Spring Websession 在设置 Cookie 时不会对会话 id 进行编码

问题描述 投票:0回答:1

HttpSession
sessionid(base64)
进行编码,但 
WebSession
不进行编码。我们有什么方法可以在 
websession
中对会话 id 进行编码吗?

HttpSession
有以下代码,允许我们在设置cookie时控制编码


DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setUseBase64Encoding(true);
return serializer;


websession
是否允许任何自定义或属性来启用类似于
httpsession
的编码?

spring-webflux spring-cloud-gateway spring-session
1个回答
0
投票

你可以像这样定义一个 

WebSessionIdResolver
bean 

@Component
public class CustomWebSessionIdResolver extends CookieWebSessionIdResolver {

    private boolean useBase64Encoding = true;

    private final ServerProperties serverProperties;

    public CustomWebSessionIdResolver(ServerProperties serverProperties) {
        this.serverProperties = serverProperties;
        String cookieName = serverProperties.getReactive().getSession().getCookie().getName();
        if (StringUtils.hasText(cookieName)) {
            setCookieName(cookieName);
        }
        addCookieInitializer(this::initializeCookie);
    }

    @Override
    public List<String> resolveSessionIds(ServerWebExchange exchange) {
        MultiValueMap<String, HttpCookie> cookieMap = exchange.getRequest().getCookies();
        List<HttpCookie> cookies = cookieMap.get(getCookieName());
        if (cookies == null) {
            return Collections.emptyList();
        }
        return cookies.stream().map(cookie -> (this.useBase64Encoding ? base64Decode(cookie.getValue()) : cookie.getValue())).toList();
    }

    @Override
    public void setSessionId(ServerWebExchange exchange, String id) {
        super.setSessionId(exchange, (this.useBase64Encoding ? base64Encode(id) : id));
    }

    private void initializeCookie(ResponseCookie.ResponseCookieBuilder builder) {
        Cookie cookie = this.serverProperties.getReactive().getSession().getCookie();
        PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
        map.from(cookie::getDomain).to(builder::domain);
        map.from(cookie::getPath).to(builder::path);
        map.from(cookie::getHttpOnly).to(builder::httpOnly);
        map.from(cookie::getSecure).to(builder::secure);
        map.from(cookie::getMaxAge).to(builder::maxAge);
        map.from(getSameSite(cookie)).to(builder::sameSite);
    }

    private String getSameSite(Cookie properties) {
        Cookie.SameSite sameSite = properties.getSameSite();
        return (sameSite != null) ? sameSite.attributeValue() : null;
    }

    private String base64Encode(String value) {
        byte[] encodedCookieBytes = Base64.getEncoder().encode(value.getBytes());
        return new String(encodedCookieBytes);
    }

    private String base64Decode(String base64Value) {
        try {
            byte[] decodedCookieBytes = Base64.getDecoder().decode(base64Value);
            return new String(decodedCookieBytes);
        }
        catch (Exception ex) {
            return null;
        }
    }

}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.