$30 off During Our Annual Pro Sale. View Details »

Bootiful Sessions

Josh Long
March 06, 2015
Programming
7
1.3k

Bootiful Sessions

slides to accompany the presentation I gave as a webinar in February 2015 on using Spring Session. Spring Session acts as a sort of proxy and adapter on top of the HTTP Servlet Session API. It forwards interactions to a backing store (like Redis) and adds extra features like:
- user switching (Google Accounts)
- configurable correlation between server state and client (headers, cookies, or whatever you want)
- intelligently perpetuates the HTTP session if as websocket traffic continues

Josh Long

March 06, 2015
Tweet

More Decks by Josh Long

See All by Josh Long
The Reactive Revolution
joshlong
1
330
Cloud Native Java
joshlong
2
630
"The Bootiful Microservice" at SpringOne2GX 2015
joshlong
2
450
the Bootiful Application
joshlong
2
370
The Bootiful Microservice
joshlong
2
320
the Macro of Microservices
joshlong
6
6.3k
The Bootiful Microservice Redux Revisited Microslide Enterprise Edition
joshlong
3
640
Smarter Service-to-Service Invocation with Spring Cloud
joshlong
5
1k
The Bootiful Microservice
joshlong
6
2.5k

Other Decks in Programming

See All in Programming
Scala Left Fold Parallelisation - Three Approaches
philipschwarz
PRO
0
270
​고군분투 LLM 프로덕트 적용기: Blind Prompting 부터 Agent까지
huffon
2
1.1k
エンジニアもUIを作るならユーザーについて知ろう!
ohakutsu
1
120
ゆめみの Flutter エンジニア育成方法
morikann
0
240
セシール、大地に立つ - NIFTY Tech Day 2023
niftycorp
0
110
GoにおけるCall Graphを用いた 大規模コードベースの影響調査
ffjlabo
0
110
Unity Searchを拡張して高度な検索型UIを実現する
trapezoid
0
390
Foreign Function & Memory API ( FFM API )を用いたNativeライブラリ呼び出しと既存ライブラリの比較 ( JJUG CCC 2023 Fall )
hiroisojp
1
360
OpenTelemetry の Trace を中心としたパフォーマンス改善
rmatsuoka
0
440
ChatGPTをソフトウェア開発に活用する
fbei_ot
0
130
JavaScript なしで動作するモダンなコードの書き方
azukiazusa1
14
9.5k
KDDI共同講演:@niftyメール基盤移行プロジェクト - NIFTY Tech Day 2023
niftycorp
0
120

Featured

See All Featured
Code Reviewing Like a Champion
maltzj
511
38k
[RailsConf 2023] Rails as a piece of cake
palkan
17
3.2k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
240
20k
Testing 201, or: Great Expectations
jmmastey
26
6.1k
The MySQL Ecosystem @ GitHub 2015
samlambert
241
11k
Fashionably flexible responsive web design (full day workshop)
malarkey
396
64k
Code Review Best Practice
trishagee
53
14k
The Invisible Side of Design
smashingmag
291
49k
Producing Creativity
orderedlist
PRO
335
38k
It's Worth the Effort
3n
180
27k
Automating Front-end Workflow
addyosmani
1354
200k
A designer walks into a library…
pauljervisheath
199
22k

Transcript

  1. S P R I N G
    S E S S I O N
    Josh Long (⻰龙之春)
    @starbuxman
    [email protected]
    github.com/joshlong
    G E T T I N G S TA R T E D W I T H
    huge thanks to Rob Winch! @rob_winch

    View Slide

  2. Spring Developer Advocate
    Josh Long (⻰龙之春)
    @starbuxman [email protected]
    |
    Jean Claude
    van Damme! Java mascot Duke some thing’s I’ve authored...

    View Slide

  3. @starbuxman

    View Slide

  4. @starbuxman
    is a stinky!
    • people jam all sorts of nasty state in there (I’m looking at you Java Server Faces!)
    the Servlet HttpSession..

    View Slide

  5. @starbuxman
    the Servlet HttpSession..

    View Slide

  6. @starbuxman
    is hard to scale: Tomcat
    the Servlet HttpSession..
    http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html
    channelSendOptions="8">
    "org.apache.catalina.ha.session.DeltaManager"
    expireSessionsOnShutdown="false"
    notifyListenersOnReplication="true"/>
    "org.apache.catalina.tribes.group.GroupChannel">
    "org.apache.catalina.tribes.membership.McastService"

    "org.apache.catalina.tribes.transport.nio.NioReceiver"



    /Sender> ame="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
    .catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>

    View Slide

  7. @starbuxman
    is hard to scale: Jetty
    the Servlet HttpSession..
    http://www.eclipse.org/jetty/documentation/9.2.3.v20140905/session-clustering-jdbc.html





    fred
    javax.sql.DataSource/default
    60



    jdbcIdMgr




    View Slide

  8. @starbuxman
    nope.
    • multicast is a huge no-no in
    most cloud environments
    • even if it were permitted,
    most clustering facilities
    don’t have multi-zone high
    availability support
    just works in the cloud tho, right?
    https://devcenter.heroku.com/articles/intro-for-java-developers

    View Slide

  9. @starbuxman
    some exceptions..
    just works in the cloud tho, right?
    http://blog.pivotal.io/cloud-foundry-pivotal/products/session-replication-on-cloud-foundry-2
    • Cloud Foundry supports
    sticky sessions.
    • as of late 2014, it also
    supports session
    replication for Tomcat and
    .wars (specifically)

    View Slide

  10. @starbuxman
    a Servlet HttpSession wrapper
    Spring Session
    package sample;
    import org.springframework.session.web.context

    .AbstractHttpSessionApplicationInitializer;
    /**
    * web.xml equivalent
    */
    public class Initializer
    extends AbstractHttpSessionApplicationInitializer {
    }

    View Slide

  11. @starbuxman
    a Servlet HttpSession wrapper
    Spring Session
    package sample;
    import javax.servlet.*;
    import javax.servlet.annotation.*;
    import javax.servlet.http.*;
    import java.io.IOException;
    @WebServlet("/session")
    public class SessionServlet extends HttpServlet {
    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException {
    String attributeName = req.getParameter("attributeName");
    String attributeValue = req.getParameter("attributeValue");
    req.getSession().setAttribute(attributeName, attributeValue); // just works!
    resp.sendRedirect(req.getContextPath() + "/");
    }
    private static final long serialVersionUID = 2878267318695777395L;
    }

    View Slide

  12. @starbuxman
    multi-platform
    Spring Session
    • works for your web container (Tomcat)
    or classic application server (JBoss,
    WebSphere, etc)
    • works in the cloud
    • doesn’t require Spring

    (I know right?? WHY?)

    View Slide

  13. @starbuxman
    polyglot persistence
    Spring Session
    • pluggable implementations:
    • defaults for Redis, Map
    • about the Map..
    • implies Hazelcast, Coherence,

    Gemfire support

    View Slide

  14. @starbuxman
    Demonstration
    basic setup

    View Slide

  15. @starbuxman
    HttpSessionStrategy strategies
    Spring Session
    • headers (x-auth-token)
    • cookies (you can ditch JSESSIONID!)

    View Slide

  16. @starbuxman
    Demonstration
    session strategies

    View Slide

  17. @starbuxman
    works with WebSockets!
    Spring Session
    • the standard is utterly broken here. No, seriously. #WTF
    • no easy way to perpetuate HTTP session from WS handler.
    As soon as HTTP session dies, so does WS communication.
    https://java.net/jira/browse/WEBSOCKET_SPEC-175 

    https://issues.apache.org/bugzilla/show_bug.cgi?id=54738

    View Slide

  18. @starbuxman
    Demonstration
    websockets

    View Slide

  19. @starbuxman
    User Switching (e.g.: Google accounts)
    Spring Session
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpSessionManager sessionManager =
    (HttpSessionManager) httpRequest.getAttribute(HttpSessionManager.class.getName());
    SessionRepository repo =
    (SessionRepository) httpRequest.getAttribute(SessionRepository.class.getName());
    String currentSessionAlias = sessionManager.getCurrentSessionAlias(httpRequest);
    Map sessionIds = sessionManager.getSessionIds(httpRequest);

    View Slide

  20. @starbuxman
    Demonstration
    user switching

    View Slide

  21. @starbuxman
    • @Scope(“flash”) 

    UserConfirmation confirmation(){ .. }
    • @Scope(“session”) 

    ShoppingCart cart (){ … }
    • two logically different applications can now talk to each other! (e.g.: poor-
    man’s single-sign on!)
    Other Use Cases

    View Slide

  22. @starbuxman
    • session concurrency control (“sign me out of other accounts”)
    • Spring Batch & Integration claim-check
    • support for managing accounts easier
    • smarter injectable beans, @MVC arg resolvers, etc.
    • optimized persistence (alternatives to Java serialization)
    What’s in the Works

    View Slide

  23. Josh Long (⻰龙之春)
    @starbuxman
    @springcentral
    [email protected]
    github.com/joshlong
    References
    spring.io/guides
    docs.spring.io/spring-session
    github.com/joshlong/bootiful-sessions
    Questions?
    huge thanks to Rob Winch! @rob_winch

    View Slide