Bootiful Sessions

Fb22593caf24e4bb4c98d467cdd247e6?s=47 Josh Long
March 06, 2015

Bootiful Sessions

slides to accompany the presentation I gave as a webinar in February 2015 on using Spring Session. Spring Session acts as a sort of proxy and adapter on top of the HTTP Servlet Session API. It forwards interactions to a backing store (like Redis) and adds extra features like:
- user switching (Google Accounts)
- configurable correlation between server state and client (headers, cookies, or whatever you want)
- intelligently perpetuates the HTTP session if as websocket traffic continues

Fb22593caf24e4bb4c98d467cdd247e6?s=128

Josh Long

March 06, 2015
Tweet

Transcript

  1. S P R I N G S E S S

    I O N Josh Long (⻰龙之春) @starbuxman jlong@pivotal.io github.com/joshlong G E T T I N G S TA R T E D W I T H huge thanks to Rob Winch! @rob_winch
  2. Spring Developer Advocate Josh Long (⻰龙之春) @starbuxman jlong@pivotal.io | Jean

    Claude van Damme! Java mascot Duke some thing’s I’ve authored...
  3. @starbuxman

  4. @starbuxman is a stinky! • people jam all sorts of

    nasty state in there (I’m looking at you Java Server Faces!) the Servlet HttpSession..
  5. @starbuxman the Servlet HttpSession..

  6. @starbuxman is hard to scale: Tomcat the Servlet HttpSession.. http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html

    <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster" channelSendOptions="8"> <Manager className= 
 "org.apache.catalina.ha.session.DeltaManager" expireSessionsOnShutdown="false" notifyListenersOnReplication="true"/> <Channel className= 
 "org.apache.catalina.tribes.group.GroupChannel"> <Membership className= "org.apache.catalina.tribes.membership.McastService" … <Receiver className= "org.apache.catalina.tribes.transport.nio.NioReceiver" … <Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> <Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/> /Sender> ame="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/> .catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>
  7. @starbuxman is hard to scale: Jetty the Servlet HttpSession.. http://www.eclipse.org/jetty/documentation/9.2.3.v20140905/session-clustering-jdbc.html

    <Set name="sessionIdManager"> <New id="jdbcidmgr" class="org.eclipse.jetty.server.session.JDBCSessionIdManager"> <Arg> <Ref id="Server"/> </Arg> <Set name="workerName">fred</Set> <Set name="DatasourceName">javax.sql.DataSource/default</Set> <Set name="scavengeInterval">60</Set> </New> </Set> <Call name="setAttribute"> <Arg>jdbcIdMgr</Arg> <Arg> <Ref id="jdbcidmgr"/> </Arg> </Call>
  8. @starbuxman nope. • multicast is a huge no-no in most

    cloud environments • even if it were permitted, most clustering facilities don’t have multi-zone high availability support just works in the cloud tho, right? https://devcenter.heroku.com/articles/intro-for-java-developers
  9. @starbuxman some exceptions.. just works in the cloud tho, right?

    http://blog.pivotal.io/cloud-foundry-pivotal/products/session-replication-on-cloud-foundry-2 • Cloud Foundry supports sticky sessions. • as of late 2014, it also supports session replication for Tomcat and .wars (specifically)
  10. @starbuxman a Servlet HttpSession wrapper Spring Session package sample; import

    org.springframework.session.web.context
 .AbstractHttpSessionApplicationInitializer; /** * web.xml equivalent */ public class Initializer extends AbstractHttpSessionApplicationInitializer { }
  11. @starbuxman a Servlet HttpSession wrapper Spring Session package sample; import

    javax.servlet.*; import javax.servlet.annotation.*; import javax.servlet.http.*; import java.io.IOException; @WebServlet("/session") public class SessionServlet extends HttpServlet { @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String attributeName = req.getParameter("attributeName"); String attributeValue = req.getParameter("attributeValue"); req.getSession().setAttribute(attributeName, attributeValue); // just works! resp.sendRedirect(req.getContextPath() + "/"); } private static final long serialVersionUID = 2878267318695777395L; }
  12. @starbuxman multi-platform Spring Session • works for your web container

    (Tomcat) or classic application server (JBoss, WebSphere, etc) • works in the cloud • doesn’t require Spring
 (I know right?? WHY?)
  13. @starbuxman polyglot persistence Spring Session • pluggable implementations: • defaults

    for Redis, Map<K,V> • about the Map<K,V>.. • implies Hazelcast, Coherence,
 Gemfire support
  14. @starbuxman Demonstration basic setup

  15. @starbuxman HttpSessionStrategy strategies Spring Session • headers (x-auth-token) • cookies

    (you can ditch JSESSIONID!)
  16. @starbuxman Demonstration session strategies

  17. @starbuxman works with WebSockets! Spring Session • the standard is

    utterly broken here. No, seriously. #WTF • no easy way to perpetuate HTTP session from WS handler. As soon as HTTP session dies, so does WS communication. https://java.net/jira/browse/WEBSOCKET_SPEC-175 
 https://issues.apache.org/bugzilla/show_bug.cgi?id=54738
  18. @starbuxman Demonstration websockets

  19. @starbuxman User Switching (e.g.: Google accounts) Spring Session HttpServletRequest httpRequest

    = (HttpServletRequest) request; HttpSessionManager sessionManager = (HttpSessionManager) httpRequest.getAttribute(HttpSessionManager.class.getName()); SessionRepository<Session> repo = (SessionRepository<Session>) httpRequest.getAttribute(SessionRepository.class.getName()); String currentSessionAlias = sessionManager.getCurrentSessionAlias(httpRequest); Map<String, String> sessionIds = sessionManager.getSessionIds(httpRequest);
  20. @starbuxman Demonstration user switching

  21. @starbuxman • @Scope(“flash”) 
 UserConfirmation confirmation(){ .. } • @Scope(“session”)

    
 ShoppingCart cart (){ … } • two logically different applications can now talk to each other! (e.g.: poor- man’s single-sign on!) Other Use Cases
  22. @starbuxman • session concurrency control (“sign me out of other

    accounts”) • Spring Batch & Integration claim-check • support for managing accounts easier • smarter injectable beans, @MVC arg resolvers, etc. • optimized persistence (alternatives to Java serialization) What’s in the Works
  23. Josh Long (⻰龙之春) @starbuxman @springcentral jlong@pivotal.io github.com/joshlong References spring.io/guides docs.spring.io/spring-session

    github.com/joshlong/bootiful-sessions Questions? huge thanks to Rob Winch! @rob_winch