB Repositories (servlet-based)]
| Demonstrates how to back Spring Session with traditional MongoDB repositories.
| link:guides/boot-mongo.html[Spring Session with MongoDB Repositories]
| {gh-samples-url}spring-session-sample-boot-mongodb-reactive[Spring Session with MongoDB Repositories (reactive)]
| Demonstrates how to back Spring Session with reactive MongoDB repositories.
| link:guides/boot-mongo.html[Spring Session with MongoDB Repositories]
|===
.Sample Applications that use Spring Java-based configuration
|===
| Source | Description | Guide
| {gh-samples-url}spring-session-sample-javaconfig-redis[HttpSession with Redis]
| Demonstrates how to use Spring Session to replace the `HttpSession` with Redis.
| link:guides/java-redis.html[HttpSession with Redis Guide]
| {gh-samples-url}spring-session-sample-javaconfig-jdbc[HttpSession with JDBC]
| Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store.
| link:guides/java-jdbc.html[HttpSession with JDBC Guide]
| {gh-samples-url}spring-session-sample-javaconfig-hazelcast[HttpSession with Hazelcast]
| Demonstrates how to use Spring Session to replace the `HttpSession` with Hazelcast.
| link:guides/java-hazelcast.html[HttpSession with Hazelcast Guide]
| {gh-samples-url}spring-session-sample-javaconfig-custom-cookie[Custom Cookie]
| Demonstrates how to use Spring Session and customize the cookie.
| link:guides/java-custom-cookie.html[Custom Cookie Guide]
| {gh-samples-url}spring-session-sample-javaconfig-security[Spring Security]
| Demonstrates how to use Spring Session with an existing Spring Security application.
| link:guides/java-security.html[Spring Security Guide]
| {gh-samples-url}spring-session-sample-javaconfig-rest[REST]
| Demonstrates how to use Spring Session in a REST application to support authenticating with a header.
| link:guides/java-rest.html[REST Guide]
|===
.Sample Applications that use Spring XML-based configuration
|===
| Source | Description | Guide
| {gh-samples-url}spring-session-sample-xml-redis[HttpSession with Redis]
| Demonstrates how to use Spring Session to replace the `HttpSession` with a Redis store.
| link:guides/xml-redis.html[HttpSession with Redis Guide]
| {gh-samples-url}spring-session-sample-xml-jdbc[HttpSession with JDBC]
| Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store.
| link:guides/xml-jdbc.html[HttpSession with JDBC Guide]
|===
.Miscellaneous sample Applications
|===
| Source | Description | Guide
| {gh-samples-url}spring-session-sample-misc-hazelcast[Hazelcast]
| Demonstrates how to use Spring Session with Hazelcast in a Java EE application.
|
|===

77
spring-session-docs/modules/ROOT/pages/spring-security.adoc
View File

@@ -1,77 +0,0 @@
[[spring-security]]
= Spring Security Integration
Spring Session provides integration with Spring Security.
[[spring-security-rememberme]]
== Spring Security Remember-me Support
Spring Session provides integration with https://docs.spring.io/spring-security/site/docs/{spring-security-version}/reference/html5/#servlet-rememberme[Spring Security's Remember-me Authentication].
The support:
* Changes the session expiration length
* Ensures that the session cookie expires at `Integer.MAX_VALUE`.
The cookie expiration is set to the largest possible value, because the cookie is set only when the session is created.
If it were set to the same value as the session expiration, the session would get renewed when the user used it but the cookie expiration would not be updated (causing the expiration to be fixed).
To configure Spring Session with Spring Security in Java Configuration, you can use the following listing as a guide:
====
[source,java,indent=0]
----
include::{docs-test-dir}docs/security/RememberMeSecurityConfiguration.java[tags=http-rememberme]
}
include::{docs-test-dir}docs/security/RememberMeSecurityConfiguration.java[tags=rememberme-bean]
----
====
An XML-based configuration would look something like the following:
====
[source,xml,indent=0]
----
include::{docs-test-resources-dir}docs/security/RememberMeSecurityConfigurationXmlTests-context.xml[tags=config]
----
====
[[spring-security-concurrent-sessions]]
== Spring Security Concurrent Session Control
Spring Session provides integration with Spring Security to support its concurrent session control.
This allows limiting the number of active sessions that a single user can have concurrently, but, unlike the default
Spring Security support, this also works in a clustered environment. This is done by providing a custom
implementation of Spring Security's `SessionRegistry` interface.
When using Spring Security's Java config DSL, you can configure the custom `SessionRegistry` through the
`SessionManagementConfigurer`, as the following listing shows:
====
[source,java,indent=0]
----
include::{docs-test-dir}docs/security/SecurityConfiguration.java[tags=class]
----
====
This assumes that you have also configured Spring Session to provide a `FindByIndexNameSessionRepository` that
returns `Session` instances.
When using XML configuration, it would look something like the following listing:
====
[source,xml,indent=0]
----
include::{docs-test-resources-dir}docs/security/security-config.xml[tags=config]
----
====
This assumes that your Spring Session `SessionRegistry` bean is called `sessionRegistry`, which is the name used by all
`SpringHttpSessionConfiguration` subclasses.
[[spring-security-concurrent-sessions-limitations]]
== Limitations
Spring Session's implementation of Spring Security's `SessionRegistry` interface does not support the `getAllPrincipals`
method, as this information cannot be retrieved by using Spring Session. This method is never called by Spring Security,
so this affects only applications that access the `SessionRegistry` themselves.

46
spring-session-docs/modules/ROOT/pages/upgrading.adoc
View File

@@ -1,46 +0,0 @@
[[upgrading-2.0]]
= Upgrading to 2.x
With the new major release version, the Spring Session team took the opportunity to make some non-passive changes.
The focus of these changes is to improve and harmonize Spring Session's APIs as well as remove the deprecated components.
== Baseline Update
Spring Session 2.0 requires Java 8 and Spring Framework 5.0 as a baseline, since its entire codebase is now based on Java 8 source code.
See https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-5.x[Upgrading to Spring Framework 5.x] for more on upgrading Spring Framework.
== Replaced and Removed Modules
As a part of the project's splitting of the modules, the existing `spring-session` has been replaced with the `spring-session-core` module.
The `spring-session-core` module holds only the common set of APIs and components, while other modules contain the implementation of the appropriate `SessionRepository` and functionality related to that data store.
This applies to several existing modules that were previously a simple dependency aggregator helper module.
With new module arrangement, the following modules actually carry the implementation:
* Spring Session for MongoDB
* Spring Session for Redis
* Spring Session JDBC
* Spring Session Hazelcast
Also, the following were removed from the main project repository:
* Spring Session Data GemFire
** https://github.com/spring-projects/spring-session-data-geode[`spring-session-data-geode`]
== Replaced and Removed Packages, Classes, and Methods
The following changes were made to packages, classes, and methods:
* `ExpiringSession` API has been merged into the `Session` API.
* The `Session` API has been enhanced to make full use of Java 8.
* The `Session` API has been extended with `changeSessionId` support.
* The `SessionRepository` API has been updated to better align with Spring Data method naming conventions.
* `AbstractSessionEvent` and its subclasses are no longer constructable without an underlying `Session` object.
* The Redis namespace used by `RedisOperationsSessionRepository` is now fully configurable, instead of being partially configurable.
* Redis configuration support has been updated to avoid registering a Spring Session-specific `RedisTemplate` bean.
* JDBC configuration support has been updated to avoid registering a Spring Session-specific `JdbcTemplate` bean.
* Previously deprecated classes and methods have been removed across the codebase
== Dropped Support
As a part of the changes to `HttpSessionStrategy` and its alignment to the counterpart from the reactive world, the support for managing multiple users' sessions in a single browser instance has been removed.
The introduction of a new API to replace this functionality is under consideration for future releases.

116
spring-session-docs/modules/ROOT/pages/web-session.adoc
View File

@@ -1,116 +0,0 @@
[[websession]]
= WebSession Integration
Spring Session provides transparent integration with Spring WebFlux's `WebSession`.
This means that you can switch the `WebSession` implementation out with an implementation that is backed by Spring Session.
[[websession-why]]
== Why Spring Session and WebSession?
We have already mentioned that Spring Session provides transparent integration with Spring WebFlux's `WebSession`, but what benefits do we get out of this?
As with `HttpSession`, Spring Session makes it trivial to support <<websession-redis,clustered sessions>> without being tied to an application container specific solution.
[[websession-redis]]
== WebSession with Redis
Using Spring Session with `WebSession` is enabled by registering a `WebSessionManager` implementation backed by Spring Session's `ReactiveSessionRepository`.
The Spring configuration is responsible for creating a `WebSessionManager` that replaces the `WebSession` implementation with an implementation backed by Spring Session.
To do so, add the following Spring Configuration:
====
[source, java]
----
@EnableRedisWebSession // <1>
public class SessionConfiguration {
@Bean
public LettuceConnectionFactory redisConnectionFactory() {
return new LettuceConnectionFactory(); // <2>
}
}
----
<1> The `@EnableRedisWebSession` annotation creates a Spring bean with the name of `webSessionManager`. That bean implements the `WebSessionManager`.
This is what is in charge of replacing the `WebSession` implementation to be backed by Spring Session.
In this instance, Spring Session is backed by Redis.
<2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
We configure the connection to connect to localhost on the default port (6379)
For more information on configuring Spring Data Redis, see the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
====
[[websession-how]]
== How WebSession Integration Works
It is considerably easier for Spring Session to integrate with Spring WebFlux and its `WebSession`, compared to Servlet API and its `HttpSession`.
Spring WebFlux provides the `WebSessionStore` API, which presents a strategy for persisting `WebSession`.
NOTE: This section describes how Spring Session provides transparent integration with `WebSession`. We offer this content so that you can understand what is happening under the covers. This functionality is already integrated and you do NOT need to implement this logic yourself.
First, we create a custom `SpringSessionWebSession` that delegates to Spring Session's `Session`.
It looks something like the following:
====
[source, java]
----
public class SpringSessionWebSession implements WebSession {
enum State {
NEW, STARTED
}
private final S session;
private AtomicReference<State> state = new AtomicReference<>();
SpringSessionWebSession(S session, State state) {
this.session = session;
this.state.set(state);
}
@Override
public void start() {
this.state.compareAndSet(State.NEW, State.STARTED);
}
@Override
public boolean isStarted() {
State value = this.state.get();
return (State.STARTED.equals(value)
|| (State.NEW.equals(value) && !this.session.getAttributes().isEmpty()));
}
@Override
public Mono<Void> changeSessionId() {
return Mono.defer(() -> {
this.session.changeSessionId();
return save();
});
}
// ... other methods delegate to the original Session
}
----
====
Next, we create a custom `WebSessionStore` that delegates to the `ReactiveSessionRepository` and wraps `Session` into custom `WebSession` implementation, as the following listing shows:
====
[source, java]
----
public class SpringSessionWebSessionStore<S extends Session> implements WebSessionStore {
private final ReactiveSessionRepository<S> sessions;
public SpringSessionWebSessionStore(ReactiveSessionRepository<S> reactiveSessionRepository) {
this.sessions = reactiveSessionRepository;
}
// ...
}
----
====
To be detected by Spring WebFlux, this custom `WebSessionStore` needs to be registered with `ApplicationContext` as a bean named `webSessionManager`.
For additional information on Spring WebFlux, see the https://docs.spring.io/spring-framework/docs/{spring-framework-version}/reference/html/web-reactive.html[Spring Framework Reference Documentation].

32
spring-session-docs/modules/ROOT/pages/web-socket.adoc
View File

@@ -1,32 +0,0 @@
[[websocket]]
= WebSocket Integration
Spring Session provides transparent integration with Spring's WebSocket support.
include::guides/boot-websocket.adoc[tags=disclaimer,leveloffset=+1]
[[websocket-why]]
== Why Spring Session and WebSockets?
So why do we need Spring Session when we use WebSockets?
Consider an email application that does much of its work through HTTP requests.
However, there is also a chat application embedded within it that works over WebSocket APIs.
If a user is actively chatting with someone, we should not timeout the `HttpSession`, since this would be a pretty poor user experience.
However, this is exactly what https://java.net/jira/browse/WEBSOCKET_SPEC-175[JSR-356] does.
Another issue is that, according to JSR-356, if the `HttpSession` times out, any WebSocket that was created with that `HttpSession` and an authenticated user should be forcibly closed.
This means that, if we are actively chatting in our application and are not using the HttpSession, we also do disconnect from our conversation.
[[websocket-usage]]
== WebSocket Usage
The xref:samples.adoc#samples[ WebSocket Sample] provides a working sample of how to integrate Spring Session with WebSockets.
You can follow the basic steps for integration described in the next few headings, but we encourage you to follow along with the detailed WebSocket Guide when integrating with your own application.
[[websocket-httpsession]]
=== `HttpSession` Integration
Before using WebSocket integration, you should be sure that you have xref:http-session.adoc#httpsession[`HttpSession` Integration] working first.
include::guides/boot-websocket.adoc[tags=config,leveloffset=+2]

4
spring-session-docs/modules/ROOT/pages/whats-new.adoc
View File

@@ -1,4 +0,0 @@
= What's New
Check also the Spring Session BOM https://github.com/spring-projects/spring-session-bom/wiki#release-notes[release notes]
for a list of new and noteworthy features, as well as upgrade instructions for each release.

53
spring-session-docs/spring-session-docs.gradle
View File

@@ -18,64 +18,13 @@ dependencies {
testCompile 'org.assertj:assertj-core'
testCompile 'com.hazelcast:hazelcast'
testCompile 'io.lettuce:lettuce-core'
testCompile 'javax.servlet:javax.servlet-api'
testCompile 'jakarta.servlet:jakarta.servlet-api'
testCompile 'org.junit.jupiter:junit-jupiter-api'
testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine'
}
sourceSets {
test {
java {
srcDirs = ['modules/ROOT/examples/java']
}
resources {
srcDirs = ['modules/ROOT/examples/resources']
}
}
}
def versions = dependencyManagement.managedVersions
tasks.register("generateAntora") {
group = "Documentation"
description = "Generates the antora.yml for dynamic properties"
doLast {
def dollar = '$'
def ghTag = snapshotBuild ? 'main' : project.version
def ghUrl = "https://github.com/spring-projects/spring-session/tree/$ghTag"
def outputFile = new File("$buildDir/generateAntora/antora.yml")
outputFile.getParentFile().mkdirs()
outputFile.createNewFile()
outputFile.setText("""name: session
title: Spring Session
version: ~
display_version: 2.6
start_page: ROOT:index.adoc
asciidoc:
attributes:
download-url: "https://github.com/spring-projects/spring-session/archive/${ghTag}.zip"
gh-samples-url: "$ghUrl/spring-session-samples/"
samples-dir: "example${dollar}spring-session-samples/"
session-jdbc-main-resources-dir: "example${dollar}session-jdbc-main-resources-dir/"
docs-test-dir: "example${dollar}java/"
websocketdoc-test-dir: 'example${dollar}java/docs/websocket/'
docs-test-resources-dir: "example${dollar}resources/"
indexdoc-tests: "example${dollar}java/docs/IndexDocTests.java"
spring-session-version: ${project.version}
version-milestone: $milestoneBuild
version-release: $releaseBuild
version-snapshot: $snapshotBuild
spring-boot-version: ${project.springBootVersion}
spring-data-redis-version: ${versions['org.springframework.data:spring-data-redis']}
spring-framework-version: ${versions['org.springframework:spring-core']}
spring-security-version: ${versions['org.springframework.security:spring-security-core']}
hazelcast-version: ${versions['com.hazelcast:hazelcast']}
lettuce-version: ${versions['io.lettuce:lettuce-core']}
""")
}
}
asciidoctorPdf {
clearSources()
sources {

1
spring-session-docs/modules/ROOT/pages/guides/boot-findbyusername.adoc → spring-session-docs/src/docs/asciidoc/guides/boot-findbyusername.adoc
View File

@@ -1,5 +1,6 @@
= Spring Session - find by username
Rob Winch
:toc: left
:stylesdir: ../
:highlightjsdir: ../js/highlight
:docinfodir: guides

1
spring-session-docs/modules/ROOT/pages/guides/boot-jdbc.adoc → spring-session-docs/src/docs/asciidoc/guides/boot-jdbc.adoc
View File

@@ -1,5 +1,6 @@
= Spring Session - Spring Boot
Rob Winch, Vedran Pavić
:toc: left
:stylesdir: ../
:highlightjsdir: ../js/highlight
:docinfodir: guides

1
spring-session-docs/modules/ROOT/pages/guides/boot-redis.adoc → spring-session-docs/src/docs/asciidoc/guides/boot-redis.adoc
View File

@@ -1,5 +1,6 @@
= Spring Session - Spring Boot
Rob Winch, Vedran Pavić
:toc: left
:stylesdir: ../
:highlightjsdir: ../js/highlight
:docinfodir: guides

1
spring-session-docs/modules/ROOT/pages/guides/boot-webflux-custom-cookie.adoc → spring-session-docs/src/docs/asciidoc/guides/boot-webflux-custom-cookie.adoc
View File

@@ -1,5 +1,6 @@
= Spring Session - WebFlux with Custom Cookie
Eleftheria Stein-Kousathana
:toc: left
:stylesdir: ../
:highlightjsdir: ../js/highlight
:docinfodir: guides

1
spring-session-docs/modules/ROOT/pages/guides/boot-websocket.adoc → spring-session-docs/src/docs/asciidoc/guides/boot-websocket.adoc
View File

@@ -1,5 +1,6 @@
= Spring Session - WebSocket
Rob Winch
:toc: left
:websocketdoc-test-dir: {docs-test-dir}docs/websocket/
:stylesdir: ../
:highlightjsdir: ../js/highlight

0
spring-session-docs/modules/ROOT/pages/guides/docinfo-footer.html → spring-session-docs/src/docs/asciidoc/guides/docinfo-footer.html
View File

1
spring-session-docs/modules/ROOT/pages/guides/java-custom-cookie.adoc → spring-session-docs/src/docs/asciidoc/guides/java-custom-cookie.adoc
View File

@@ -1,5 +1,6 @@
= Spring Session - Custom Cookie
Rob Winch; Eleftheria Stein-Kousathana
:toc: left
:stylesdir: ../
:highlightjsdir: ../js/highlight
:docinfodir: guides

3
spring-session-docs/modules/ROOT/pages/guides/java-hazelcast.adoc → spring-session-docs/src/docs/asciidoc/guides/java-hazelcast.adoc
View File

@@ -1,5 +1,6 @@
= Spring Session and Spring Security with Hazelcast
Tommy Ludwig; Rob Winch
:toc: left
:stylesdir: ../
:highlightjsdir: ../js/highlight
:docinfodir: guides
@@ -110,7 +111,7 @@ with the same `SerializerConfiguration` of members.
== Servlet Container Initialization
Our xref:guides/java-security.adoc#security-spring-configuration[Spring Configuration] created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
Our <<security-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
In order for our `Filter` to do its magic, Spring needs to load our `SessionConfig` class.

1
spring-session-docs/modules/ROOT/pages/guides/java-jdbc.adoc → spring-session-docs/src/docs/asciidoc/guides/java-jdbc.adoc
View File

@@ -1,5 +1,6 @@
= Spring Session - HttpSession (Quick Start)
Rob Winch, Vedran Pavić
:toc: left
:stylesdir: ../
:highlightjsdir: ../js/highlight
:docinfodir: guides

Some files were not shown because too many files have changed in this diff Show More