[我试图弄清楚为什么Spring Session不设置会话标头,而仍然设置JSESSIONID
。另外,我正在尝试确定为什么我的测试没有获得浏览器获得的JSESSIONID
。我不是在尝试使用redis,而只是在内存中使用。
@RestController
@SpringBootApplication
public class Application {
@RequestMapping( "/" )
public String greeting() {
return "hello";
}
@Configuration
@Order( SecurityProperties.ACCESS_OVERRIDE_ORDER )
protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
static SessionRepository<? extends ExpiringSession> repository() {
return new MapSessionRepository( );
}
@Bean
static HttpSessionStrategy httpSessionStrategy() {
return new HeaderHttpSessionStrategy();
}
@Autowired
void globalUserDetails( final AuthenticationManagerBuilder auth ) throws Exception {
auth.inMemoryAuthentication().withUser( "admin" ).password( "admin" ).roles( "USER", "ADMIN" );
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic()
.and()
.authorizeRequests()
.anyRequest().authenticated();
}
}
public static void main( final String[] args ) {
SpringApplication app = new SpringApplication( Application.class );
app.setShowBanner( false );
app.run( args );
}
}
和测试班
@RunWith( SpringJUnit4ClassRunner.class )
@WebAppConfiguration
@SpringApplicationConfiguration( classes = { MockServletContext.class, Application.class } )
public class ApplicationTest {
private MockMvc mockMvc = null;
private MockHttpServletRequestBuilder requestBuilder;
@Autowired private WebApplicationContext context;
@Autowired private FilterChainProxy springSecurityFilterChain;
@Before
public void setup() {
mockMvc = MockMvcBuilders.webAppContextSetup( context )
.addFilter( springSecurityFilterChain )
.build();
requestBuilder = get( "/" )
.header( "Authorization", "Basic " + Base64.getEncoder().encodeToString( "admin:admin".getBytes() ) );
}
@Test
public void getSessionToken() throws Exception {
this.mockMvc.perform( requestBuilder )
.andExpect( status().is2xxSuccessful() )
.andExpect( header().string( "X-Auth-Token", notNullValue() ) );
}
@Test
public void getJessionId() throws Exception {
// response does not agree with an actual browser request which has a JSESSIONID
this.mockMvc.perform( requestBuilder )
.andExpect( status().is2xxSuccessful() )
.andExpect( cookie().doesNotExist( "JSESSIONID" ) );
}
}
这些是我在/
登录时chrome拥有的响应标题>
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY Set-Cookie: JSESSIONID=6D7E2CB0AAFDD3B5DB53BA77C0725750; Path=/; HttpOnly Content-Type: text/html;charset=UTF-8 Content-Length: 5 Date: Fri, 29 May 2015 01:16:33 GMT
最后是我的
pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.xenoterracide</groupId> <artifactId>spring-session-test-case</artifactId> <version>1.0-SNAPSHOT</version> <properties> <!-- use UTF-8 for everything --> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> <java.version>1.8</java.version> </properties> <parent> <groupId>io.spring.platform</groupId> <artifactId>platform-bom</artifactId> <version>1.1.2.RELEASE</version> </parent> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.session</groupId> <artifactId>spring-session</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> </dependencies> </project>
为什么我没有得到
X-Auth-Token
标头而不是JESSIONID
Cookie?为什么我的测试为什么不说我正在获取JSESSIONID
cookie?
我试图弄清楚为什么Spring Session不设置会话标头,而仍在设置JSESSIONID。另外,我试图确定为什么我的测试未获得浏览器的JSESSIONID ...
您需要定义正确的HttpSessionIdResolver实现。默认情况下,spring-session使用CookieHttpSessionIdResolver。