Support configure "domainNamePattern" and "sameSite" for spring session cookie

quaff · quaff · commit 8ea6472c2e0a · 2021-09-02T12:50:57.000+08:00
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java
@@ -71,6 +71,7 @@
  * @author Eddú Meléndez
  * @author Stephane Nicoll
  * @author Vedran Pavic
+ * @author Yanming Zhou
  * @since 1.4.0
  */
 @Configuration(proxyBeanMethods = false)
@@ -97,10 +98,12 @@ DefaultCookieSerializer cookieSerializer(ServerProperties serverProperties,
 			PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
 			map.from(cookie::getName).to(cookieSerializer::setCookieName);
 			map.from(cookie::getDomain).to(cookieSerializer::setDomainName);
+			map.from(cookie::getDomainPattern).to(cookieSerializer::setDomainNamePattern);
 			map.from(cookie::getPath).to(cookieSerializer::setCookiePath);
 			map.from(cookie::getHttpOnly).to(cookieSerializer::setUseHttpOnlyCookie);
 			map.from(cookie::getSecure).to(cookieSerializer::setUseSecureCookie);
 			map.from(cookie::getMaxAge).to((maxAge) -> cookieSerializer.setCookieMaxAge((int) maxAge.getSeconds()));
+			map.from(cookie::getSameSite).to(cookieSerializer::setSameSite);
 			cookieSerializerCustomizers.orderedStream().forEach((customizer) -> customizer.customize(cookieSerializer));
 			return cookieSerializer;
 		}
diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/servlet/server/Session.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/servlet/server/Session.java
@@ -27,6 +27,7 @@
  * Session properties.
  *
  * @author Andy Wilkinson
+ * @author Yanming Zhou
  * @since 2.0.0
  */
 public class Session {
@@ -109,6 +110,8 @@ public static class Cookie {
 
 		private String domain;
 
+		private String domainPattern;
+
 		private String path;
 
 		private String comment;
@@ -120,6 +123,8 @@ public static class Cookie {
 		@DurationUnit(ChronoUnit.SECONDS)
 		private Duration maxAge;
 
+		private String sameSite;
+
 		/**
 		 * Return the session cookie name.
 		 * @return the session cookie name
@@ -140,10 +145,28 @@ public String getDomain() {
 			return this.domain;
 		}
 
+		/**
+		 * Cannot set both domain and domainPattern
+		 */
 		public void setDomain(String domain) {
 			this.domain = domain;
 		}
 
+		/**
+		 * Return the case insensitive pattern to extract the domain name.
+		 * @return the pattern to extract the domain
+		 */
+		public String getDomainPattern() {
+			return this.domainPattern;
+		}
+
+		/**
+		 * Cannot set both domain and domainPattern
+		 */
+		public void setDomainPattern(String domainPattern) {
+			this.domainPattern = domainPattern;
+		}
+
 		/**
 		 * Return the path of the session cookie.
 		 * @return the session cookie path
@@ -205,6 +228,17 @@ public void setMaxAge(Duration maxAge) {
 			this.maxAge = maxAge;
 		}
 
+		/**
+		 * Return the value for the {@code SameSite} cookie directive.
+		 */
+		public String getSameSite() {
+			return sameSite;
+		}
+
+		public void setSameSite(String sameSite) {
+			this.sameSite = sameSite;
+		}
+
 	}
 
 	/**
