Bootiful Sessions

Fb22593caf24e4bb4c98d467cdd247e6?s=47 Josh Long
March 06, 2015

Bootiful Sessions

slides to accompany the presentation I gave as a webinar in February 2015 on using Spring Session. Spring Session acts as a sort of proxy and adapter on top of the HTTP Servlet Session API. It forwards interactions to a backing store (like Redis) and adds extra features like:
- user switching (Google Accounts)
- configurable correlation between server state and client (headers, cookies, or whatever you want)
- intelligently perpetuates the HTTP session if as websocket traffic continues


Josh Long

March 06, 2015


  1. S P R I N G S E S S

    I O N Josh Long (⻰龙之春) @starbuxman G E T T I N G S TA R T E D W I T H huge thanks to Rob Winch! @rob_winch
  2. Spring Developer Advocate Josh Long (⻰龙之春) @starbuxman | Jean

    Claude van Damme! Java mascot Duke some thing’s I’ve authored...
  3. @starbuxman

  4. @starbuxman is a stinky! • people jam all sorts of

    nasty state in there (I’m looking at you Java Server Faces!) the Servlet HttpSession..
  5. @starbuxman the Servlet HttpSession..

  6. @starbuxman is hard to scale: Tomcat the Servlet HttpSession..

    <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster" channelSendOptions="8"> <Manager className= 
 "org.apache.catalina.ha.session.DeltaManager" expireSessionsOnShutdown="false" notifyListenersOnReplication="true"/> <Channel className= 
 ""> <Membership className= "org.apache.catalina.tribes.membership.McastService" … <Receiver className= "org.apache.catalina.tribes.transport.nio.NioReceiver" … <Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> <Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/> /Sender> ame=""/>"/>
  7. @starbuxman is hard to scale: Jetty the Servlet HttpSession..

    <Set name="sessionIdManager"> <New id="jdbcidmgr" class="org.eclipse.jetty.server.session.JDBCSessionIdManager"> <Arg> <Ref id="Server"/> </Arg> <Set name="workerName">fred</Set> <Set name="DatasourceName">javax.sql.DataSource/default</Set> <Set name="scavengeInterval">60</Set> </New> </Set> <Call name="setAttribute"> <Arg>jdbcIdMgr</Arg> <Arg> <Ref id="jdbcidmgr"/> </Arg> </Call>
  8. @starbuxman nope. • multicast is a huge no-no in most

    cloud environments • even if it were permitted, most clustering facilities don’t have multi-zone high availability support just works in the cloud tho, right?
  9. @starbuxman some exceptions.. just works in the cloud tho, right? • Cloud Foundry supports sticky sessions. • as of late 2014, it also supports session replication for Tomcat and .wars (specifically)
  10. @starbuxman a Servlet HttpSession wrapper Spring Session package sample; import

 .AbstractHttpSessionApplicationInitializer; /** * web.xml equivalent */ public class Initializer extends AbstractHttpSessionApplicationInitializer { }
  11. @starbuxman a Servlet HttpSession wrapper Spring Session package sample; import

    javax.servlet.*; import javax.servlet.annotation.*; import javax.servlet.http.*; import; @WebServlet("/session") public class SessionServlet extends HttpServlet { @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String attributeName = req.getParameter("attributeName"); String attributeValue = req.getParameter("attributeValue"); req.getSession().setAttribute(attributeName, attributeValue); // just works! resp.sendRedirect(req.getContextPath() + "/"); } private static final long serialVersionUID = 2878267318695777395L; }
  12. @starbuxman multi-platform Spring Session • works for your web container

    (Tomcat) or classic application server (JBoss, WebSphere, etc) • works in the cloud • doesn’t require Spring
 (I know right?? WHY?)
  13. @starbuxman polyglot persistence Spring Session • pluggable implementations: • defaults

    for Redis, Map<K,V> • about the Map<K,V>.. • implies Hazelcast, Coherence,
 Gemfire support
  14. @starbuxman Demonstration basic setup

  15. @starbuxman HttpSessionStrategy strategies Spring Session • headers (x-auth-token) • cookies

    (you can ditch JSESSIONID!)
  16. @starbuxman Demonstration session strategies

  17. @starbuxman works with WebSockets! Spring Session • the standard is

    utterly broken here. No, seriously. #WTF • no easy way to perpetuate HTTP session from WS handler. As soon as HTTP session dies, so does WS communication.
  18. @starbuxman Demonstration websockets

  19. @starbuxman User Switching (e.g.: Google accounts) Spring Session HttpServletRequest httpRequest

    = (HttpServletRequest) request; HttpSessionManager sessionManager = (HttpSessionManager) httpRequest.getAttribute(HttpSessionManager.class.getName()); SessionRepository<Session> repo = (SessionRepository<Session>) httpRequest.getAttribute(SessionRepository.class.getName()); String currentSessionAlias = sessionManager.getCurrentSessionAlias(httpRequest); Map<String, String> sessionIds = sessionManager.getSessionIds(httpRequest);
  20. @starbuxman Demonstration user switching

  21. @starbuxman • @Scope(“flash”) 
 UserConfirmation confirmation(){ .. } • @Scope(“session”)

 ShoppingCart cart (){ … } • two logically different applications can now talk to each other! (e.g.: poor- man’s single-sign on!) Other Use Cases
  22. @starbuxman • session concurrency control (“sign me out of other

    accounts”) • Spring Batch & Integration claim-check • support for managing accounts easier • smarter injectable beans, @MVC arg resolvers, etc. • optimized persistence (alternatives to Java serialization) What’s in the Works
  23. Josh Long (⻰龙之春) @starbuxman @springcentral References Questions? huge thanks to Rob Winch! @rob_winch