Merge branch '3.0.x'

This reverts commit b229103d8c.

Closes gh-2259

gradle.properties

@@ -1,3 +1,3 @@
 org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
 org.gradle.parallel=true
-version=3.0.1
+version=3.1.0-SNAPSHOT

gradle/dependency-management.gradle

@@ -2,12 +2,12 @@ dependencyManagement {
 	imports {
 		mavenBom 'io.projectreactor:reactor-bom:2022.0.5'
 		mavenBom 'com.fasterxml.jackson:jackson-bom:2.14.2'
-		mavenBom 'org.junit:junit-bom:5.9.2'
+		mavenBom 'org.junit:junit-bom:5.9.1'
 		mavenBom 'org.mockito:mockito-bom:4.8.1'
-		mavenBom 'org.springframework:spring-framework-bom:6.0.6'
-		mavenBom 'org.springframework.data:spring-data-bom:2022.0.3'
+		mavenBom 'org.springframework:spring-framework-bom:6.0.7'
+		mavenBom 'org.springframework.data:spring-data-bom:2022.0.4'
 		mavenBom 'org.springframework.security:spring-security-bom:6.0.2'
-		mavenBom 'org.testcontainers:testcontainers-bom:1.17.3'
+		mavenBom 'org.testcontainers:testcontainers-bom:1.17.6'
 	}
 
 	dependencies {
@@ -34,7 +34,7 @@ dependencyManagement {
 		dependency 'org.hamcrest:hamcrest:2.2'
 		dependency 'org.hsqldb:hsqldb:2.7.0'
 		dependency 'org.mariadb.jdbc:mariadb-java-client:3.0.7'
-		dependencySet(group: 'org.mongodb', version: '4.8.2') {
+		dependencySet(group: 'org.mongodb', version: '4.8.0-beta0') {
 			entry 'mongodb-driver-core'
 			entry 'mongodb-driver-sync'
 			entry 'mongodb-driver-reactivestreams'

settings.gradle

@@ -6,7 +6,7 @@ pluginManagement {
 }
 
 plugins {
-    id "com.gradle.enterprise" version "3.11.2"
+    id "com.gradle.enterprise" version "3.12.3"
     id "io.spring.ge.conventions" version "0.0.7"
 }
 

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/config/annotation/web/http/AbstractRedisHttpSessionConfiguration.java

@@ -29,7 +29,6 @@ import org.springframework.context.annotation.Import;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.serializer.RedisSerializer;
-import org.springframework.data.redis.serializer.StringRedisSerializer;
 import org.springframework.session.FlushMode;
 import org.springframework.session.MapSession;
 import org.springframework.session.SaveMode;
@@ -46,6 +45,7 @@ import org.springframework.util.Assert;
  *
  * @param <T> the {@link SessionRepository} type
  * @author Vedran Pavic
+ * @author Yanming Zhou
  * @since 3.0.0
  * @see RedisHttpSessionConfiguration
  * @see RedisIndexedHttpSessionConfiguration
@@ -153,8 +153,8 @@ public abstract class AbstractRedisHttpSessionConfiguration<T extends SessionRep
 
 	protected RedisTemplate<String, Object> createRedisTemplate() {
 		RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>();
-		redisTemplate.setKeySerializer(new StringRedisSerializer());
-		redisTemplate.setHashKeySerializer(new StringRedisSerializer());
+		redisTemplate.setKeySerializer(RedisSerializer.string());
+		redisTemplate.setHashKeySerializer(RedisSerializer.string());
 		if (getDefaultRedisSerializer() != null) {
 			redisTemplate.setDefaultSerializer(getDefaultRedisSerializer());
 		}

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/config/annotation/web/server/RedisWebSessionConfiguration.java

@@ -37,7 +37,6 @@ import org.springframework.data.redis.core.ReactiveRedisTemplate;
 import org.springframework.data.redis.serializer.JdkSerializationRedisSerializer;
 import org.springframework.data.redis.serializer.RedisSerializationContext;
 import org.springframework.data.redis.serializer.RedisSerializer;
-import org.springframework.data.redis.serializer.StringRedisSerializer;
 import org.springframework.session.MapSession;
 import org.springframework.session.SaveMode;
 import org.springframework.session.config.ReactiveSessionRepositoryCustomizer;
@@ -54,6 +53,7 @@ import org.springframework.web.server.session.WebSessionManager;
  * Bean.
  *
  * @author Vedran Pavic
+ * @author Yanming Zhou
  * @since 2.0.0
  * @see EnableRedisWebSession
  */
@@ -159,7 +159,7 @@ public class RedisWebSessionConfiguration implements BeanClassLoaderAware, Embed
 	}
 
 	private ReactiveRedisTemplate<String, Object> createReactiveRedisTemplate() {
-		RedisSerializer<String> keySerializer = new StringRedisSerializer();
+		RedisSerializer<String> keySerializer = RedisSerializer.string();
 		RedisSerializer<Object> defaultSerializer = (this.defaultRedisSerializer != null) ? this.defaultRedisSerializer
 				: new JdkSerializationRedisSerializer(this.classLoader);
 		RedisSerializationContext<String, Object> serializationContext = RedisSerializationContext

spring-session-jdbc/src/main/java/org/springframework/session/jdbc/util/JdbcSchemaUtils.java

@@ -0,0 +1,53 @@
+/*
+ * Copyright 2014-2023 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc.util;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+
+import org.springframework.core.io.ByteArrayResource;
+import org.springframework.core.io.Resource;
+import org.springframework.session.jdbc.JdbcIndexedSessionRepository;
+
+/**
+ * Utility class for schema files.
+ *
+ * @author Marcus da Coregio
+ * @since 3.1
+ */
+public final class JdbcSchemaUtils {
+
+	private JdbcSchemaUtils() {
+	}
+
+	/**
+	 * Loads the content of the provided schema resource and replaces the
+	 * {@link JdbcIndexedSessionRepository#DEFAULT_TABLE_NAME} by the provided table name.
+	 * @param schemaResource the schema resource
+	 * @param tableName the table name to replace
+	 * @return the schema resource with the table name replaced
+	 */
+	public static Resource replaceDefaultTableName(Resource schemaResource, String tableName) throws IOException {
+		try (InputStream inputStream = schemaResource.getInputStream()) {
+			String schemaScript = new String(inputStream.readAllBytes(), StandardCharsets.UTF_8);
+			String newSchema = schemaScript.replace(JdbcIndexedSessionRepository.DEFAULT_TABLE_NAME, tableName);
+			return new ByteArrayResource(newSchema.getBytes(StandardCharsets.UTF_8));
+		}
+	}
+
+}

spring-session-jdbc/src/test/java/org/springframework/session/jdbc/util/JdbcSchemaUtilsTests.java

@@ -0,0 +1,71 @@
+/*
+ * Copyright 2014-2023 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc.util;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.stream.Stream;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Tests for {@link JdbcSchemaUtils}.
+ *
+ * @author Marcus da Coregio
+ */
+class JdbcSchemaUtilsTests {
+
+	@ParameterizedTest
+	@MethodSource("getCreateSchemaFiles")
+	void replaceCreateSchemaTableName(Resource schema) throws IOException {
+		Resource newTableNameSchema = JdbcSchemaUtils.replaceDefaultTableName(schema, "NEW_TABLE_NAME");
+		String schemaScript = new String(newTableNameSchema.getInputStream().readAllBytes());
+		assertThat(schemaScript).doesNotContain("SPRING_SESSION", "SPRING_SESSION_ATTRIBUTES", "SPRING_SESSION_IX1",
+				"SPRING_SESSION_IX2", "SPRING_SESSION_IX3");
+		assertThat(schemaScript).contains("NEW_TABLE_NAME", "NEW_TABLE_NAME_ATTRIBUTES", "NEW_TABLE_NAME_IX1",
+				"NEW_TABLE_NAME_IX2", "NEW_TABLE_NAME_IX3");
+	}
+
+	@ParameterizedTest
+	@MethodSource("getDropSchemaFiles")
+	void replaceDropSchemaTableName(Resource schema) throws IOException {
+		Resource newTableNameSchema = JdbcSchemaUtils.replaceDefaultTableName(schema, "NEW_TABLE_NAME");
+		String schemaScript = new String(newTableNameSchema.getInputStream().readAllBytes());
+		assertThat(schemaScript).doesNotContain("SPRING_SESSION", "SPRING_SESSION_ATTRIBUTES");
+		assertThat(schemaScript).contains("NEW_TABLE_NAME", "NEW_TABLE_NAME_ATTRIBUTES");
+	}
+
+	private static Stream<Resource> getCreateSchemaFiles() throws IOException {
+		return getSchemaFiles().filter((resource) -> !resource.getFilename().contains("drop"));
+	}
+
+	private static Stream<Resource> getDropSchemaFiles() throws IOException {
+		return getSchemaFiles().filter((resource) -> resource.getFilename().contains("drop"));
+	}
+
+	private static Stream<Resource> getSchemaFiles() throws IOException {
+		return Arrays.stream(new PathMatchingResourcePatternResolver()
+				.getResources("classpath*:org/springframework/session/jdbc/schema-*.sql"));
+	}
+
+}

spring-session-samples/spring-session-sample-javaconfig-rest/spring-session-sample-javaconfig-rest.gradle

@@ -0,0 +1,31 @@
+plugins {
+    id "org.gretty" version "4.0.0"
+    id "io.spring.convention.spring-sample-war"
+}
+
+dependencies {
+	implementation project(':spring-session-data-redis')
+	implementation "io.lettuce:lettuce-core"
+	implementation "org.springframework:spring-webmvc"
+	implementation "org.springframework.security:spring-security-config"
+	implementation "org.springframework.security:spring-security-web"
+	implementation "com.fasterxml.jackson.core:jackson-databind"
+	implementation "org.slf4j:slf4j-api"
+	implementation "org.slf4j:jcl-over-slf4j"
+	implementation "org.slf4j:log4j-over-slf4j"
+	implementation "ch.qos.logback:logback-classic"
+	implementation "org.testcontainers:testcontainers"
+
+	providedCompile "jakarta.servlet:jakarta.servlet-api:6.0.0"
+
+	testImplementation "org.springframework.security:spring-security-test"
+	testImplementation "org.assertj:assertj-core"
+	testImplementation "org.springframework:spring-test"
+	testImplementation "org.junit.jupiter:junit-jupiter-api"
+	testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine"
+}
+
+gretty {
+	jvmArgs = ['-Dspring.profiles.active=embedded-redis']
+	servletContainer = 'tomcat10'
+}

spring-session-samples/spring-session-sample-javaconfig-rest/src/integration-test/java/rest/RestMockMvcTests.java

@@ -0,0 +1,112 @@
+/*
+ * Copyright 2014-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package rest;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.testcontainers.containers.GenericContainer;
+import sample.SecurityConfig;
+import sample.mvc.MvcConfig;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.session.Session;
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
+import org.springframework.session.web.http.HeaderHttpSessionIdResolver;
+import org.springframework.session.web.http.HttpSessionIdResolver;
+import org.springframework.session.web.http.SessionRepositoryFilter;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+@ExtendWith(SpringExtension.class)
+@ContextConfiguration(classes = { RestMockMvcTests.Config.class, SecurityConfig.class, MvcConfig.class })
+@WebAppConfiguration
+class RestMockMvcTests {
+
+	private static final String DOCKER_IMAGE = "redis:7.0.4-alpine";
+
+	@Autowired
+	private SessionRepositoryFilter<? extends Session> sessionRepositoryFilter;
+
+	@Autowired
+	private WebApplicationContext context;
+
+	private MockMvc mvc;
+
+	@BeforeEach
+	void setup() {
+		this.mvc = MockMvcBuilders.webAppContextSetup(this.context).alwaysDo(print())
+				.addFilters(this.sessionRepositoryFilter).apply(springSecurity()).build();
+	}
+
+	@Test
+	void noSessionOnNoCredentials() throws Exception {
+		this.mvc.perform(get("/")).andExpect(header().doesNotExist("X-Auth-Token"))
+				.andExpect(status().isUnauthorized());
+	}
+
+	@WithMockUser
+	@Test
+	void autheticatedAnnotation() throws Exception {
+		this.mvc.perform(get("/")).andExpect(content().string("{\"username\":\"user\"}"));
+	}
+
+	@Test
+	void autheticatedRequestPostProcessor() throws Exception {
+		this.mvc.perform(get("/").with(user("user"))).andExpect(content().string("{\"username\":\"user\"}"));
+	}
+
+	@Configuration
+	@EnableRedisHttpSession
+	static class Config {
+
+		@Bean
+		GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE).withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getHost(), redisContainer().getFirstMappedPort());
+		}
+
+		@Bean
+		HttpSessionIdResolver httpSessionIdResolver() {
+			return HeaderHttpSessionIdResolver.xAuthToken();
+		}
+
+	}
+
+}

spring-session-samples/spring-session-sample-javaconfig-rest/src/integration-test/java/sample/RestTests.java

@@ -0,0 +1,125 @@
+/*
+ * Copyright 2014-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import java.util.Base64;
+import java.util.Collections;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.RestTemplate;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+
+/**
+ * @author Pool Dolorier
+ */
+class RestTests {
+
+	private static final String AUTHORIZATION = "Authorization";
+
+	private static final String BASIC = "Basic ";
+
+	private static final String X_AUTH_TOKEN = "X-Auth-Token";
+
+	private RestTemplate restTemplate;
+
+	private String baseUrl;
+
+	@BeforeEach
+	void setUp() {
+		this.baseUrl = "http://localhost:" + System.getProperty("app.port");
+		this.restTemplate = new RestTemplate();
+	}
+
+	@Test
+	void unauthenticatedUserSentToLogInPage() {
+		HttpHeaders headers = new HttpHeaders();
+		headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
+		assertThatExceptionOfType(HttpClientErrorException.class)
+				.isThrownBy(() -> getForUser(this.baseUrl + "/", headers, String.class))
+				.satisfies((e) -> assertThat(e.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED));
+	}
+
+	@Test
+	void authenticateWithBasicWorks() {
+		String auth = getAuth("user", "password");
+		HttpHeaders headers = getHttpHeaders();
+		headers.set(AUTHORIZATION, BASIC + auth);
+		ResponseEntity<User> entity = getForUser(this.baseUrl + "/", headers, User.class);
+		assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
+		assertThat(entity.getHeaders().containsKey(X_AUTH_TOKEN)).isTrue();
+		assertThat(entity.getBody().getUsername()).isEqualTo("user");
+	}
+
+	@Test
+	void authenticateWithXAuthTokenWorks() {
+		String auth = getAuth("user", "password");
+		HttpHeaders headers = getHttpHeaders();
+		headers.set(AUTHORIZATION, BASIC + auth);
+		ResponseEntity<User> entity = getForUser(this.baseUrl + "/", headers, User.class);
+
+		String token = entity.getHeaders().getFirst(X_AUTH_TOKEN);
+
+		HttpHeaders authTokenHeader = new HttpHeaders();
+		authTokenHeader.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
+		authTokenHeader.set(X_AUTH_TOKEN, token);
+		ResponseEntity<User> authTokenResponse = getForUser(this.baseUrl + "/", authTokenHeader, User.class);
+		assertThat(authTokenResponse.getStatusCode()).isEqualTo(HttpStatus.OK);
+		assertThat(authTokenResponse.getBody().getUsername()).isEqualTo("user");
+	}
+
+	@Test
+	void logout() {
+		String auth = getAuth("user", "password");
+		HttpHeaders headers = getHttpHeaders();
+		headers.set(AUTHORIZATION, BASIC + auth);
+		ResponseEntity<User> entity = getForUser(this.baseUrl + "/", headers, User.class);
+
+		String token = entity.getHeaders().getFirst(X_AUTH_TOKEN);
+
+		HttpHeaders logoutHeader = getHttpHeaders();
+		logoutHeader.set(X_AUTH_TOKEN, token);
+		ResponseEntity<User> logoutResponse = getForUser(this.baseUrl + "/logout", logoutHeader, User.class);
+		assertThat(logoutResponse.getStatusCode()).isEqualTo(HttpStatus.NO_CONTENT);
+	}
+
+	private <T> ResponseEntity<T> getForUser(String resourceUrl, HttpHeaders headers, Class<T> type) {
+		return this.restTemplate.exchange(resourceUrl, HttpMethod.GET, new HttpEntity<T>(headers), type);
+	}
+
+	private HttpHeaders getHttpHeaders() {
+		HttpHeaders headers = new HttpHeaders();
+		headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
+		return headers;
+	}
+
+	private String getAuth(String user, String password) {
+		String auth = user + ":" + password;
+		return Base64.getEncoder().encodeToString(auth.getBytes());
+	}
+
+}

spring-session-samples/spring-session-sample-javaconfig-rest/src/integration-test/java/sample/User.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright 2014-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+/**
+ * @author Pool Dolorier
+ */
+public class User {
+
+	private String username;
+
+	public String getUsername() {
+		return this.username;
+	}
+
+	public void setUsername(String username) {
+		this.username = username;
+	}
+
+}

spring-session-samples/spring-session-sample-javaconfig-rest/src/main/java/sample/EmbeddedRedisConfig.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright 2014-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import org.testcontainers.containers.GenericContainer;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
+import org.springframework.context.annotation.Profile;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+
+@Configuration
+@Profile("embedded-redis")
+public class EmbeddedRedisConfig {
+
+	private static final String DOCKER_IMAGE = "redis:7.0.4-alpine";
+
+	@Bean
+	public GenericContainer redisContainer() {
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE).withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
+	}
+
+	@Bean
+	@Primary
+	public LettuceConnectionFactory redisConnectionFactory() {
+		return new LettuceConnectionFactory(redisContainer().getHost(), redisContainer().getFirstMappedPort());
+	}
+
+}

spring-session-samples/spring-session-sample-javaconfig-rest/src/main/java/sample/HttpSessionConfig.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright 2014-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
+import org.springframework.session.web.http.HeaderHttpSessionIdResolver;
+import org.springframework.session.web.http.HttpSessionIdResolver;
+
+@Import(EmbeddedRedisConfig.class)
+// tag::class[]
+@Configuration
+@EnableRedisHttpSession // <1>
+public class HttpSessionConfig {
+
+	@Bean
+	public LettuceConnectionFactory connectionFactory() {
+		return new LettuceConnectionFactory(); // <2>
+	}
+
+	@Bean
+	public HttpSessionIdResolver httpSessionIdResolver() {
+		return HeaderHttpSessionIdResolver.xAuthToken(); // <3>
+	}
+
+}
+// end::class[]

spring-session-samples/spring-session-sample-javaconfig-rest/src/main/java/sample/Initializer.java

@@ -0,0 +1,25 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import org.springframework.session.web.context.AbstractHttpSessionApplicationInitializer;
+
+// tag::class[]
+public class Initializer extends AbstractHttpSessionApplicationInitializer {
+
+}
+// end::class[]

spring-session-samples/spring-session-sample-javaconfig-rest/src/main/java/sample/SecurityConfig.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright 2014-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.savedrequest.NullRequestCache;
+
+@Configuration(proxyBeanMethods = false)
+@EnableWebSecurity
+public class SecurityConfig {
+
+	// @formatter:off
+	@Bean
+	SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+		return http
+			.authorizeHttpRequests((authorize) -> authorize
+				.anyRequest().authenticated()
+			)
+			.requestCache((requestCache) -> requestCache
+				.requestCache(new NullRequestCache())
+			)
+			.httpBasic(Customizer.withDefaults())
+			.sessionManagement((sessionManagement) -> sessionManagement
+				.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED))
+			.build();
+	}
+	// @formatter:on
+
+	@Autowired
+	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		auth.inMemoryAuthentication()
+				.withUser(User.withUsername("user").password("{noop}password").roles("USER").build());
+	}
+
+}

spring-session-samples/spring-session-sample-javaconfig-rest/src/main/java/sample/SecurityInitializer.java

@@ -0,0 +1,26 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
+
+/**
+ * @author Rob Winch
+ */
+public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
+
+}

spring-session-samples/spring-session-sample-javaconfig-rest/src/main/java/sample/mvc/MvcConfig.java

@@ -0,0 +1,31 @@
+/*
+ * Copyright 2014-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.mvc;
+
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+
+/**
+ * @author Rob Winch
+ */
+@Configuration
+@EnableWebMvc
+@ComponentScan
+public class MvcConfig {
+
+}

spring-session-samples/spring-session-sample-javaconfig-rest/src/main/java/sample/mvc/MvcInitializer.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright 2014-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.mvc;
+
+import sample.HttpSessionConfig;
+import sample.SecurityConfig;
+
+import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
+
+/**
+ * @author Rob Winch
+ */
+public class MvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
+
+	// tag::config[]
+	@Override
+	protected Class<?>[] getRootConfigClasses() {
+		return new Class[] { SecurityConfig.class, HttpSessionConfig.class };
+	}
+	// end::config[]
+
+	@Override
+	protected Class<?>[] getServletConfigClasses() {
+		return new Class[] { MvcConfig.class };
+	}
+
+	@Override
+	protected String[] getServletMappings() {
+		return new String[] { "/" };
+	}
+
+}

spring-session-samples/spring-session-sample-javaconfig-rest/src/main/java/sample/mvc/RestDemoController.java

@@ -0,0 +1,49 @@
+/*
+ * Copyright 2014-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.mvc;
+
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+
+import jakarta.servlet.http.HttpSession;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * @author Rob Winch
+ */
+@RestController
+public class RestDemoController {
+
+	@RequestMapping(value = "/", produces = "application/json")
+	public Map<String, String> helloUser(Principal principal) {
+		HashMap<String, String> result = new HashMap<>();
+		result.put("username", principal.getName());
+		return result;
+	}
+
+	@RequestMapping("/logout")
+	@ResponseStatus(HttpStatus.NO_CONTENT)
+	public void logout(HttpSession session) {
+		session.invalidate();
+	}
+
+}

spring-session-samples/spring-session-sample-javaconfig-rest/src/main/resources/logback.xml

@@ -0,0 +1,14 @@
+<configuration>
+	<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+	<encoder>
+		<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+	</encoder>
+	</appender>
+
+	<!-- <logger name="org.springframework.security" level="DEBUG"/> -->
+
+	<root level="INFO">
+	<appender-ref ref="STDOUT" />
+	</root>
+
+</configuration>

spring-session-samples/spring-session-sample-javaconfig-rest/src/main/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120