2

Spring Session がセッション ヘッダーを設定せず、JSESSIONID.. また、私のテストJSESSIONIDでブラウザが取得できない理由を特定しようとしています。私はredisを使用しようとしているのではなく、インメモリストアだけを使用しています。

@RestController
@SpringBootApplication
public class Application {

    @RequestMapping( "/" )
    public String greeting() {
        return "hello";
    }



    @Configuration
    @Order( SecurityProperties.ACCESS_OVERRIDE_ORDER )
    protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {

        @Bean
        static SessionRepository<? extends ExpiringSession> repository() {
            return new MapSessionRepository( );
        }

        @Bean
        static HttpSessionStrategy httpSessionStrategy() {
            return new HeaderHttpSessionStrategy();
        }

        @Autowired
        void globalUserDetails( final AuthenticationManagerBuilder auth ) throws Exception {
            auth.inMemoryAuthentication().withUser( "admin" ).password( "admin" ).roles( "USER", "ADMIN" );
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.httpBasic()
                    .and()
                    .authorizeRequests()
                    .anyRequest().authenticated();
        }
    }

    public static void main( final String[] args ) {
        SpringApplication app = new SpringApplication( Application.class );
        app.setShowBanner( false );
        app.run( args );
    }
}

そしてテストクラス

@RunWith( SpringJUnit4ClassRunner.class )
@WebAppConfiguration
@SpringApplicationConfiguration( classes = { MockServletContext.class, Application.class } )
public class ApplicationTest {

    private MockMvc mockMvc = null;
    private MockHttpServletRequestBuilder requestBuilder;
    @Autowired private WebApplicationContext context;
    @Autowired private FilterChainProxy springSecurityFilterChain;

    @Before
    public void setup() {
        mockMvc = MockMvcBuilders.webAppContextSetup( context )
                .addFilter( springSecurityFilterChain )
                .build();

        requestBuilder = get( "/" )
                .header( "Authorization", "Basic " + Base64.getEncoder().encodeToString( "admin:admin".getBytes() ) );
    }

    @Test
    public void getSessionToken() throws Exception {
        this.mockMvc.perform( requestBuilder )
                .andExpect( status().is2xxSuccessful() )
                .andExpect( header().string( "X-Auth-Token", notNullValue() ) );
    }

    @Test
    public void getJessionId() throws Exception {
     // response does not agree with an actual browser request which has a JSESSIONID
        this.mockMvc.perform( requestBuilder )
                .andExpect( status().is2xxSuccessful() )
                .andExpect( cookie().doesNotExist( "JSESSIONID" ) );
    }
}

これらは、ログインしたときにクロムが持つ応答ヘッダーです /

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Set-Cookie: JSESSIONID=6D7E2CB0AAFDD3B5DB53BA77C0725750; Path=/; HttpOnly
Content-Type: text/html;charset=UTF-8
Content-Length: 5
Date: Fri, 29 May 2015 01:16:33 GMT

そして最後にこれが私のものですpom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.xenoterracide</groupId>
    <artifactId>spring-session-test-case</artifactId>
    <version>1.0-SNAPSHOT</version>

    <properties>
        <!-- use UTF-8 for everything -->
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
    </properties>

    <parent>
        <groupId>io.spring.platform</groupId>
        <artifactId>platform-bom</artifactId>
        <version>1.1.2.RELEASE</version>
    </parent>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.session</groupId>
            <artifactId>spring-session</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>
</project>

CookieX-Auth-Tokenの代わりにヘッダーを取得できないのはなぜですか? JESSIONID私のテストで、JSESSIONIDCookie を取得していると表示されないのはなぜですか?

4

2 に答える 2