$30 off During Our Annual Pro Sale. View Details »

Bootiful Sessions

Josh Long
March 06, 2015

Bootiful Sessions

slides to accompany the presentation I gave as a webinar in February 2015 on using Spring Session. Spring Session acts as a sort of proxy and adapter on top of the HTTP Servlet Session API. It forwards interactions to a backing store (like Redis) and adds extra features like:
- user switching (Google Accounts)
- configurable correlation between server state and client (headers, cookies, or whatever you want)
- intelligently perpetuates the HTTP session if as websocket traffic continues

Josh Long

March 06, 2015
Tweet

More Decks by Josh Long

Other Decks in Programming

Transcript

  1. S P R I N G
    S E S S I O N
    Josh Long (⻰龙之春)
    @starbuxman
    [email protected]
    github.com/joshlong
    G E T T I N G S TA R T E D W I T H
    huge thanks to Rob Winch! @rob_winch

    View Slide

  2. Spring Developer Advocate
    Josh Long (⻰龙之春)
    @starbuxman [email protected]
    |
    Jean Claude
    van Damme! Java mascot Duke some thing’s I’ve authored...

    View Slide

  3. @starbuxman

    View Slide

  4. @starbuxman
    is a stinky!
    • people jam all sorts of nasty state in there (I’m looking at you Java Server Faces!)
    the Servlet HttpSession..

    View Slide

  5. @starbuxman
    the Servlet HttpSession..

    View Slide

  6. @starbuxman
    is hard to scale: Tomcat
    the Servlet HttpSession..
    http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html
    channelSendOptions="8">
    "org.apache.catalina.ha.session.DeltaManager"
    expireSessionsOnShutdown="false"
    notifyListenersOnReplication="true"/>
    "org.apache.catalina.tribes.group.GroupChannel">
    "org.apache.catalina.tribes.membership.McastService"

    "org.apache.catalina.tribes.transport.nio.NioReceiver"



    /Sender> ame="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
    .catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>

    View Slide

  7. @starbuxman
    is hard to scale: Jetty
    the Servlet HttpSession..
    http://www.eclipse.org/jetty/documentation/9.2.3.v20140905/session-clustering-jdbc.html





    fred
    javax.sql.DataSource/default
    60



    jdbcIdMgr




    View Slide

  8. @starbuxman
    nope.
    • multicast is a huge no-no in
    most cloud environments
    • even if it were permitted,
    most clustering facilities
    don’t have multi-zone high
    availability support
    just works in the cloud tho, right?
    https://devcenter.heroku.com/articles/intro-for-java-developers

    View Slide

  9. @starbuxman
    some exceptions..
    just works in the cloud tho, right?
    http://blog.pivotal.io/cloud-foundry-pivotal/products/session-replication-on-cloud-foundry-2
    • Cloud Foundry supports
    sticky sessions.
    • as of late 2014, it also
    supports session
    replication for Tomcat and
    .wars (specifically)

    View Slide

  10. @starbuxman
    a Servlet HttpSession wrapper
    Spring Session
    package sample;
    import org.springframework.session.web.context

    .AbstractHttpSessionApplicationInitializer;
    /**
    * web.xml equivalent
    */
    public class Initializer
    extends AbstractHttpSessionApplicationInitializer {
    }

    View Slide

  11. @starbuxman
    a Servlet HttpSession wrapper
    Spring Session
    package sample;
    import javax.servlet.*;
    import javax.servlet.annotation.*;
    import javax.servlet.http.*;
    import java.io.IOException;
    @WebServlet("/session")
    public class SessionServlet extends HttpServlet {
    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException {
    String attributeName = req.getParameter("attributeName");
    String attributeValue = req.getParameter("attributeValue");
    req.getSession().setAttribute(attributeName, attributeValue); // just works!
    resp.sendRedirect(req.getContextPath() + "/");
    }
    private static final long serialVersionUID = 2878267318695777395L;
    }

    View Slide

  12. @starbuxman
    multi-platform
    Spring Session
    • works for your web container (Tomcat)
    or classic application server (JBoss,
    WebSphere, etc)
    • works in the cloud
    • doesn’t require Spring

    (I know right?? WHY?)

    View Slide

  13. @starbuxman
    polyglot persistence
    Spring Session
    • pluggable implementations:
    • defaults for Redis, Map
    • about the Map..
    • implies Hazelcast, Coherence,

    Gemfire support

    View Slide

  14. @starbuxman
    Demonstration
    basic setup

    View Slide

  15. @starbuxman
    HttpSessionStrategy strategies
    Spring Session
    • headers (x-auth-token)
    • cookies (you can ditch JSESSIONID!)

    View Slide

  16. @starbuxman
    Demonstration
    session strategies

    View Slide

  17. @starbuxman
    works with WebSockets!
    Spring Session
    • the standard is utterly broken here. No, seriously. #WTF
    • no easy way to perpetuate HTTP session from WS handler.
    As soon as HTTP session dies, so does WS communication.
    https://java.net/jira/browse/WEBSOCKET_SPEC-175 

    https://issues.apache.org/bugzilla/show_bug.cgi?id=54738

    View Slide

  18. @starbuxman
    Demonstration
    websockets

    View Slide

  19. @starbuxman
    User Switching (e.g.: Google accounts)
    Spring Session
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpSessionManager sessionManager =
    (HttpSessionManager) httpRequest.getAttribute(HttpSessionManager.class.getName());
    SessionRepository repo =
    (SessionRepository) httpRequest.getAttribute(SessionRepository.class.getName());
    String currentSessionAlias = sessionManager.getCurrentSessionAlias(httpRequest);
    Map sessionIds = sessionManager.getSessionIds(httpRequest);

    View Slide

  20. @starbuxman
    Demonstration
    user switching

    View Slide

  21. @starbuxman
    • @Scope(“flash”) 

    UserConfirmation confirmation(){ .. }
    • @Scope(“session”) 

    ShoppingCart cart (){ … }
    • two logically different applications can now talk to each other! (e.g.: poor-
    man’s single-sign on!)
    Other Use Cases

    View Slide

  22. @starbuxman
    • session concurrency control (“sign me out of other accounts”)
    • Spring Batch & Integration claim-check
    • support for managing accounts easier
    • smarter injectable beans, @MVC arg resolvers, etc.
    • optimized persistence (alternatives to Java serialization)
    What’s in the Works

    View Slide

  23. Josh Long (⻰龙之春)
    @starbuxman
    @springcentral
    [email protected]
    github.com/joshlong
    References
    spring.io/guides
    docs.spring.io/spring-session
    github.com/joshlong/bootiful-sessions
    Questions?
    huge thanks to Rob Winch! @rob_winch

    View Slide