Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#3299 fix jdbc session special characters problem #3316

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

#3299 fix jdbc session special characters problem #3316

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3c5da80
Change Skip Condition
marcusdacoregio Jul 26, 2024
f4cd1d0
#3299: adjust test so that it fails when username contains a special …
mindhaq Jan 7, 2025
8e86689
#3299: use postgres function convert_from() instead of encode() to in…
mindhaq Jan 7, 2025
151ecb1
Merge branch 'main' into 3299-fix-jdbc-session-special-characters-pro…
mindhaq Jan 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions spring-session-docs/modules/ROOT/pages/configuration/jdbc.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ public class QueryCustomizer

private static final String UPDATE_SESSION_ATTRIBUTE_QUERY = """
UPDATE %TABLE_NAME%_ATTRIBUTES
SET ATTRIBUTE_BYTES = encode(?, 'escape')::jsonb
SET ATTRIBUTE_BYTES = convert_from(?, 'UTF8')::jsonb
WHERE SESSION_PRIMARY_ID = ?
AND ATTRIBUTE_NAME = ?
""";
Expand Down Expand Up @@ -309,12 +309,12 @@ public class SessionConfig {

private static final String CREATE_SESSION_ATTRIBUTE_QUERY = """
INSERT INTO %TABLE_NAME%_ATTRIBUTES (SESSION_PRIMARY_ID, ATTRIBUTE_NAME, ATTRIBUTE_BYTES)
VALUES (?, ?, encode(?, 'escape')::jsonb) <1>
VALUES (?, ?, convert_from(?, 'UTF8')::jsonb) <1>
""";

private static final String UPDATE_SESSION_ATTRIBUTE_QUERY = """
UPDATE %TABLE_NAME%_ATTRIBUTES
SET ATTRIBUTE_BYTES = encode(?, 'escape')::jsonb
SET ATTRIBUTE_BYTES = convert_from(?, 'UTF8')::jsonb
WHERE SESSION_PRIMARY_ID = ?
AND ATTRIBUTE_NAME = ?
""";
Expand Down
2 changes: 1 addition & 1 deletion ...ng-session-sample-boot-jdbc-json-attribute/src/main/java/sample/config/SessionConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ public class SessionConfig implements BeanClassLoaderAware {

private static final String CREATE_SESSION_ATTRIBUTE_QUERY = """
INSERT INTO %TABLE_NAME%_ATTRIBUTES (SESSION_PRIMARY_ID, ATTRIBUTE_NAME, ATTRIBUTE_BYTES)
VALUES (?, ?, encode(?, 'escape')::jsonb)
VALUES (?, ?, convert_from(?, 'UTF8')::jsonb)
""";

private static final String UPDATE_SESSION_ATTRIBUTE_QUERY = """
Expand Down
1 change: 1 addition & 0 deletions .../spring-session-sample-boot-jdbc-json-attribute/src/main/resources/application.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
spring.security.user.name=r�diger
spring.security.user.password=password
spring.session.jdbc.schema=classpath:schema.sql
spring.session.jdbc.initialize-schema=always
12 changes: 6 additions & 6 deletions ...-session-sample-boot-jdbc-json-attribute/src/test/java/sample/JdbcJsonAttributeTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ void setup() {

@Test
void loginShouldSaveSecurityContextAsJson() throws Exception {
Cookie sessionCookie = this.mvc.perform(formLogin().user("user").password("password"))
Cookie sessionCookie = this.mvc.perform(formLogin().user("rüdiger").password("password"))
.andExpect(authenticated())
.andReturn()
.getResponse()
Expand All @@ -66,20 +66,20 @@ void loginShouldSaveSecurityContextAsJson() throws Exception {
SecurityContext securityContext = this.objectMapperWithModules.readValue((String) attributeBytes,
SecurityContext.class);
assertThat(securityContext).isNotNull();
assertThat(securityContext.getAuthentication().getName()).isEqualTo("user");
assertThat(securityContext.getAuthentication().getName()).isEqualTo("rüdiger");
}

@Test
void loginWhenQueryUsingJsonbOperatorThenReturns() throws Exception {
this.mvc.perform(formLogin().user("user").password("password")).andExpect(authenticated());
Object attributeBytes = this.jdbcClient.sql("""
this.mvc.perform(formLogin().user("rüdiger").password("password")).andExpect(authenticated());
Object attributeBytes = this.jdbcClient.sql("""
SELECT attribute_bytes::text FROM spring_session_attributes
WHERE attribute_bytes -> 'authentication' -> 'principal' ->> 'username' = 'user'
WHERE attribute_bytes -> 'authentication' -> 'principal' ->> 'username' = 'rüdiger'
""").query().singleValue();
SecurityContext securityContext = this.objectMapperWithModules.readValue((String) attributeBytes,
SecurityContext.class);
assertThat(securityContext).isNotNull();
assertThat(securityContext.getAuthentication().getName()).isEqualTo("user");
assertThat(securityContext.getAuthentication().getName()).isEqualTo("rüdiger");
}

}