Permalink
Browse files

Rename `HttpSessionStrategy` to `HttpSessionIdResolver`

This commit harmonizes `HttpSessionStrategy` with Spring Framework's `WebSessionIdResolver` by renaming it to `WebSessionIdResolver`.
  • Loading branch information...
vpavic authored and rwinch committed Oct 26, 2017
1 parent cd394bb commit 6f05c84aa7c1f7c4efcf2c0d3c20709a79b0785f
@@ -31,8 +31,8 @@
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.session.Session;
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
import org.springframework.session.web.http.HeaderHttpSessionStrategy;
import org.springframework.session.web.http.HttpSessionStrategy;
import org.springframework.session.web.http.HeaderHttpSessionIdResolver;
import org.springframework.session.web.http.HttpSessionIdResolver;
import org.springframework.session.web.http.SessionRepositoryFilter;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@@ -104,8 +104,8 @@ public LettuceConnectionFactory redisConnectionFactory() {
}
@Bean
public HttpSessionStrategy httpSessionStrategy() {
return new HeaderHttpSessionStrategy();
public HttpSessionIdResolver httpSessionIdResolver() {
return new HeaderHttpSessionIdResolver();
}
}
@@ -21,8 +21,8 @@
import org.springframework.context.annotation.Import;
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
import org.springframework.session.web.http.HeaderHttpSessionStrategy;
import org.springframework.session.web.http.HttpSessionStrategy;
import org.springframework.session.web.http.HeaderHttpSessionIdResolver;
import org.springframework.session.web.http.HttpSessionIdResolver;
@Import(EmbeddedRedisConfig.class)
// tag::class[]
@@ -36,8 +36,8 @@ public LettuceConnectionFactory connectionFactory() {
}
@Bean
public HttpSessionStrategy httpSessionStrategy() {
return new HeaderHttpSessionStrategy(); // <3>
public HttpSessionIdResolver httpSessionIdResolver() {
return new HeaderHttpSessionIdResolver(); // <3>
}
}
// end::class[]
@@ -38,10 +38,10 @@
import org.springframework.session.events.SessionCreatedEvent;
import org.springframework.session.events.SessionDestroyedEvent;
import org.springframework.session.security.web.authentication.SpringSessionRememberMeServices;
import org.springframework.session.web.http.CookieHttpSessionStrategy;
import org.springframework.session.web.http.CookieHttpSessionIdResolver;
import org.springframework.session.web.http.CookieSerializer;
import org.springframework.session.web.http.DefaultCookieSerializer;
import org.springframework.session.web.http.HttpSessionStrategy;
import org.springframework.session.web.http.HttpSessionIdResolver;
import org.springframework.session.web.http.SessionEventHttpSessionListenerAdapter;
import org.springframework.session.web.http.SessionRepositoryFilter;
import org.springframework.util.ClassUtils;
@@ -96,23 +96,23 @@
private final Log logger = LogFactory.getLog(getClass());
private CookieHttpSessionStrategy defaultHttpSessionStrategy = new CookieHttpSessionStrategy();
private CookieHttpSessionIdResolver defaultHttpSessionIdResolver = new CookieHttpSessionIdResolver();
private boolean usesSpringSessionRememberMeServices;
private ServletContext servletContext;
private CookieSerializer cookieSerializer;
private HttpSessionStrategy httpSessionStrategy = this.defaultHttpSessionStrategy;
private HttpSessionIdResolver httpSessionIdResolver = this.defaultHttpSessionIdResolver;
private List<HttpSessionListener> httpSessionListeners = new ArrayList<>();
@PostConstruct
public void init() {
CookieSerializer cookieSerializer = this.cookieSerializer != null
? this.cookieSerializer : createDefaultCookieSerializer();
this.defaultHttpSessionStrategy.setCookieSerializer(cookieSerializer);
this.defaultHttpSessionIdResolver.setCookieSerializer(cookieSerializer);
}
@Bean
@@ -126,7 +126,7 @@ public SessionEventHttpSessionListenerAdapter sessionEventHttpSessionListenerAda
SessionRepositoryFilter<S> sessionRepositoryFilter = new SessionRepositoryFilter<>(
sessionRepository);
sessionRepositoryFilter.setServletContext(this.servletContext);
sessionRepositoryFilter.setHttpSessionStrategy(this.httpSessionStrategy);
sessionRepositoryFilter.setHttpSessionIdResolver(this.httpSessionIdResolver);
return sessionRepositoryFilter;
}
@@ -153,8 +153,8 @@ public void setCookieSerializer(CookieSerializer cookieSerializer) {
}
@Autowired(required = false)
public void setHttpSessionStrategy(HttpSessionStrategy httpSessionStrategy) {
this.httpSessionStrategy = httpSessionStrategy;
public void setHttpSessionIdResolver(HttpSessionIdResolver httpSessionIdResolver) {
this.httpSessionIdResolver = httpSessionIdResolver;
}
@Autowired(required = false)
@@ -21,13 +21,12 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.session.Session;
import org.springframework.session.web.http.CookieSerializer.CookieValue;
/**
* A {@link HttpSessionStrategy} that uses a cookie to obtain the session from.
* A {@link HttpSessionIdResolver} that uses a cookie to obtain the session from.
* Specifically, this implementation will allow specifying a cookie serialization strategy
* using {@link CookieHttpSessionStrategy#setCookieSerializer(CookieSerializer)}. The
* using {@link CookieHttpSessionIdResolver#setCookieSerializer(CookieSerializer)}. The
* default is cookie name is "SESSION".
*
* When a session is created, the HTTP response will have a cookie with the specified
@@ -62,22 +61,21 @@
* @author Vedran Pavic
* @since 1.0
*/
public final class CookieHttpSessionStrategy implements HttpSessionStrategy {
public final class CookieHttpSessionIdResolver implements HttpSessionIdResolver {
private static final String WRITTEN_SESSION_ID_ATTR = CookieHttpSessionStrategy.class
private static final String WRITTEN_SESSION_ID_ATTR = CookieHttpSessionIdResolver.class
.getName().concat(".WRITTEN_SESSION_ID_ATTR");
private CookieSerializer cookieSerializer = new DefaultCookieSerializer();
@Override
public List<String> getRequestedSessionIds(HttpServletRequest request) {
public List<String> resolveSessionIds(HttpServletRequest request) {
return this.cookieSerializer.readCookieValues(request);
}
@Override
public void onNewSession(Session session, HttpServletRequest request,
HttpServletResponse response) {
String sessionId = session.getId();
public void setSessionId(HttpServletRequest request, HttpServletResponse response,
String sessionId) {
if (sessionId.equals(request.getAttribute(WRITTEN_SESSION_ID_ATTR))) {
return;
}
@@ -87,8 +85,7 @@ public void onNewSession(Session session, HttpServletRequest request,
}
@Override
public void onInvalidateSession(HttpServletRequest request,
HttpServletResponse response) {
public void expireSession(HttpServletRequest request, HttpServletResponse response) {
this.cookieSerializer.writeCookieValue(new CookieValue(request, response, ""));
}
@@ -22,12 +22,11 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.session.Session;
/**
* A {@link HttpSessionStrategy} that uses a header to obtain the session from.
* A {@link HttpSessionIdResolver} that uses a header to obtain the session from.
* Specifically, this implementation will allow specifying a header name using
* {@link HeaderHttpSessionStrategy#setHeaderName(String)}. The default is "X-Auth-Token".
* {@link HeaderHttpSessionIdResolver#setHeaderName(String)}. The default is
* "X-Auth-Token".
*
* When a session is created, the HTTP response will have a response header of the
* specified name and the value of the session id. For example:
@@ -58,26 +57,25 @@
* @author Vedran Pavic
* @since 1.0
*/
public class HeaderHttpSessionStrategy implements HttpSessionStrategy {
public class HeaderHttpSessionIdResolver implements HttpSessionIdResolver {
private String headerName = "X-Auth-Token";
@Override
public List<String> getRequestedSessionIds(HttpServletRequest request) {
public List<String> resolveSessionIds(HttpServletRequest request) {
String headerValue = request.getHeader(this.headerName);
return headerValue != null ? Collections.singletonList(headerValue)
: Collections.emptyList();
}
@Override
public void onNewSession(Session session, HttpServletRequest request,
HttpServletResponse response) {
response.setHeader(this.headerName, session.getId());
public void setSessionId(HttpServletRequest request, HttpServletResponse response,
String sessionId) {
response.setHeader(this.headerName, sessionId);
}
@Override
public void onInvalidateSession(HttpServletRequest request,
HttpServletResponse response) {
public void expireSession(HttpServletRequest request, HttpServletResponse response) {
response.setHeader(this.headerName, "");
}
@@ -0,0 +1,66 @@
/*
* Copyright 2014-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.session.web.http;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Contract for session id resolution strategies. Allows for session id resolution through
* the request and for sending the session id or expiring the session through the
* response.
*
* @author Rob Winch
* @author Vedran Pavic
* @since 1.0
*/
public interface HttpSessionIdResolver {
/**
* Resolve the session ids associated with the provided {@link HttpServletRequest}.
* For example, the session id might come from a cookie or a request header.
* @param request the current request
* @return the session ids
*/
List<String> resolveSessionIds(HttpServletRequest request);
/**
* Send the given session id to the client. This method is invoked when a new session
* is created and should inform a client what the new session id is. For example, it
* might create a new cookie with the session id in it or set an HTTP response header
* with the value of the new session id.
* @param request the current request
* @param response the current response
* @param sessionId the session id
*/
void setSessionId(HttpServletRequest request, HttpServletResponse response,
String sessionId);
/**
* Instruct the client to end the current session. This method is invoked when a
* session is invalidated and should inform a client that the session id is no longer
* valid. For example, it might remove a cookie with the session id in it or set an
* HTTP response header with an empty value indicating to the client to no longer
* submit that session id.
* @param request the current request
* @param response the current response
*/
void expireSession(HttpServletRequest request, HttpServletResponse response);
}

This file was deleted.

Oops, something went wrong.
Oops, something went wrong.

0 comments on commit 6f05c84

Please sign in to comment.