S P R I N G S E S S I O N Josh Long (⻰龙之春) @starbuxman jlong@pivotal.io github.com/joshlong G E T T I N G S TA R T E D W I T H huge thanks to Rob Winch! @rob_winch

Spring Developer Advocate Josh Long (⻰龙之春) @starbuxman jlong@pivotal.io | Jean Claude van Damme! Java mascot Duke some thing’s I’ve authored...

@starbuxman

@starbuxman is a stinky! • people jam all sorts of nasty state in there (I’m looking at you Java Server Faces!) the Servlet HttpSession..

@starbuxman the Servlet HttpSession..

@starbuxman is hard to scale: Tomcat the Servlet HttpSession.. http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html /Sender> ame="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/> .catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>

@starbuxman is hard to scale: Jetty the Servlet HttpSession.. http://www.eclipse.org/jetty/documentation/9.2.3.v20140905/session-clustering-jdbc.html fred javax.sql.DataSource/default 60 jdbcIdMgr

@starbuxman nope. • multicast is a huge no-no in most cloud environments • even if it were permitted, most clustering facilities don’t have multi-zone high availability support just works in the cloud tho, right? https://devcenter.heroku.com/articles/intro-for-java-developers

@starbuxman some exceptions.. just works in the cloud tho, right? http://blog.pivotal.io/cloud-foundry-pivotal/products/session-replication-on-cloud-foundry-2 • Cloud Foundry supports sticky sessions. • as of late 2014, it also supports session replication for Tomcat and .wars (specifically)

@starbuxman a Servlet HttpSession wrapper Spring Session package sample; import org.springframework.session.web.context
 .AbstractHttpSessionApplicationInitializer; /** * web.xml equivalent */ public class Initializer extends AbstractHttpSessionApplicationInitializer { }

@starbuxman a Servlet HttpSession wrapper Spring Session package sample; import javax.servlet.*; import javax.servlet.annotation.*; import javax.servlet.http.*; import java.io.IOException; @WebServlet("/session") public class SessionServlet extends HttpServlet { @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String attributeName = req.getParameter("attributeName"); String attributeValue = req.getParameter("attributeValue"); req.getSession().setAttribute(attributeName, attributeValue); // just works! resp.sendRedirect(req.getContextPath() + "/"); } private static final long serialVersionUID = 2878267318695777395L; }

@starbuxman multi-platform Spring Session • works for your web container (Tomcat) or classic application server (JBoss, WebSphere, etc) • works in the cloud • doesn’t require Spring
 (I know right?? WHY?)

@starbuxman polyglot persistence Spring Session • pluggable implementations: • defaults for Redis, Map • about the Map.. • implies Hazelcast, Coherence,
 Gemfire support

@starbuxman Demonstration basic setup

@starbuxman HttpSessionStrategy strategies Spring Session • headers (x-auth-token) • cookies (you can ditch JSESSIONID!)

@starbuxman Demonstration session strategies

@starbuxman works with WebSockets! Spring Session • the standard is utterly broken here. No, seriously. #WTF • no easy way to perpetuate HTTP session from WS handler. As soon as HTTP session dies, so does WS communication. https://java.net/jira/browse/WEBSOCKET_SPEC-175 
 https://issues.apache.org/bugzilla/show_bug.cgi?id=54738

@starbuxman Demonstration websockets

@starbuxman User Switching (e.g.: Google accounts) Spring Session HttpServletRequest httpRequest = (HttpServletRequest) request; HttpSessionManager sessionManager = (HttpSessionManager) httpRequest.getAttribute(HttpSessionManager.class.getName()); SessionRepository repo = (SessionRepository) httpRequest.getAttribute(SessionRepository.class.getName()); String currentSessionAlias = sessionManager.getCurrentSessionAlias(httpRequest); Map sessionIds = sessionManager.getSessionIds(httpRequest);

@starbuxman Demonstration user switching

@starbuxman • @Scope(“flash”) 
 UserConfirmation confirmation(){ .. } • @Scope(“session”) 
 ShoppingCart cart (){ … } • two logically different applications can now talk to each other! (e.g.: poor- man’s single-sign on!) Other Use Cases

@starbuxman • session concurrency control (“sign me out of other accounts”) • Spring Batch & Integration claim-check • support for managing accounts easier • smarter injectable beans, @MVC arg resolvers, etc. • optimized persistence (alternatives to Java serialization) What’s in the Works

Josh Long (⻰龙之春) @starbuxman @springcentral jlong@pivotal.io github.com/joshlong References spring.io/guides docs.spring.io/spring-session github.com/joshlong/bootiful-sessions Questions? huge thanks to Rob Winch! @rob_winch