Rename HttpSessionStrategy to HttpSessionIdResolver

This commit harmonizes `HttpSessionStrategy` with Spring Framework's `WebSessionIdResolver` by renaming it to `WebSessionIdResolver`.

samples/javaconfig/rest/src/integration-test/java/rest/RestMockMvcTests.java

@@ -31,8 +31,8 @@
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.session.Session;
 import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
-import org.springframework.session.web.http.HeaderHttpSessionStrategy;
-import org.springframework.session.web.http.HttpSessionStrategy;
+import org.springframework.session.web.http.HeaderHttpSessionIdResolver;
+import org.springframework.session.web.http.HttpSessionIdResolver;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@@ -104,8 +104,8 @@ public LettuceConnectionFactory redisConnectionFactory() {
 		}
 
 		@Bean
-		public HttpSessionStrategy httpSessionStrategy() {
-			return new HeaderHttpSessionStrategy();
+		public HttpSessionIdResolver httpSessionIdResolver() {
+			return new HeaderHttpSessionIdResolver();
 		}
 
 	}

samples/javaconfig/rest/src/main/java/sample/HttpSessionConfig.java

@@ -21,8 +21,8 @@
 import org.springframework.context.annotation.Import;
 import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
-import org.springframework.session.web.http.HeaderHttpSessionStrategy;
-import org.springframework.session.web.http.HttpSessionStrategy;
+import org.springframework.session.web.http.HeaderHttpSessionIdResolver;
+import org.springframework.session.web.http.HttpSessionIdResolver;
 
 @Import(EmbeddedRedisConfig.class)
 // tag::class[]
@@ -36,8 +36,8 @@ public LettuceConnectionFactory connectionFactory() {
 	}
 
 	@Bean
-	public HttpSessionStrategy httpSessionStrategy() {
-		return new HeaderHttpSessionStrategy(); // <3>
+	public HttpSessionIdResolver httpSessionIdResolver() {
+		return new HeaderHttpSessionIdResolver(); // <3>
 	}
 }
 // end::class[]

spring-session-core/src/main/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfiguration.java

@@ -38,10 +38,10 @@
 import org.springframework.session.events.SessionCreatedEvent;
 import org.springframework.session.events.SessionDestroyedEvent;
 import org.springframework.session.security.web.authentication.SpringSessionRememberMeServices;
-import org.springframework.session.web.http.CookieHttpSessionStrategy;
+import org.springframework.session.web.http.CookieHttpSessionIdResolver;
 import org.springframework.session.web.http.CookieSerializer;
 import org.springframework.session.web.http.DefaultCookieSerializer;
-import org.springframework.session.web.http.HttpSessionStrategy;
+import org.springframework.session.web.http.HttpSessionIdResolver;
 import org.springframework.session.web.http.SessionEventHttpSessionListenerAdapter;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.util.ClassUtils;
@@ -96,23 +96,23 @@ public class SpringHttpSessionConfiguration implements ApplicationContextAware {
 
 	private final Log logger = LogFactory.getLog(getClass());
 
-	private CookieHttpSessionStrategy defaultHttpSessionStrategy = new CookieHttpSessionStrategy();
+	private CookieHttpSessionIdResolver defaultHttpSessionIdResolver = new CookieHttpSessionIdResolver();
 
 	private boolean usesSpringSessionRememberMeServices;
 
 	private ServletContext servletContext;
 
 	private CookieSerializer cookieSerializer;
 
-	private HttpSessionStrategy httpSessionStrategy = this.defaultHttpSessionStrategy;
+	private HttpSessionIdResolver httpSessionIdResolver = this.defaultHttpSessionIdResolver;
 
 	private List<HttpSessionListener> httpSessionListeners = new ArrayList<>();
 
 	@PostConstruct
 	public void init() {
 		CookieSerializer cookieSerializer = this.cookieSerializer != null
 				? this.cookieSerializer : createDefaultCookieSerializer();
-		this.defaultHttpSessionStrategy.setCookieSerializer(cookieSerializer);
+		this.defaultHttpSessionIdResolver.setCookieSerializer(cookieSerializer);
 	}
 
 	@Bean
@@ -126,7 +126,7 @@ public <S extends Session> SessionRepositoryFilter<? extends Session> springSess
 		SessionRepositoryFilter<S> sessionRepositoryFilter = new SessionRepositoryFilter<>(
 				sessionRepository);
 		sessionRepositoryFilter.setServletContext(this.servletContext);
-		sessionRepositoryFilter.setHttpSessionStrategy(this.httpSessionStrategy);
+		sessionRepositoryFilter.setHttpSessionIdResolver(this.httpSessionIdResolver);
 		return sessionRepositoryFilter;
 	}
 
@@ -153,8 +153,8 @@ public void setCookieSerializer(CookieSerializer cookieSerializer) {
 	}
 
 	@Autowired(required = false)
-	public void setHttpSessionStrategy(HttpSessionStrategy httpSessionStrategy) {
-		this.httpSessionStrategy = httpSessionStrategy;
+	public void setHttpSessionIdResolver(HttpSessionIdResolver httpSessionIdResolver) {
+		this.httpSessionIdResolver = httpSessionIdResolver;
 	}
 
 	@Autowired(required = false)

spring-session-core/src/main/java/org/springframework/session/web/http/CookieHttpSessionStrategy.java → spring-session-core/src/main/java/org/springframework/session/web/http/CookieHttpSessionIdResolver.java

@@ -21,13 +21,12 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.springframework.session.Session;
 import org.springframework.session.web.http.CookieSerializer.CookieValue;
 
 /**
- * A {@link HttpSessionStrategy} that uses a cookie to obtain the session from.
+ * A {@link HttpSessionIdResolver} that uses a cookie to obtain the session from.
  * Specifically, this implementation will allow specifying a cookie serialization strategy
- * using {@link CookieHttpSessionStrategy#setCookieSerializer(CookieSerializer)}. The
+ * using {@link CookieHttpSessionIdResolver#setCookieSerializer(CookieSerializer)}. The
  * default is cookie name is "SESSION".
  *
  * When a session is created, the HTTP response will have a cookie with the specified
@@ -62,22 +61,21 @@
  * @author Vedran Pavic
  * @since 1.0
  */
-public final class CookieHttpSessionStrategy implements HttpSessionStrategy {
+public final class CookieHttpSessionIdResolver implements HttpSessionIdResolver {
 
-	private static final String WRITTEN_SESSION_ID_ATTR = CookieHttpSessionStrategy.class
+	private static final String WRITTEN_SESSION_ID_ATTR = CookieHttpSessionIdResolver.class
 			.getName().concat(".WRITTEN_SESSION_ID_ATTR");
 
 	private CookieSerializer cookieSerializer = new DefaultCookieSerializer();
 
 	@Override
-	public List<String> getRequestedSessionIds(HttpServletRequest request) {
+	public List<String> resolveSessionIds(HttpServletRequest request) {
 		return this.cookieSerializer.readCookieValues(request);
 	}
 
 	@Override
-	public void onNewSession(Session session, HttpServletRequest request,
-			HttpServletResponse response) {
-		String sessionId = session.getId();
+	public void setSessionId(HttpServletRequest request, HttpServletResponse response,
+			String sessionId) {
 		if (sessionId.equals(request.getAttribute(WRITTEN_SESSION_ID_ATTR))) {
 			return;
 		}
@@ -87,8 +85,7 @@ public void onNewSession(Session session, HttpServletRequest request,
 	}
 
 	@Override
-	public void onInvalidateSession(HttpServletRequest request,
-			HttpServletResponse response) {
+	public void expireSession(HttpServletRequest request, HttpServletResponse response) {
 		this.cookieSerializer.writeCookieValue(new CookieValue(request, response, ""));
 	}
 

spring-session-core/src/main/java/org/springframework/session/web/http/HeaderHttpSessionStrategy.java → spring-session-core/src/main/java/org/springframework/session/web/http/HeaderHttpSessionIdResolver.java

@@ -22,12 +22,11 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.springframework.session.Session;
-
 /**
- * A {@link HttpSessionStrategy} that uses a header to obtain the session from.
+ * A {@link HttpSessionIdResolver} that uses a header to obtain the session from.
  * Specifically, this implementation will allow specifying a header name using
- * {@link HeaderHttpSessionStrategy#setHeaderName(String)}. The default is "X-Auth-Token".
+ * {@link HeaderHttpSessionIdResolver#setHeaderName(String)}. The default is
+ * "X-Auth-Token".
  *
  * When a session is created, the HTTP response will have a response header of the
  * specified name and the value of the session id. For example:
@@ -58,26 +57,25 @@
  * @author Vedran Pavic
  * @since 1.0
  */
-public class HeaderHttpSessionStrategy implements HttpSessionStrategy {
+public class HeaderHttpSessionIdResolver implements HttpSessionIdResolver {
 
 	private String headerName = "X-Auth-Token";
 
 	@Override
-	public List<String> getRequestedSessionIds(HttpServletRequest request) {
+	public List<String> resolveSessionIds(HttpServletRequest request) {
 		String headerValue = request.getHeader(this.headerName);
 		return headerValue != null ? Collections.singletonList(headerValue)
 				: Collections.emptyList();
 	}
 
 	@Override
-	public void onNewSession(Session session, HttpServletRequest request,
-			HttpServletResponse response) {
-		response.setHeader(this.headerName, session.getId());
+	public void setSessionId(HttpServletRequest request, HttpServletResponse response,
+			String sessionId) {
+		response.setHeader(this.headerName, sessionId);
 	}
 
 	@Override
-	public void onInvalidateSession(HttpServletRequest request,
-			HttpServletResponse response) {
+	public void expireSession(HttpServletRequest request, HttpServletResponse response) {
 		response.setHeader(this.headerName, "");
 	}
 

spring-session-core/src/main/java/org/springframework/session/web/http/HttpSessionIdResolver.java

@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.web.http;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Contract for session id resolution strategies. Allows for session id resolution through
+ * the request and for sending the session id or expiring the session through the
+ * response.
+ *
+ * @author Rob Winch
+ * @author Vedran Pavic
+ * @since 1.0
+ */
+public interface HttpSessionIdResolver {
+
+	/**
+	 * Resolve the session ids associated with the provided {@link HttpServletRequest}.
+	 * For example, the session id might come from a cookie or a request header.
+	 * @param request the current request
+	 * @return the session ids
+	 */
+	List<String> resolveSessionIds(HttpServletRequest request);
+
+	/**
+	 * Send the given session id to the client. This method is invoked when a new session
+	 * is created and should inform a client what the new session id is. For example, it
+	 * might create a new cookie with the session id in it or set an HTTP response header
+	 * with the value of the new session id.
+	 * @param request the current request
+	 * @param response the current response
+	 * @param sessionId the session id
+	 */
+	void setSessionId(HttpServletRequest request, HttpServletResponse response,
+			String sessionId);
+
+	/**
+	 * Instruct the client to end the current session. This method is invoked when a
+	 * session is invalidated and should inform a client that the session id is no longer
+	 * valid. For example, it might remove a cookie with the session id in it or set an
+	 * HTTP response header with an empty value indicating to the client to no longer
+	 * submit that session id.
+	 * @param request the current request
+	 * @param response the current response
+	 */
+	void expireSession(HttpServletRequest request, HttpServletResponse response);
+
+}