Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

WebSessionSecurityContextRepository changes session id 

Fixes: gh-4842
This commit is contained in:
Rob Winch 2017-11-16 13:08:54 -06:00
parent b19e14330f
commit b7529be3d0
2 changed files with 68 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/src/main/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepository.java
View File

@ -38,7 +38,7 @@ public class WebSessionServerSecurityContextRepository
session.getAttributes().put(SESSION_ATTR, context);
}
})
.then();
.flatMap(session -> session.changeSessionId());
}
public Mono<SecurityContext> load(ServerWebExchange exchange) {

67
web/src/test/java/org/springframework/security/web/server/context/WebSessionServerSecurityContextRepositoryTests.java Normal file
View File

@ -0,0 +1,67 @@
/*
* Copyright 2002-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.server.context;
import org.junit.Test;
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
import org.springframework.mock.web.server.MockServerWebExchange;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.web.server.WebSession;
import static org.assertj.core.api.Assertions.*;
/**
* @author Rob Winch
* @since 5.0
*/
public class WebSessionServerSecurityContextRepositoryTests {
private MockServerWebExchange exchange = MockServerWebExchange.from(
MockServerHttpRequest.get("/"));
private WebSessionServerSecurityContextRepository repository = new WebSessionServerSecurityContextRepository();
@Test
public void saveAndLoadWhenDefaultsThenFound() {
SecurityContext expected = new SecurityContextImpl();
this.repository.save(this.exchange, new SecurityContextImpl()).block();
SecurityContext actual = this.repository.load(this.exchange).block();
assertThat(actual).isEqualTo(expected);
}
@Test
public void saveAndLoadWhenNullThenDeletes() {
SecurityContext context = new SecurityContextImpl();
this.repository.save(this.exchange, new SecurityContextImpl()).block();
this.repository.save(this.exchange, null).block();
SecurityContext actual = this.repository.load(this.exchange).block();
assertThat(actual).isNull();
}
@Test
public void saveWhenNewContextThenChangeSessionId() {
String originalSessionId = this.exchange.getSession().block().getId();
this.repository.save(this.exchange, new SecurityContextImpl()).block();
WebSession session = this.exchange.getSession().block();
assertThat(session.getId()).isNotEqualTo(originalSessionId);
}
}