Log a warning if custom DefaultCookieSerializer does not have remembe…

…rMeRequestAttribute set Closes gh-2568
spring-projects · Oct 26, 2023 · 3608d8a · 3608d8a
1 parent 1f98539
commit 3608d8a
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 3 deletions.
diff --git a/...rg/springframework/session/config/annotation/web/http/SpringHttpSessionConfiguration.java b/...rg/springframework/session/config/annotation/web/http/SpringHttpSessionConfiguration.java
@@ -108,9 +108,7 @@ public class SpringHttpSessionConfiguration implements InitializingBean, Applica
 
 	@Override
 	public void afterPropertiesSet() {
-		CookieSerializer cookieSerializer = (this.cookieSerializer != null) ? this.cookieSerializer
-				: createDefaultCookieSerializer();
-		this.defaultHttpSessionIdResolver.setCookieSerializer(cookieSerializer);
+		this.defaultHttpSessionIdResolver.setCookieSerializer(getCookieSerializer());
 	}
 
 	@Bean
@@ -154,6 +152,21 @@ public void setHttpSessionListeners(List<HttpSessionListener> listeners) {
 		this.httpSessionListeners = listeners;
 	}
 
+	private CookieSerializer getCookieSerializer() {
+		if (this.cookieSerializer != null) {
+			if (this.cookieSerializer instanceof DefaultCookieSerializer defaultCookieSerializer
+					&& this.usesSpringSessionRememberMeServices
+					&& defaultCookieSerializer.getRememberMeRequestAttribute() == null) {
+				this.logger.warn("Spring Session Remember Me support is enabled "
+						+ "and the DefaultCookieSerializer is provided explicitly. "
+						+ "The DefaultCookieSerializer must be configured with "
+						+ "setRememberMeRequestAttribute(String) in order to support Remember Me.");
+			}
+			return this.cookieSerializer;
+		}
+		return createDefaultCookieSerializer();
+	}
+
 	private CookieSerializer createDefaultCookieSerializer() {
 		DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
 		if (this.servletContext != null) {

diff --git a/...sion-core/src/main/java/org/springframework/session/web/http/DefaultCookieSerializer.java b/...sion-core/src/main/java/org/springframework/session/web/http/DefaultCookieSerializer.java
@@ -434,4 +434,14 @@ private String getCookiePath(HttpServletRequest request) {
 		return this.cookiePath;
 	}
 
+	/**
+	 * Gets the name of the request attribute that is checked to see if the cookie should
+	 * be written with {@link Integer#MAX_VALUE}.
+	 * @return the remember me request attribute
+	 * @since 3.2
+	 */
+	public String getRememberMeRequestAttribute() {
+		return this.rememberMeRequestAttribute;
+	}
+
 }
diff --git a/...ringframework/session/config/annotation/web/http/SpringHttpSessionConfigurationTests.java b/...ringframework/session/config/annotation/web/http/SpringHttpSessionConfigurationTests.java
@@ -19,8 +19,11 @@
 import java.util.concurrent.ConcurrentHashMap;
 
 import jakarta.servlet.ServletContext;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
+import org.mockito.MockedStatic;
 
 import org.springframework.beans.factory.UnsatisfiedDependencyException;
 import org.springframework.context.annotation.AnnotationConfigApplicationContext;
@@ -38,6 +41,10 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.mockStatic;
+import static org.mockito.Mockito.verify;
 
 /**
  * Tests for {@link SpringHttpSessionConfiguration}.
@@ -110,6 +117,19 @@ void rememberMeServicesConfiguration() {
 			.isEqualTo(SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR);
 	}
 
+	@Test
+	void rememberMeServicesAndCustomDefaultCookieSerializerThenWarnIfRememberMeRequestAttributeNotSet() {
+		try (MockedStatic<LogFactory> logFactoryMockedStatic = mockStatic(LogFactory.class)) {
+			Log logMock = mock();
+			logFactoryMockedStatic.when(() -> LogFactory.getLog(any(Class.class))).thenReturn(logMock);
+			registerAndRefresh(RememberMeServicesConfiguration.class, CustomDefaultCookieSerializerConfiguration.class);
+			verify(logMock).warn("Spring Session Remember Me support is enabled "
+					+ "and the DefaultCookieSerializer is provided explicitly. "
+					+ "The DefaultCookieSerializer must be configured with "
+					+ "setRememberMeRequestAttribute(String) in order to support Remember Me.");
+		}
+	}
+
 	@Configuration
 	@EnableSpringHttpSession
 	static class EmptyConfiguration {
@@ -158,4 +178,15 @@ SpringSessionRememberMeServices rememberMeServices() {
 
 	}
 
+	@Configuration
+	@EnableSpringHttpSession
+	static class CustomDefaultCookieSerializerConfiguration {
+
+		@Bean
+		DefaultCookieSerializer defaultCookieSerializer() {
+			return new DefaultCookieSerializer();
+		}
+
+	}
+
 }