Fix bug in Spring Session (core) infrastructure component initialization

[jxblum]

Currently, SSDG overrides the @PostConstruct annotated, SpringHttpSessionConfiguration.init() method in the GemFireHttpSessionConfiguration class (here) by extension.

However, the overridden @PostConstruct annotated init() method in the SSDG GemFireHttpSessionConfiguration class does not appropriately call the super.init() method in the Spring Session core SpringHttpSessionConfiguration base class, leaving (for example) the custom configuration of a Spring Session core CookieSerializer unrealized. Therefore, the configured CookieSerializer always defaults to the DefaultCookieSerializer being registered on the configured HttpSessionIdResolver.

This is a bug!

[jxblum]

Users (customers) can workaround this issue by doing the following in their Spring configuration:

package example.app.config;

import org.springframework.session.web.http.CookieHttpSessionIdResolver;
import org.springframework.session.web.http.CookieSerializer;
import org.springframework.session.web.http.HttpSessionIdResolver;

import example.app.spring.session.web.http.CustomCookieSerializer;

@EnableGemFireHttpSssion
class SpringSessionApplicationConfiguration {

    @Bean
    CookieSerializer customCookieSerializer() {
        return new CustomCookieSerializer();
    }

    @Bean
    HttpSessionIdResolver cookieHttpSessionIdResolver(CookieSerializer cookieSerializer) {

        CookieHttpSessionIdResolver httpSessionIdResolver = new CookieHttpSessionIdResolver();

        httpSessionIdResolver.setCookieSerializer(cookieSerializer);

        return httpSessionIdResolver;
    }
}

NOTE: The package location and location/name of the CustomCookieSerializer are hypothetical. The use of the Spring Session core CookieHttpSessionIdResolver is not!

We can take advantage of the fact that the HttpSessionIdResolver is configured on the Spring Session SessionRepositoryFilter bean method (see here).

By default, Spring Session (core) uses the CookieHttpSessionIdResolver (see here then here).

NOTE: The CookieHttpSessionIdResolver (or some derivation/implementation) would be required to apply a "custom" CookieSerializer at any rate.

This in effect allows users/customers to apply a "custom" CookieSerializer until this bug is resolved.

The following test illustrates that this workaround/approach works!

[jxblum]

Rather than override the SpringHttpSessionConfiguration, @PostConstruct annotated init() method and call super.init() in SSDG's overridden GemFireHttpSessionConfiguration.init() method, I am simply going to rename SSDG's init method to initGemFire, which resolves the issue.

[jxblum]

We will be back porting this fix to SSDG 2.2.x, 2.3.x and 2.4.x.

Note, master is currently set to 2.5.x.

Note, 2.1.x and earlier are no longer supported (EOL).

[jxblum]

After SSDG 2.2.x, 2.3.x and 2.4.x bits are released and available, new releases of SBDG 1.2.x, 1.3.x and 1.4.x will pick up these new SSDG bits, respectively.

[jxblum]

Fixed in all supported branches: SSDG 2.2.x (2.2.7.RELEASE), 2.3.x (2.3.3.RELEASE) and 2.4.x (2.4.1) along with master for the upcoming 2.5.0.M1 release (TBD).