diff --git a/src/main/java/org/openrewrite/java/migrate/javax/HttpSessionInvalidate.java b/src/main/java/org/openrewrite/java/migrate/javax/HttpSessionInvalidate.java new file mode 100644 index 0000000000..64b08f5cd7 --- /dev/null +++ b/src/main/java/org/openrewrite/java/migrate/javax/HttpSessionInvalidate.java @@ -0,0 +1,101 @@ +/* + * Copyright 2024 the original author or authors. + *
+ * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + *
+ * https://www.apache.org/licenses/LICENSE-2.0 + *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.openrewrite.java.migrate.javax;
+
+import lombok.EqualsAndHashCode;
+import lombok.Value;
+import org.openrewrite.ExecutionContext;
+import org.openrewrite.Preconditions;
+import org.openrewrite.Recipe;
+import org.openrewrite.TreeVisitor;
+import org.openrewrite.internal.lang.Nullable;
+import org.openrewrite.java.*;
+import org.openrewrite.java.search.UsesMethod;
+import org.openrewrite.java.search.UsesType;
+import org.openrewrite.java.tree.J;
+import org.openrewrite.java.tree.JavaType;
+
+import java.util.List;
+
+@Value
+@EqualsAndHashCode(callSuper = false)
+public class HttpSessionInvalidate extends Recipe {
+ @Override
+ public String getDisplayName() {
+ return "Use HttpServletRequest `logout` method for programmatic security logout in Servlet 3.0";
+ }
+
+ @Override
+ public String getDescription() {
+ return "Do not rely on HttpSession `invalidate` method for programmatic security logout. Add the HttpServletRequest `logout` method which was introduced in Java EE 6 as part of the Servlet 3.0 specification.";
+ }
+
+ @Override
+ public TreeVisitor, ExecutionContext> getVisitor() {
+ MethodMatcher invalidateMethodMatcher = new MethodMatcher("javax.servlet.http.HttpSession invalidate()", false);
+ TypeMatcher httpServletRequestTypeMatcher = new TypeMatcher("javax.servlet.http.HttpServletRequest");
+ return Preconditions.check(
+ Preconditions.or(
+ new UsesMethod<>(invalidateMethodMatcher),
+ new UsesType<>("javax.servlet.http.HttpServletRequest", true)),
+ new JavaIsoVisitor
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+---
+type: specs.openrewrite.org/v1beta/recipe
+name: org.openrewrite.java.migrate.javaee6
+displayName: Migrate to JavaEE6
+description: These recipes help with the Migration to Java EE 6, flagging and updating deprecated methods.
+tags:
+ - javaee6
+ - deprecated
+recipeList:
+ - org.openrewrite.java.migrate.javax.HttpSessionInvalidate
\ No newline at end of file
diff --git a/src/main/resources/META-INF/rewrite/java-ee-7.yml b/src/main/resources/META-INF/rewrite/java-ee-7.yml
index 389425bfb8..6c7a1bf982 100644
--- a/src/main/resources/META-INF/rewrite/java-ee-7.yml
+++ b/src/main/resources/META-INF/rewrite/java-ee-7.yml
@@ -22,6 +22,7 @@ tags:
- javaee7
- deprecated
recipeList:
+ - org.openrewrite.java.migrate.javaee6
- org.openrewrite.java.migrate.javaee7.OpenJPAPersistenceProvider
- org.openrewrite.java.migrate.JpaCacheProperties
- org.openrewrite.java.migrate.BeansXmlNamespace
diff --git a/src/test/java/org/openrewrite/java/migrate/javaee/HttpSessionInvalidateTest.java b/src/test/java/org/openrewrite/java/migrate/javaee/HttpSessionInvalidateTest.java
new file mode 100644
index 0000000000..fb0eeb071c
--- /dev/null
+++ b/src/test/java/org/openrewrite/java/migrate/javaee/HttpSessionInvalidateTest.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.openrewrite.java.migrate.javaee;
+
+import org.junit.jupiter.api.Test;
+import org.openrewrite.DocumentExample;
+import org.openrewrite.InMemoryExecutionContext;
+import org.openrewrite.java.JavaParser;
+import org.openrewrite.java.migrate.javax.HttpSessionInvalidate;
+import org.openrewrite.test.RecipeSpec;
+import org.openrewrite.test.RewriteTest;
+
+import static org.openrewrite.java.Assertions.java;
+
+class HttpSessionInvalidateTest implements RewriteTest {
+ @Override
+ public void defaults(RecipeSpec spec) {
+ spec.parser(JavaParser.fromJavaVersion().classpathFromResources(new InMemoryExecutionContext(), "javax.servlet-3.0"))
+ .recipe(new HttpSessionInvalidate());
+ }
+
+ @Test
+ void noChangeNeeded() {
+ rewriteRun(
+ //language=java
+ java(
+ """
+ import javax.servlet.http.HttpServletResponse;
+ import javax.servlet.http.HttpServletRequest;
+ import javax.servlet.http.HttpSession;
+
+ class Foo {
+ void logOut(HttpServletRequest req, HttpServletResponse res) {
+ HttpSession session = req.getSession();
+ req.logout();
+ res.sendRedirect("login.html");
+ }
+ }
+ """
+ )
+ );
+ }
+
+ @Test
+ void noChangeCannotFindServletRequest() {
+ rewriteRun(
+ //language=java
+ java(
+ """
+ import javax.servlet.http.HttpServletResponse;
+ import javax.servlet.http.HttpSession;
+
+ class Foo {
+ void logOut(HttpSession session, HttpServletResponse res) {
+ session.invalidate();
+ res.sendRedirect("login.html");
+ }
+ }
+ """
+ )
+ );
+ }
+
+ @DocumentExample
+ @Test
+ void useLogoutWhenHttpServletRequestExistsInScope() {
+ rewriteRun(
+ //language=java
+ java(
+ """
+ import javax.servlet.http.HttpServletResponse;
+ import javax.servlet.http.HttpServletRequest;
+ import javax.servlet.http.HttpSession;
+
+ class Foo {
+ void logOut(HttpServletRequest req, HttpServletResponse res) {
+ HttpSession session = req.getSession(false);
+ session.invalidate();
+ res.sendRedirect("login.html");
+ }
+ }
+ """,
+ """
+ import javax.servlet.http.HttpServletResponse;
+ import javax.servlet.http.HttpServletRequest;
+ import javax.servlet.http.HttpSession;
+
+ class Foo {
+ void logOut(HttpServletRequest req, HttpServletResponse res) {
+ HttpSession session = req.getSession(false);
+ req.logout();
+ res.sendRedirect("login.html");
+ }
+ }
+ """
+ )
+ );
+ }
+}