Add support for partitioned cookies

spring-projectsgh-42307

Author: nosan

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/session/SessionAutoConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2023 the original author or authors.
+ * Copyright 2012-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -98,6 +98,7 @@ DefaultCookieSerializer cookieSerializer(ServerProperties serverProperties,
 			map.from(cookie::getSecure).to(cookieSerializer::setUseSecureCookie);
 			map.from(cookie::getMaxAge).asInt(Duration::getSeconds).to(cookieSerializer::setCookieMaxAge);
 			map.from(cookie::getSameSite).as(SameSite::attributeValue).to(cookieSerializer::setSameSite);
+			map.from(cookie::getPartitioned).to(cookieSerializer::setPartitioned);
 			cookieSerializerCustomizers.orderedStream().forEach((customizer) -> customizer.customize(cookieSerializer));
 			return cookieSerializer;
 		}

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/reactive/WebSessionIdResolverAutoConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2022 the original author or authors.
+ * Copyright 2012-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -76,6 +76,7 @@ private void initializeCookie(ResponseCookieBuilder builder) {
 		map.from(cookie::getHttpOnly).to(builder::httpOnly);
 		map.from(cookie::getSecure).to(builder::secure);
 		map.from(cookie::getMaxAge).to(builder::maxAge);
+		map.from(cookie::getPartitioned).to(builder::partitioned);
 		map.from(getSameSite(cookie)).to(builder::sameSite);
 	}
 

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/session/SessionAutoConfigurationTests.java

@@ -156,7 +156,7 @@ void sessionCookieConfigurationIsAppliedToAutoConfiguredCookieSerializer() {
 			.withPropertyValues("server.servlet.session.cookie.name=sid", "server.servlet.session.cookie.domain=spring",
 					"server.servlet.session.cookie.path=/test", "server.servlet.session.cookie.httpOnly=false",
 					"server.servlet.session.cookie.secure=false", "server.servlet.session.cookie.maxAge=10s",
-					"server.servlet.session.cookie.sameSite=strict")
+					"server.servlet.session.cookie.sameSite=strict", "server.servlet.session.cookie.partitioned=true")
 			.run((context) -> {
 				DefaultCookieSerializer cookieSerializer = context.getBean(DefaultCookieSerializer.class);
 				assertThat(cookieSerializer).hasFieldOrPropertyWithValue("cookieName", "sid");
@@ -166,6 +166,7 @@ void sessionCookieConfigurationIsAppliedToAutoConfiguredCookieSerializer() {
 				assertThat(cookieSerializer).hasFieldOrPropertyWithValue("useSecureCookie", false);
 				assertThat(cookieSerializer).hasFieldOrPropertyWithValue("cookieMaxAge", 10);
 				assertThat(cookieSerializer).hasFieldOrPropertyWithValue("sameSite", "Strict");
+				assertThat(cookieSerializer).hasFieldOrPropertyWithValue("partitioned", true);
 			});
 	}
 

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/reactive/WebFluxAutoConfigurationTests.java

@@ -644,7 +644,8 @@ void customSessionCookieConfigurationShouldBeApplied() {
 		this.contextRunner.withPropertyValues("server.reactive.session.cookie.name:JSESSIONID",
 				"server.reactive.session.cookie.domain:.example.com", "server.reactive.session.cookie.path:/example",
 				"server.reactive.session.cookie.max-age:60", "server.reactive.session.cookie.http-only:false",
-				"server.reactive.session.cookie.secure:false", "server.reactive.session.cookie.same-site:strict")
+				"server.reactive.session.cookie.secure:false", "server.reactive.session.cookie.same-site:strict",
+				"server.reactive.session.cookie.partitioned:true")
 			.run(assertExchangeWithSession((exchange) -> {
 				List<ResponseCookie> cookies = exchange.getResponse().getCookies().get("JSESSIONID");
 				assertThat(cookies).isNotEmpty();
@@ -654,6 +655,7 @@ void customSessionCookieConfigurationShouldBeApplied() {
 				assertThat(cookies).allMatch((cookie) -> !cookie.isHttpOnly());
 				assertThat(cookies).allMatch((cookie) -> !cookie.isSecure());
 				assertThat(cookies).allMatch((cookie) -> cookie.getSameSite().equals("Strict"));
+				assertThat(cookies).allMatch(ResponseCookie::isPartitioned);
 			}));
 	}
 

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/server/Cookie.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2021 the original author or authors.
+ * Copyright 2012-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -57,6 +57,11 @@ public class Cookie {
 	 */
 	private Boolean secure;
 
+	/**
+	 * Whether the generated cookie carries the Partitioned attribute.
+	 */
+	private Boolean partitioned;
+
 	/**
 	 * Maximum age of the cookie. If a duration suffix is not specified, seconds will be
 	 * used. A positive value indicates when the cookie expires relative to the current
@@ -127,6 +132,14 @@ public void setSameSite(SameSite sameSite) {
 		this.sameSite = sameSite;
 	}
 
+	public Boolean getPartitioned() {
+		return this.partitioned;
+	}
+
+	public void setPartitioned(Boolean partitioned) {
+		this.partitioned = partitioned;
+	}
+
 	/**
 	 * SameSite values.
 	 */