From c15f473785eb5f6779cec67295f6000e9531831b Mon Sep 17 00:00:00 2001 From: Michael Vitz Date: Fri, 9 May 2025 19:35:17 +0200 Subject: [PATCH 01/17] chore: Prepare for next development iteration --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 9c63fa5..f6d2242 100644 --- a/pom.xml +++ b/pom.xml @@ -21,7 +21,7 @@ com.innoq spring-cookie - 1.1.0 + 1.1.1-SNAPSHOT Spring Cookie Some components for Spring MVC that use cookies instead of a HTTP session @@ -76,7 +76,7 @@ 17 true true - 2025-05-09T17:34:57Z + 2025-05-09T17:35:17Z UTF-8 From 41128080cae1623630c338800e079f7df1b6885b Mon Sep 17 00:00:00 2001 From: Michael Vitz Date: Fri, 9 May 2025 20:04:50 +0200 Subject: [PATCH 02/17] chore: Update README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2074e06..6b60c9b 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ Download the jar through Maven: com.innoq spring-cookie - 1.0.0 + 1.1.0 ``` From 1997035baf6a5ab5223859d683cd39a39155a903 Mon Sep 17 00:00:00 2001 From: Michael Vitz Date: Fri, 9 May 2025 20:06:02 +0200 Subject: [PATCH 03/17] chore: Fix link to dependabot in CHANGELOG --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 18df409..52b560b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -65,5 +65,5 @@ We'd like to thank all the contributors who worked on this release! [0.1.0]: https://github.com/innoq/spring-cookie/compare/6783509e8824b8b10e97cd80ee922c213c195340...v0.1.0 [cj-innoq]: https://github.com/cj-innoq -[dependabot]: https://github.com/dependabot +[dependabot]: https://github.com/apps/dependabot [mvitz]: https://github.com/mvitz From 5817f7c4c0e4c78cb3febc7ceee9e93e42d5751a Mon Sep 17 00:00:00 2001 From: RedXi <21951094+RedXi@users.noreply.github.com> Date: Sun, 11 May 2025 15:47:31 +0200 Subject: [PATCH 04/17] build: Compatibility with Java 21 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f6d2242..55ce534 100644 --- a/pom.xml +++ b/pom.xml @@ -181,7 +181,7 @@ POM_SECTION_ORDER,DEPENDENCY_MANAGEMENT_ORDER,DEPENDENCY_ORDER,DEPENDENCY_CONFIGURATION,DEPENDENCY_ELEMENT,PLUGIN_MANAGEMENT_ORDER,PLUGIN_CONFIGURATION,PLUGIN_ELEMENT - [17,18) + [17,22) [3.9,3.10) From cd3686a3049117252031de4a17092ad1c43df710 Mon Sep 17 00:00:00 2001 From: RedXi <21951094+RedXi@users.noreply.github.com> Date: Sun, 11 May 2025 18:48:11 +0200 Subject: [PATCH 05/17] feat(cookie): support SHA-512 signing, mark SHA-1 as deprecated --- .../cookie/security/CookieValueSigner.java | 16 +++++++ .../flash/CookieFlashMapManagerTest.java | 48 ++++++++++++++----- 2 files changed, 53 insertions(+), 11 deletions(-) diff --git a/src/main/java/com/innoq/spring/cookie/security/CookieValueSigner.java b/src/main/java/com/innoq/spring/cookie/security/CookieValueSigner.java index 7359357..357e150 100644 --- a/src/main/java/com/innoq/spring/cookie/security/CookieValueSigner.java +++ b/src/main/java/com/innoq/spring/cookie/security/CookieValueSigner.java @@ -21,7 +21,23 @@ public interface CookieValueSigner { String sign(String payload); + /** + * @deprecated SHA-1 is no longer considered secure. + * Use SHA-256 or higher instead. + * See: https://csrc.nist.gov/news/2022/deprecation-of-sha-1 + */ + @Deprecated static CookieValueSigner hmacSha1(String secret) { return new HmacCookieValueSigner("HmacSHA1", secret.getBytes(UTF_8)); } + + /** + * @param secret Secret key for signing, as a byte array. + * The key should be uniformly distributed and generated using a cryptographically secure random number generator. + * When using SHA-512, the recommended minimum length is 32 bytes; + * the ideal length is 64 bytes (i.e., full hash output size). + */ + static CookieValueSigner hmacSha512(byte[] secret) { + return new HmacCookieValueSigner("HmacSHA512", secret); + } } diff --git a/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java b/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java index 03ca32b..324f79c 100644 --- a/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java +++ b/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java @@ -32,9 +32,19 @@ import static org.assertj.core.api.Assertions.entry; class CookieFlashMapManagerTest { + byte[] secretKeyForTests = { + 1, 2, 3, 4, 5, 6, 7, 8, + 9, 10, 11, 12, 13, 14, 15, 16, + 17, 18, 19, 20, 21, 22, 23, 24, + 25, 26, 27, 28, 29, 30, 31, 32, + 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, + 49, 50, 51, 52, 53, 54, 55, 56, + 57, 58, 59, 60, 61, 62, 63, 64 + }; CookieFlashMapManager sut = new CookieFlashMapManager( - JacksonFlashMapListCodec.create(), CookieValueSigner.hmacSha1("abc")); + JacksonFlashMapListCodec.create(), CookieValueSigner.hmacSha512(secretKeyForTests)); @Test void retrieveFlashMaps_withNoCookiePresent_returnsNull() { @@ -47,22 +57,38 @@ void retrieveFlashMaps_withNoCookiePresent_returnsNull() { @Test void retrieveFlashMaps_withValidCookie_returnsFlashMaps() { - String cookieValue = "W3siYXR0cmlidXRlcyI6eyJmb28iOm51bGwsImJhciI6NDcxMSwiYmF6IjoibG9yZW0gaXBzdW0ifSwiZXhwaXJhdGlvblRpbWUiOjQ3MTEsInRhcmdldFJlcXVlc3RQYXJhbXMiOnsiZm9vIjpbXSwiYmFyIjpbImZvbyJdLCJiYXoiOlsibG9yZW0iLCJpcHN1bSJdfSwidGFyZ2V0UmVxdWVzdFBhdGgiOiIvZm9vIn1dCg==--aa17ee8faf0bbe77a0949de6d5c593bd1e39718c"; + FlashMap flashMapIn = new FlashMap(); + flashMapIn.setTargetRequestPath("/foo"); + flashMapIn.startExpirationPeriod(4711); + flashMapIn.put("foo", null); + flashMapIn.put("bar", 4711); + flashMapIn.put("baz", "lorem ipsum"); + flashMapIn.addTargetRequestParam("bar", "foo"); + flashMapIn.addTargetRequestParam("baz", "lorem"); + flashMapIn.addTargetRequestParam("baz", "ipsum"); + + MockHttpServletRequest firstRequest = new MockHttpServletRequest("GET", "/"); + MockHttpServletResponse response = new MockHttpServletResponse(); + sut.updateFlashMaps(asList(flashMapIn), firstRequest, response); - MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); - request.setCookies(new Cookie("flash", cookieValue)); + assertThat(response.getCookies()).hasSize(1); - List flashMaps = sut.retrieveFlashMaps(request); + String cookieValue = response.getCookies()[0].getValue(); + + MockHttpServletRequest secondRequest = new MockHttpServletRequest("GET", "/"); + secondRequest.setCookies(new Cookie("flash", cookieValue)); + + List flashMaps = sut.retrieveFlashMaps(secondRequest); assertThat(flashMaps).hasSize(1); - FlashMap flashMap = flashMaps.get(0); - assertThat((Map) flashMap).containsOnly( + FlashMap flashMapOut = flashMaps.get(0); + assertThat((Map) flashMapOut).containsOnly( entry("foo", null), entry("bar", 4711), entry("baz", "lorem ipsum")); - assertThat(flashMap.getExpirationTime()).isEqualTo(4711); - assertThat(flashMap.getTargetRequestParams()).containsOnly( + assertThat(flashMapOut.getExpirationTime()).isEqualTo(flashMapIn.getExpirationTime()); + assertThat(flashMapOut.getTargetRequestParams()).containsOnly( entry("bar", asList("foo")), entry("baz", asList("lorem", "ipsum"))); - assertThat(flashMap.getTargetRequestPath()).isEqualTo("/foo"); + assertThat(flashMapOut.getTargetRequestPath()).isEqualTo("/foo"); } @Test @@ -83,7 +109,7 @@ void updateFlashMaps_withSingleFlashMap_writesCookie() { .hasFieldOrPropertyWithValue("httpOnly", true); String cookieValue = response.getCookie("flash").getValue(); - assertThat(cookieValue).isEqualTo("W3siYXR0cmlidXRlcyI6e30sImV4cGlyYXRpb25UaW1lIjotMSwidGFyZ2V0UmVxdWVzdFBhcmFtcyI6e30sInRhcmdldFJlcXVlc3RQYXRoIjpudWxsfV0=--daa79b20816b076ceb9f628bef9a82792fe9b5fa"); + assertThat(cookieValue).isEqualTo("W3siYXR0cmlidXRlcyI6e30sImV4cGlyYXRpb25UaW1lIjotMSwidGFyZ2V0UmVxdWVzdFBhcmFtcyI6e30sInRhcmdldFJlcXVlc3RQYXRoIjpudWxsfV0=--8dc134130c9f450deeef4499ace9dc950ecf342edabf77e7a8b002592413d8448dcb780d2b5f76d1a3b18152196a107654aebc0d2c7b5ef329e294b215bd0d27"); } @Test From db960c463f1e69ccdb1a741359248ad9fb594476 Mon Sep 17 00:00:00 2001 From: RedXi <21951094+RedXi@users.noreply.github.com> Date: Mon, 12 May 2025 01:39:06 +0200 Subject: [PATCH 06/17] docs(usage): fixed link in deprecation java doc --- .../com/innoq/spring/cookie/security/CookieValueSigner.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/innoq/spring/cookie/security/CookieValueSigner.java b/src/main/java/com/innoq/spring/cookie/security/CookieValueSigner.java index 357e150..8703fc6 100644 --- a/src/main/java/com/innoq/spring/cookie/security/CookieValueSigner.java +++ b/src/main/java/com/innoq/spring/cookie/security/CookieValueSigner.java @@ -24,7 +24,7 @@ public interface CookieValueSigner { /** * @deprecated SHA-1 is no longer considered secure. * Use SHA-256 or higher instead. - * See: https://csrc.nist.gov/news/2022/deprecation-of-sha-1 + * See: https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm */ @Deprecated static CookieValueSigner hmacSha1(String secret) { From 770ae5b2bc2b477b9def32c8cb309241ec956b06 Mon Sep 17 00:00:00 2001 From: RedXi <21951094+RedXi@users.noreply.github.com> Date: Mon, 12 May 2025 01:39:38 +0200 Subject: [PATCH 07/17] docs(usage): document how to use lib in spring, added security considerations --- README.md | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6b60c9b..4ec11d0 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ that use cookies instead of a HTTP session. ## Quick Start -Download the jar through Maven: +Download library through Maven: ```xml @@ -41,6 +41,74 @@ Download the jar through Maven: ``` +### 1. Register as a Spring Bean + +To enable cookie-based Flash attributes, register the `CookieFlashMapManager` as a Spring `@Bean`. You can customize the codec and signing mechanism: + +```java +@Configuration +public class FlashAttributeStrategy { + + @Bean + public CookieFlashMapManager cookieFlashMapManager() { + return new CookieFlashMapManager( + JacksonFlashMapListCodec.create(), // JSON serialization + CookieValueSigner.hmacSha256(secretKeyBytes), // Strong cookie signing + "flash" // Name of the cookie + ); + } +} +``` + +Make sure to replace `secretKeyBytes` with a proper 64-byte key for HMAC-SHA-256 signing. + +### 2. Usage in your application + +This is a typical POST-to-GET redirect pattern: after a POST request performs an action, the user is redirected to a GET endpoint that displays a result message. + +```java +@PostMapping("/send-message") +public String updateChangeRequestStatus(final RedirectAttributes redirectAttributes) { + final String message = sendMessage() + ? "Okay, your message was submitted." + : "Sending your message failed."; + + redirectAttributes.addFlashAttribute("message", message); + return "redirect:/messages"; +} + +@GetMapping("/messages") +@ResponseBody +public String showMessage(@ModelAttribute("message") String message) { + return message; +} +``` + +The message is transferred via an HTTP cookie rather than session storage – making it suitable for stateless environments or APIs. + +## Security Considerations + +Spring Cookie stores serialized data directly in HTTP cookies. While this enables stateless architectures, it also introduces potential attack surfaces. To ensure safe use in production environments, follow these best practices: + +### 1. Use a Strong Secret Key + +The HMAC key should be **at least 256 bits (32 bytes)**, preferably **512 bits (64 bytes)** in length: + +```java +KeyGenerator keyGen = KeyGenerator.getInstance("HmacSHA256"); +keyGen.init(512); +byte[] key = keyGen.generateKey().getEncoded(); +``` + +Store and manage this key securely, ideally via environment variables or a vault. + +### 2. Avoid Storing Sensitive Information + +Even signed cookies are visible to the client. Do not store personal data, tokens, or confidential information in flash attributes. + +OK: status messages like `"Saved successfully."`. + +*Avoid:* user IDs, emails, access rights, etc. ## Release History From 538abd12a117e41c00ba46379f656d120d3ac477 Mon Sep 17 00:00:00 2001 From: RedXi <21951094+RedXi@users.noreply.github.com> Date: Mon, 12 May 2025 14:27:29 +0200 Subject: [PATCH 08/17] doc(usage): fix of code example --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4ec11d0..33b2a4c 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ public class FlashAttributeStrategy { public CookieFlashMapManager cookieFlashMapManager() { return new CookieFlashMapManager( JacksonFlashMapListCodec.create(), // JSON serialization - CookieValueSigner.hmacSha256(secretKeyBytes), // Strong cookie signing + CookieValueSigner.hmacSha512(secretKeyBytes), // Strong cookie signing "flash" // Name of the cookie ); } From d49847db1e102a94e7871aa0c4e8e7782d9d3c0e Mon Sep 17 00:00:00 2001 From: RedXi <21951094+RedXi@users.noreply.github.com> Date: Wed, 14 May 2025 23:37:38 +0200 Subject: [PATCH 09/17] build: reverted compatibility with jdk 22 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 55ce534..f6d2242 100644 --- a/pom.xml +++ b/pom.xml @@ -181,7 +181,7 @@ POM_SECTION_ORDER,DEPENDENCY_MANAGEMENT_ORDER,DEPENDENCY_ORDER,DEPENDENCY_CONFIGURATION,DEPENDENCY_ELEMENT,PLUGIN_MANAGEMENT_ORDER,PLUGIN_CONFIGURATION,PLUGIN_ELEMENT - [17,22) + [17,18) [3.9,3.10) From 760dfaaa87e8710e27176cd6b5251cc580e54867 Mon Sep 17 00:00:00 2001 From: RedXi <21951094+RedXi@users.noreply.github.com> Date: Wed, 14 May 2025 23:40:17 +0200 Subject: [PATCH 10/17] test: revert test to use static cookie value --- .../flash/CookieFlashMapManagerTest.java | 22 ++++--------------- 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java b/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java index 324f79c..5998bbd 100644 --- a/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java +++ b/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java @@ -57,23 +57,9 @@ void retrieveFlashMaps_withNoCookiePresent_returnsNull() { @Test void retrieveFlashMaps_withValidCookie_returnsFlashMaps() { - FlashMap flashMapIn = new FlashMap(); - flashMapIn.setTargetRequestPath("/foo"); - flashMapIn.startExpirationPeriod(4711); - flashMapIn.put("foo", null); - flashMapIn.put("bar", 4711); - flashMapIn.put("baz", "lorem ipsum"); - flashMapIn.addTargetRequestParam("bar", "foo"); - flashMapIn.addTargetRequestParam("baz", "lorem"); - flashMapIn.addTargetRequestParam("baz", "ipsum"); - - MockHttpServletRequest firstRequest = new MockHttpServletRequest("GET", "/"); - MockHttpServletResponse response = new MockHttpServletResponse(); - sut.updateFlashMaps(asList(flashMapIn), firstRequest, response); - - assertThat(response.getCookies()).hasSize(1); - - String cookieValue = response.getCookies()[0].getValue(); + String cookieValue = "W3siYXR0cmlidXRlcyI6eyJiYXIiOjQ3MTEsImJheiI6ImxvcmVtIGlwc3VtIiwiZm9vIjpudWxsfSwiZXhwaXJhdGlvblRpbWUiOjE3NDcyNjMzODU0NjYsInRhcmdl" + + "dFJlcXVlc3RQYXJhbXMiOnsiYmFyIjpbImZvbyJdLCJiYXoiOlsibG9yZW0iLCJpcHN1bSJdfSwidGFyZ2V0UmVxdWVzdFBhdGgiOiIvZm9vIn1d--82d4da6585ee8acd9f503fa9cdffafd" + + "c6625791614883b166209aaef5d36d470492d8dc52ad785dcb9dbe7d9f3bab6fcfd0f306bf833a9d9cdf36738af945bf4"; MockHttpServletRequest secondRequest = new MockHttpServletRequest("GET", "/"); secondRequest.setCookies(new Cookie("flash", cookieValue)); @@ -85,7 +71,7 @@ void retrieveFlashMaps_withValidCookie_returnsFlashMaps() { FlashMap flashMapOut = flashMaps.get(0); assertThat((Map) flashMapOut).containsOnly( entry("foo", null), entry("bar", 4711), entry("baz", "lorem ipsum")); - assertThat(flashMapOut.getExpirationTime()).isEqualTo(flashMapIn.getExpirationTime()); + assertThat(flashMapOut.getExpirationTime()).isEqualTo(1747263385466L); assertThat(flashMapOut.getTargetRequestParams()).containsOnly( entry("bar", asList("foo")), entry("baz", asList("lorem", "ipsum"))); assertThat(flashMapOut.getTargetRequestPath()).isEqualTo("/foo"); From c06832aa6d471c7768b03929bf5688009084a88b Mon Sep 17 00:00:00 2001 From: RedXi <21951094+RedXi@users.noreply.github.com> Date: Wed, 14 May 2025 23:45:50 +0200 Subject: [PATCH 11/17] test: var naming --- .../spring/cookie/flash/CookieFlashMapManagerTest.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java b/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java index 5998bbd..15c436d 100644 --- a/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java +++ b/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java @@ -61,10 +61,10 @@ void retrieveFlashMaps_withValidCookie_returnsFlashMaps() { "dFJlcXVlc3RQYXJhbXMiOnsiYmFyIjpbImZvbyJdLCJiYXoiOlsibG9yZW0iLCJpcHN1bSJdfSwidGFyZ2V0UmVxdWVzdFBhdGgiOiIvZm9vIn1d--82d4da6585ee8acd9f503fa9cdffafd" + "c6625791614883b166209aaef5d36d470492d8dc52ad785dcb9dbe7d9f3bab6fcfd0f306bf833a9d9cdf36738af945bf4"; - MockHttpServletRequest secondRequest = new MockHttpServletRequest("GET", "/"); - secondRequest.setCookies(new Cookie("flash", cookieValue)); + MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); + request.setCookies(new Cookie("flash", cookieValue)); - List flashMaps = sut.retrieveFlashMaps(secondRequest); + List flashMaps = sut.retrieveFlashMaps(request); assertThat(flashMaps).hasSize(1); From b831cae25f7742e8610d4c1310cafab924a3a52f Mon Sep 17 00:00:00 2001 From: Michael Vitz Date: Thu, 15 May 2025 07:56:48 +0200 Subject: [PATCH 12/17] style: Reformat and rename variable in test --- .../cookie/flash/CookieFlashMapManagerTest.java | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java b/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java index 15c436d..179ac78 100644 --- a/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java +++ b/src/test/java/com/innoq/spring/cookie/flash/CookieFlashMapManagerTest.java @@ -57,9 +57,7 @@ void retrieveFlashMaps_withNoCookiePresent_returnsNull() { @Test void retrieveFlashMaps_withValidCookie_returnsFlashMaps() { - String cookieValue = "W3siYXR0cmlidXRlcyI6eyJiYXIiOjQ3MTEsImJheiI6ImxvcmVtIGlwc3VtIiwiZm9vIjpudWxsfSwiZXhwaXJhdGlvblRpbWUiOjE3NDcyNjMzODU0NjYsInRhcmdl" + - "dFJlcXVlc3RQYXJhbXMiOnsiYmFyIjpbImZvbyJdLCJiYXoiOlsibG9yZW0iLCJpcHN1bSJdfSwidGFyZ2V0UmVxdWVzdFBhdGgiOiIvZm9vIn1d--82d4da6585ee8acd9f503fa9cdffafd" + - "c6625791614883b166209aaef5d36d470492d8dc52ad785dcb9dbe7d9f3bab6fcfd0f306bf833a9d9cdf36738af945bf4"; + String cookieValue = "W3siYXR0cmlidXRlcyI6eyJiYXIiOjQ3MTEsImJheiI6ImxvcmVtIGlwc3VtIiwiZm9vIjpudWxsfSwiZXhwaXJhdGlvblRpbWUiOjE3NDcyNjMzODU0NjYsInRhcmdldFJlcXVlc3RQYXJhbXMiOnsiYmFyIjpbImZvbyJdLCJiYXoiOlsibG9yZW0iLCJpcHN1bSJdfSwidGFyZ2V0UmVxdWVzdFBhdGgiOiIvZm9vIn1d--82d4da6585ee8acd9f503fa9cdffafdc6625791614883b166209aaef5d36d470492d8dc52ad785dcb9dbe7d9f3bab6fcfd0f306bf833a9d9cdf36738af945bf4"; MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); request.setCookies(new Cookie("flash", cookieValue)); @@ -68,13 +66,13 @@ void retrieveFlashMaps_withValidCookie_returnsFlashMaps() { assertThat(flashMaps).hasSize(1); - FlashMap flashMapOut = flashMaps.get(0); - assertThat((Map) flashMapOut).containsOnly( + FlashMap flashMap = flashMaps.get(0); + assertThat((Map) flashMap).containsOnly( entry("foo", null), entry("bar", 4711), entry("baz", "lorem ipsum")); - assertThat(flashMapOut.getExpirationTime()).isEqualTo(1747263385466L); - assertThat(flashMapOut.getTargetRequestParams()).containsOnly( + assertThat(flashMap.getExpirationTime()).isEqualTo(1747263385466L); + assertThat(flashMap.getTargetRequestParams()).containsOnly( entry("bar", asList("foo")), entry("baz", asList("lorem", "ipsum"))); - assertThat(flashMapOut.getTargetRequestPath()).isEqualTo("/foo"); + assertThat(flashMap.getTargetRequestPath()).isEqualTo("/foo"); } @Test From 08cdaf6d5bd281c025197e0b24d93766398cc8c0 Mon Sep 17 00:00:00 2001 From: Michael Vitz Date: Thu, 15 May 2025 08:08:27 +0200 Subject: [PATCH 13/17] chore: Update copyright headers of changed files --- pom.xml | 2 +- .../com/innoq/spring/cookie/security/CookieValueSigner.java | 2 +- .../innoq/spring/cookie/flash/CookieFlashMapManagerTest.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index f6d2242..6487686 100644 --- a/pom.xml +++ b/pom.xml @@ -1,7 +1,7 @@