David Gómez García, profile picture
Uploaded byDavid Gómez García
PDF, PPTX13,143 views

Managing user's data with Spring Session

The document discusses Spring Session, which provides a way to store and configure session data handling in a platform-independent manner. It introduces Spring Session's architecture and components, including the SessionRepositoryFilter, SessionRepository implementations, and HttpSession wrappers. It then outlines the steps to use Spring Session with Redis for session persistence, including configuration of the RedisConnectionFactory, session usage, and bootstrap of SpringSession.

Technology
In this document
Powered by AI

Introduction to managing user data via Spring Session and outline of agenda covering session management topics.

Discussion on session data handling, scalability issues, and caveats regarding HttpSession as a data container.

Explains the motivation behind Spring Session to enhance session data handling and its platform independence.

Introduction to Spring Session, its architecture, and mechanisms for intercepting session access.

Setup for Spring Session architecture, including necessary Redis configurations and dependency management.

Steps to establish Redis connections and test session management with session data.

Customization strategies for session management including properties, session strategies, and options.

Details on customizing session storage by implementing a SessionRepository for different storage solutions.

Handling multiple user sessions and strategies for selecting specific session IDs based on parameters.

Integrating user state management in RESTful APIs using various session strategies and configurations.

Summary of key takeaways regarding the independence of HttpSession from container, configuration ease, and implementation aspects.

Embed presentation

Download as PDF, PPTX
Managing user’s data with Spring Session David  Gómez  G.   @dgomezg
@dgomezg Agenda • Session  Data:  State  of  the  art   • Spring-­‐Session:  Motivations  &  Goals   • Out  of  the  box  integration  with  Redis   • Use  Cases   • Change  persistent  store   • Multiple  user  login  handling   • Adding  session  to  RESTful  APIs
@dgomezg Session  Data:  State  of  the  art. • Sometimes  you  need/want  to  keep  data  from   the  user
@dgomezg Session  Data:  State  of  the  art. • HttpSession  as  data  container   • Retrieved  from  the  HttpServletRequest   • Implementation  dependent  on  servlet   container   • Persistency  configurable  on  servlet   container
@dgomezg Scalability:  Clustering,  PASS  and     Cloud
@dgomezg Session  Data:  Caveats • Data  should  be  Serializable   • Servlet  Container  specific   • Implementation   • Persistent  storage  configuration.
@dgomezg Spring  session  motivation • Provide  a  mechanism  to  store  &  configure   session  data  handling
@dgomezg Spring  Session  Goals • Provide  a  mechanism  to  store  &  configure   session  data  handling   • Platform  independent   • Transparent  to  standard  HttpSession  usage   • Easily  configurable   • Easily  extensible   • New  persistence  mechanisms
@dgomezg INTRODUCING   SPRING  SESSION 9
@dgomezg How  it  works Session  is  accessed  via  HttpRequest @RequestMapping("/user/session")
 public String addToSession(HttpServletRequest request,
 @RequestParam("attr") String attribute,
 @RequestParam("val") String value) {
 HttpSession session = request.getSession();
 session.setAttribute(attribute, value);
 return "redirect:/";
 } The  Goal:  intercept  the  Session  access  to    replace  the  Session  creation  by  a  richer  implementation
@dgomezg Architecture SessionRepositoryFilter Other  filters DispatcherServlet HttpRequestWrapper HttpSessionWrapper Transparently  replaces     HttpRequest  &  HttpSession
@dgomezg SessionRepositoryRequestWrapper Overrides  methods  that  return  an  HttpSession   •Encapsulates  creation  of  specific  HttpSession   •Handles  HttpSession  persistence  (if  any) private final class SessionRepositoryRequestWrapper extends HttpServletRequestWrapper { @Override
 public HttpSession getSession(boolean create) {/* Impl omitted */}
 
 @Override
 public HttpSession getSession() {/* Impl omitted */}
 }
@dgomezg HttpSessionWrapper Specific  HttpSession  implementation     •Transparent  interface  for  the  Application   •Independent  from  Servlet  Container   •Spring-­‐Session  and  Spring-­‐Repository  aware private final class HttpSessionWrapper implements HttpSession {
 }
@dgomezg SessionRepositoryFilter Bootstraps  Spring  Session  architecture   Should  be  placed  first  in  the  Filter  Chain   Bean  name  is  mandatory:   • springSessionRepositoryFilter <filter>
 <filter-name>springSessionRepositoryFilter</filter-name>
 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 </filter>
 <filter-mapping>
 <filter-name>springSessionRepositoryFilter</filter-name>
 <url-pattern>/*</url-pattern>
 </filter-mapping>

@dgomezg SessionRepositoryFilter Bootstraps  Spring  Session  architecture   Servlet  3.0:    Use  AbstractHttpSessionApplicationInitializer   public class Initializer
 extends AbstractHttpSessionApplicationInitializer {
 
 public Initializer() {
 super(Config.class);
 }
 }
@dgomezg The  Big  Picture
@dgomezg USING  SPRING  SESSION  IN  YOUR   APPLICATION 17
@dgomezg Components  needed • SpringSessionFilter  (already  implemented)   • A  SessionRepository  implementation   • A  redis  backed  implementation  out-­‐of-­‐the-­‐ box   • A  persistence  service  (optional)   • (i.e)  an  external  redis  service
@dgomezg Step  1:  Setup  dependencies <dependencies> <dependency> <groupId>org.springframework.session</groupId>
 <artifactId>spring-session</artifactId>
 <version>1.0.1.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.session</groupId>
 <artifactId>spring-session-data-redis</artifactId>
 <version>1.0.1.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId>
 <artifactId>spring-web</artifactId>
 <version>4.1.6.RELEASE</version> </dependency> </dependencies>
@dgomezg Step  2:  Import  Redis  Configuration <context:annotation-config/>
 <bean class="org.springframework.session.data.redis.config.annotation.web.ht tp.RedisHttpSessionConfiguration"/> RedisHttpSessionConfiguration  configures:   • SessionRepositoryFilter   • A  SessionRepository  that  persists  to  redis   • needs  a  RedisConnectionFactory spring/session.xml
@dgomezg Step  2:  Import  Redis  Configuration @EnableRedisHttpSession //@Import(RedisHttpSessionConfiguration.class) public class Config {
 } RedisHttpSessionConfiguration  configures:   • SessionRepositoryFilter   • A  SessionRepository  that  persists  to  redis   • needs  a  RedisConnectionFactory
@dgomezg Step  3:  RedisConnectionFactory <bean id="connectionFactory"
 class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory"
 p:hostName="${redis.host}" p:port="${redis.port}" p:password="${redis.pass}"/>
 
 <context:property-placeholder location="classpath:redis.properties"/> Using  Jedis  client   • Defined  in  spring-­‐data-­‐redis.jar   Configures  the  external  connection  to  Redis  server   spring/redis.xml
@dgomezg Step  3:  RedisConnectionFactory @Bean
 public JedisConnectionFactory connectionFactory( @Value("${spring.redis.host") String host,
 @Value(“${spring.redis.port}”) int port,
 @Value("${spring.redis.pass}") String pass) {
 JedisConnectionFactory connection = new JedisConnectionFactory();
 connection.setHostName(host);
 connection.setPort(port);
 connection.setPassword(pass);
 return connection;
 } Using  Jedis  client   • Defined  in  spring-­‐data-­‐redis.jar   Configures  the  external  connection  to  Redis  server  
@dgomezg Step  3b:  RedisConnectionFactory @EnableEmbeddedRedis // @Import(EmbeddedRedisConfiguration.class)
 @EnableRedisHttpSession 
 public class Config {
 
 
 @Bean
 public JedisConnectionFactory connectionFactory( @RedisServerPort int port) {
 JedisConnectionFactory connection = new JedisConnectionFactory(); 
 connection.setPort(port);
 return connection;
 }
 } An  embedded  Redis  Configuration  is  available  in   spring-­‐session-­‐samples  project
@dgomezg Step  4:  Session  usage @Controller
 public class SessionDataController {
 
 @RequestMapping("/user/session")
 public String addToSession(HttpServletRequest request,
 @RequestParam("attr") String attribute,
 @RequestParam("val") String value) {
 HttpSession session = request.getSession();
 session.setAttribute(attribute, value);
 return "redirect:/";
 }
 }
 Use  your  HttpSession  as  usual     (through  HttpServletRequest)
@dgomezg Step  5:  Bootstrap  SpringSession public class Initializer
 extends AbstractHttpSessionApplicationInitializer {
 
 public Initializer() {
 super(Config.class);
 }
 } Define  a  DelegatingFilterProxy  with  specific  name   springSessionRepositoryFilter
@dgomezg Step  6:  Deploy  and  test $ curl https://localhost:8080/user/session?attr=username&val=dgomezg $ $ ./redis-cli -p 6379 127.0.0.1:6379> keys * 1) "spring:session:expirations:1430159640000" 2) "spring:session:sessions:c7f8d8e3-df49-43d1-866a-ca442c99df91" 127.0.0.1:6379>
@dgomezg Step  6:  Deploy  and  test $ curl https://localhost:8080/user/session?attr=username&val=dgomezg $ $ ./redis-cli -p 6379 127.0.0.1:6379> keys * 1) "spring:session:expirations:1430159640000" 2) "spring:session:sessions:c7f8d8e3-df49-43d1-866a-ca442c99df91" 127.0.0.1:6379> 127.0.0.1:6379> hgetall spring:session:sessions:c7f8d8e3-df49-43d1-866a-ca442c99df91 1) "lastAccessedTime" 2) "xacxedx00x05srx00x0ejava.lang.Long;x8bxe4x90xccx8f#xdfx02x00x01Jx00x05valuexr x00x10java.lang.Numberx86xacx95x1dx0bx94xe0x8bx02x00x00xpx00x00x01Lxfcx0cx84?" 3) "maxInactiveInterval" 4) "xacxedx00x05srx00x11java.lang.Integerx12xe2xa0xa4xf7x81x878x02x00x01I x00x05valuexrx00x10java.lang.Numberx86xacx95x1dx0bx94xe0x8bx02x00x00xpx00x00ab" 5) "creationTime" 6) "xacxedx00x05srx00x0ejava.lang.Long;x8bxe4x90xccx8f#xdfx02x00x01Jx00x05valuexr x00x10java.lang.Numberx86xacx95x1dx0bx94xe0x8bx02x00x00xpx00x00x01Lxfcx0ckx01" 7) "sessionAttr:username" 8) "xacxedx00x05tx00adgomezg" 127.0.0.1:6379>
@dgomezg FURTHER  CUSTOMIZATION 29
@dgomezg Further  customization • Out  of  the  box  impl.  implies:   • MaxInactiveInterval  =  30  min     • Session  id  exchanged  through  cookies   (SessionStrategy)   • SessionStore:   RedisOperationsSessionRepository   • RedisSerialization   • All  defined  in  RedisHttpSessionConfiguration
@dgomezg Default  inactive  time • Configurable  as  property  in   RedisHttpSessionConfiguration <context:annotation-config/>
 <bean class=“org.springframework.session.data.redis.config.annotation.web.ht tp.RedisHttpSessionConfiguration" p:maxInactiveIntervalInSeconds="3600"/> spring/session.xml @EnableRedisHttpSession(maxInactiveIntervalInSeconds = 3600) 
 public class Config {
 }
@dgomezg Session  Strategy Configures  the  policy  to  exchange  the  session  Id.   Two  implementations:   •CookieSessionStrategy  (default)   •HeaderHttpSessionStrategy   <context:annotation-config/>
 <bean class=“org.springframework.session.data.redis.config.annotation.web.ht tp.RedisHttpSessionConfiguration" p:maxInactiveIntervalInSeconds="3600"/> spring/session.xml
@dgomezg CookieSessionStrategy Default  strategy  on  RedisHttpSessionConfiguration   Sets  a  Cookie  with  the  session  ID.
@dgomezg CookieSessionStrategy Can  be  customised  to  change  cookie  name <context:annotation-config/> <bean id="httpSessionStrategy"
 class="org.springframework.session.web.http.CookieHttpSessionStrategy"
 p:cookieName="UserSessionID"/>
 
 <bean class=“o.s.s.d.r.c.annotation.web.http.RedisHttpSessionConfiguration" p:httpSessionStrategy-ref=“httpSessionStrategy”/> spring/session.xml
@dgomezg HeaderHttpSessionStrategy Session  id  is  specified  on  request  headers   • x-­‐auth-­‐token  by  default   • header  name  can  be  modified <context:annotation-config/> <bean id="httpSessionStrategy"
 class="org.springframework.session.web.http.HeaderHttpSessionStrategy"
 p:headerName=“x-auth-token“/>
 
 <bean class=“o.s.s.d.r.c.annotation.web.http.RedisHttpSessionConfiguration" p:httpSessionStrategy-ref=“httpSessionStrategy”/> spring/session.xml
@dgomezg Your  own  Strategy Other  strategies  can  be  implemented  &  plugged   Implement  HttpSessionStrategy public interface HttpSessionStrategy {
 
 String getRequestedSessionId(HttpServletRequest request);
 
 void onNewSession(Session session, HttpServletRequest request, HttpServletResponse response);
 
 void onInvalidateSession(HttpServletRequest request, HttpServletResponse response);
 }

@dgomezg USE  CASE  1   CHANGE  PERSISTENCE  STORE 37
@dgomezg Customize  SessionStorage Different  storage  options  could  be  implemented.   1)  Implement  a  SessionRepository public interface SessionRepository<S extends Session> {
 
 S createSession();
 
 void save(S session);
 
 S getSession(String id);
 
 void delete(String id);
 }
@dgomezg Customize  SessionStorage Different  storage  options  could  be  implemented.   2)  Inject  to  SessionRepositoryFilter  constructor public class SessionRepositoryFilter<S extends ExpiringSession> extends OncePerRequestFilter {
 /* … */ 
 public SessionRepositoryFilter(SessionRepository<S> sessionRepository) {
 if(sessionRepository == null) {
 throw new IllegalArgumentException("SessionRepository cannot be null");
 }
 this.sessionRepository = sessionRepository;
 }
 }
@dgomezg USE  CASE  2   MULTIPLE  USER  SESSIONS 40
@dgomezg Multiple  Session  Handling Session  id  is  :   1)  exchanged  with  the  client  via  CookieSessionStrategy   2)  which  is  a  MultipleSessionStrategy
@dgomezg Multiple  Session  handling Session  id  is  :   1)  exchanged  with  the  client  via  CookieSessionStrategy   2)  which  is  a  MultipleSessionStrategy   3)  so,  different  session  IDs  are  kept.
@dgomezg Multiple  Session  handling Session  id  is  :   1)  exchanged  with  the  client  via  CookieSessionStrategy   2)  which  is  a  MultipleSessionStrategy   3)  so,  different  session  IDs  are  kept.   4)  all  we  have  to  do  is  specify/select  the  right  one.
@dgomezg Session  selection Specific  Session  selected  by  parameter  ?_s=#alias   http://localhost:8080/?_s=0  
@dgomezg New  Session   if  index  is  found  in  array,  session  id  is  used   otherwise,  new  session  is  created <a id="addAccount" href=“http://localhost:8080/?_s=17“> Add Account </a>
@dgomezg Compose  new  Session  URL   We  can  create  the  new  Session  through  the   HttpSessionManager <a id=“addAccount" href=“${addAccountUrl}”/> Add Account </a> HttpSessionManager sessionManager = (HttpSessionManager) httpRequest.getAttribute(HttpSessionManager.class.getName()); String addAlias = sessionManager.getNewSessionAlias(httpRequest); httpRequest.setAttribute(“addAccountUrl", sessionManager.encodeURL(contextPath, addAlias));
@dgomezg Using  session  index  in  URLs HttpServletResponseWrapper  automatically   encodes  the  session  id  in  URL. class CookieSessionStrategy.MultiSessionHttpServletResponse extends HttpServletResponseWrapper { @Override
 public String encodeURL(String url) {
 url = super.encodeURL(url);
 
 String alias = getCurrentSessionAlias(request);
 return CookieHttpSessionStrategy.this.encodeURL(url, alias);
 }
 }

@dgomezg USE  CASE  3   RESTORING  STATE  TO  RESTFUL  APIS 48
@dgomezg State  in  RESTful  APIs We  could  add  State  to  REST  endpoints:   •  Persisted  on  external  persistent  service  (redis)   •  Restored  into  the  HttpSession  by  the  filter   •  Used  trasparently  
@dgomezg HeaderHttpSessionStrategy Uses  an  specific  header  in  Response  to  return   session  ID @Bean
 public HttpSessionStrategy httpSessionStrategy() {
 return new HeaderHttpSessionStrategy();
 }
@dgomezg HeaderHttpSessionStrategy Uses  an  specific  header  in  Response  to  return  session   ID   By  default  x-­‐auth-­‐token @Bean
 public HttpSessionStrategy httpSessionStrategy() {
 return new HeaderHttpSessionStrategy();
 }
@dgomezg HeaderHttpSessionStrategy Use  an  HeaderHttpSessionStrategy @Bean
 public HttpSessionStrategy httpSessionStrategy() {
 return new HeaderHttpSessionStrategy();
 }
@dgomezg HeaderHttpSessionStrategy Session  header  name  can  be  customised @Bean
 public HttpSessionStrategy httpSessionStrategy() {
 HeaderHttpSessionStrategy sessionStrategy = new HeaderHttpSessionStrategy();
 sessionStrategy.setHeaderName("x-custom-session-id");
 return sessionStrategy;
 }

@dgomezg CONCLUSIONS 54
@dgomezg Conclusions •HttpSession  not  container  dependant   •Implementation   •Configuration   •Persistent  store  easily  configurable   •Transparent  for  the  developer     •SpringSessionFilter,     •HttpServletRequest/HttpSession  Wrappers
@dgomezg THANKS! 56 Reach  me  on dgomezg@autentia.com @dgomezg Resources Spring  guides Spring  samples  repository

More Related Content

PDF
Node.js Express Tutorial | Node.js Tutorial For Beginners | Node.js + Expres...
byEdureka!
 
PPTX
NGINX: Basics and Best Practices
byNGINX, Inc.
 
PPTX
An Intro into webpack
bySquash Apps Pvt Ltd
 
PPTX
Introduction to Node js
byAkshay Mathur
 
PDF
NodeJS for Beginner
byApaichon Punopas
 
PDF
Mikrofrontend a Module Federation
byThe Software House
 
PDF
Microservice With Spring Boot and Spring Cloud
byEberhard Wolff
 
PPTX
Node js introduction
byJoseph de Castelnau
 
Node.js Express Tutorial | Node.js Tutorial For Beginners | Node.js + Expres...
byEdureka!
 
NGINX: Basics and Best Practices
byNGINX, Inc.
 
An Intro into webpack
bySquash Apps Pvt Ltd
 
Introduction to Node js
byAkshay Mathur
 
NodeJS for Beginner
byApaichon Punopas
 
Mikrofrontend a Module Federation
byThe Software House
 
Microservice With Spring Boot and Spring Cloud
byEberhard Wolff
 
Node js introduction
byJoseph de Castelnau
 

What's hot

PDF
Spring Boot & Containers - Do's & Don'ts
byJulien Wittouck
 
PPTX
Springboot Microservices
byNexThoughts Technologies
 
PDF
Spring MVC Framework
byHùng Nguyễn Huy
 
ODP
Basics of VueJS
bySquash Apps Pvt Ltd
 
PPTX
API
byMasters Academy
 
PDF
REST APIs with Spring
byJoshua Long
 
PPTX
ASP.NET Web API
byhabib_786
 
PPTX
An introduction to Vue.js
byPagepro
 
PDF
Drupal
byIsriya Paireepairit
 
PDF
VueJS Introduction
byDavid Ličen
 
PPTX
NodeJS - Server Side JS
byGanesh Kondal
 
PDF
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
byMikhail Egorov
 
PPTX
Soap, wsdl et uddi
bymiraprincesse
 
PDF
What is Node.js | Node.js Tutorial for Beginners | Node.js Modules | Node.js ...
byEdureka!
 
KEY
Web API Basics
byLearnNowOnline
 
PDF
Use Node.js to create a REST API
byFabien Vauchelles
 
PDF
Writing REST APIs with OpenAPI and Swagger Ada
byStephane Carrez
 
PPT
Top java script frameworks ppt
byOmkarsoft Bangalore
 
PDF
Docker Architecture (v1.3)
byrajdeep
 
ODP
An Introduction to Vuejs
byPaddy Lock
 
Spring Boot & Containers - Do's & Don'ts
byJulien Wittouck
 
Springboot Microservices
byNexThoughts Technologies
 
Spring MVC Framework
byHùng Nguyễn Huy
 
Basics of VueJS
bySquash Apps Pvt Ltd
 
API
byMasters Academy
 
REST APIs with Spring
byJoshua Long
 
ASP.NET Web API
byhabib_786
 
An introduction to Vue.js
byPagepro
 
Drupal
byIsriya Paireepairit
 
VueJS Introduction
byDavid Ličen
 
NodeJS - Server Side JS
byGanesh Kondal
 
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
byMikhail Egorov
 
Soap, wsdl et uddi
bymiraprincesse
 
What is Node.js | Node.js Tutorial for Beginners | Node.js Modules | Node.js ...
byEdureka!
 
Web API Basics
byLearnNowOnline
 
Use Node.js to create a REST API
byFabien Vauchelles
 
Writing REST APIs with OpenAPI and Swagger Ada
byStephane Carrez
 
Top java script frameworks ppt
byOmkarsoft Bangalore
 
Docker Architecture (v1.3)
byrajdeep
 
An Introduction to Vuejs
byPaddy Lock
 

Viewers also liked

PDF
Spring annotation
byRajiv Srivastava
 
PDF
[2B5]nBase-ARC Redis Cluster
byNAVER D2
 
PDF
Introduction to Spring MVC
byRichard Paul
 
PPT
MVC Pattern. Flex implementation of MVC
byAnton Krasnoshchok
 
PDF
Spring 4 on Java 8 by Juergen Hoeller
byZeroTurnaround
 
PPTX
Spring MVC Architecture Tutorial
byJava Success Point
 
PDF
Spring 3 Annotated Development
bykensipe
 
PPTX
Spring 3.x - Spring MVC - Advanced topics
byGuy Nir
 
PDF
Spring mvc my Faviourite Slide
byDaniel Adenew
 
PPTX
Spring @Transactional Explained
bySmita Prasad
 
DOCX
02 java spring-hibernate-experience-questions
byDhiraj Champawat
 
PDF
T3chFest2016 - Uso del API JavaScript de Photoshop para obtener fotos HDTR
byDavid Gómez García
 
PDF
Distributed caching with java JCache
byKasun Gajasinghe
 
PPT
Redis Overview
bykalzas
 
PPTX
SpringFramework Overview
byzerovirus23
 
PPTX
The Journey to Success with Big Data
byCloudera, Inc.
 
PDF
Spring Web Service, Spring JMS, Eclipse & Maven tutorials
byRaghavan Mohan
 
PDF
Redis basicandroadmap
byDaeMyung Kang
 
PDF
What's new in Spring 3?
byCraig Walls
 
PDF
MTL Versus Free
byJohn De Goes
 
Spring annotation
byRajiv Srivastava
 
[2B5]nBase-ARC Redis Cluster
byNAVER D2
 
Introduction to Spring MVC
byRichard Paul
 
MVC Pattern. Flex implementation of MVC
byAnton Krasnoshchok
 
Spring 4 on Java 8 by Juergen Hoeller
byZeroTurnaround
 
Spring MVC Architecture Tutorial
byJava Success Point
 
Spring 3 Annotated Development
bykensipe
 
Spring 3.x - Spring MVC - Advanced topics
byGuy Nir
 
Spring mvc my Faviourite Slide
byDaniel Adenew
 
Spring @Transactional Explained
bySmita Prasad
 
02 java spring-hibernate-experience-questions
byDhiraj Champawat
 
T3chFest2016 - Uso del API JavaScript de Photoshop para obtener fotos HDTR
byDavid Gómez García
 
Distributed caching with java JCache
byKasun Gajasinghe
 
Redis Overview
bykalzas
 
SpringFramework Overview
byzerovirus23
 
The Journey to Success with Big Data
byCloudera, Inc.
 
Spring Web Service, Spring JMS, Eclipse & Maven tutorials
byRaghavan Mohan
 
Redis basicandroadmap
byDaeMyung Kang
 
What's new in Spring 3?
byCraig Walls
 
MTL Versus Free
byJohn De Goes
 

Similar to Managing user's data with Spring Session

PPTX
Spring Boot and REST API
by07.pallav
 
PPTX
Spring Test Framework
byGlobalLogic Ukraine
 
PPTX
SpringBootCompleteBootcamp.pptx
bySUFYAN SATTAR
 
PPT
Session 2 servlet context and session tracking - Giáo trình Bách Khoa Aptech
byMasterCode.vn
 
PPTX
Advance java session 8
bySmita B Kumar
 
PDF
Redis Day TLV 2018 - Spring Session Redis
byRedis Labs
 
PDF
Spring security jwt tutorial toptal
byjbsysatm
 
PDF
Multi Client Development with Spring for SpringOne 2GX 2013 with Roy Clarkson
byJoshua Long
 
PDF
What's New in Spring 3.1
byMatt Raible
 
PDF
Rest with Spring
byEugen Paraschiv
 
PDF
Servlet to Spring: Internal Understanding
byKnoldus Inc.
 
PPTX
Spring_Boot_Microservices-5_Day_Session.pptx
byPrabhakaran Ravichandran
 
PDF
Extending spring
byJoshua Long
 
PPTX
Spring 1 day program
byMohit Kanwar
 
PDF
Lesson_07_Spring_Security_Register_NEW.pdf
byScott Anderson
 
PDF
Extending Spring for Custom Usage
byJoshua Long
 
Spring Boot and REST API
by07.pallav
 
Spring Test Framework
byGlobalLogic Ukraine
 
SpringBootCompleteBootcamp.pptx
bySUFYAN SATTAR
 
Session 2 servlet context and session tracking - Giáo trình Bách Khoa Aptech
byMasterCode.vn
 
Advance java session 8
bySmita B Kumar
 
Redis Day TLV 2018 - Spring Session Redis
byRedis Labs
 
Spring security jwt tutorial toptal
byjbsysatm
 
Multi Client Development with Spring for SpringOne 2GX 2013 with Roy Clarkson
byJoshua Long
 
What's New in Spring 3.1
byMatt Raible
 
Rest with Spring
byEugen Paraschiv
 
Servlet to Spring: Internal Understanding
byKnoldus Inc.
 
Spring_Boot_Microservices-5_Day_Session.pptx
byPrabhakaran Ravichandran
 
Extending spring
byJoshua Long
 
Spring 1 day program
byMohit Kanwar
 
Lesson_07_Spring_Security_Register_NEW.pdf
byScott Anderson
 
Extending Spring for Custom Usage
byJoshua Long
 

More from David Gómez García

PDF
Java 8 Stream API. A different way to process collections.
byDavid Gómez García
 
PDF
Building Modular monliths that could scale to microservices (only if they nee...
byDavid Gómez García
 
PDF
Leverage CompletableFutures to handle async queries. DevNexus 2022
byDavid Gómez García
 
PDF
Measuring Code Quality in WTF/min.
byDavid Gómez García
 
PDF
Parallel streams in java 8
byDavid Gómez García
 
PDF
Construccion de proyectos con gradle
byDavid Gómez García
 
PDF
Wtf per lineofcode
byDavid Gómez García
 
PDF
Gradle como alternativa a maven
byDavid Gómez García
 
PDF
Spring4 whats up doc?
byDavid Gómez García
 
PDF
Cdm mil-18 - hypermedia ap is for headless platforms and data integration
byDavid Gómez García
 
PDF
Leveraging Completable Futures to handle your query results Asynchrhonously
byDavid Gómez García
 
PDF
Java9 Beyond Modularity - Java 9 más allá de la modularidad
byDavid Gómez García
 
PDF
HDTR images with Photoshop Javascript Scripting
byDavid Gómez García
 
PDF
Building modular monoliths that could scale to microservices (only if they ne...
byDavid Gómez García
 
PDF
Builiding Modular monoliths that can scale to microservices. JBCNConf 2021
byDavid Gómez García
 
PDF
Midiendo la calidad de código en WTF/Min (Revisado EUI Abril 2014)
byDavid Gómez García
 
PDF
Geo-SentimentZ
byDavid Gómez García
 
PDF
What's in a community like Liferay's
byDavid Gómez García
 
PDF
A real systemwithjms-rest-protobuf-mongodb
byDavid Gómez García
 
PDF
El poder del creador de Software. Entre la ingeniería y la artesanía
byDavid Gómez García
 
Java 8 Stream API. A different way to process collections.
byDavid Gómez García
 
Building Modular monliths that could scale to microservices (only if they nee...
byDavid Gómez García
 
Leverage CompletableFutures to handle async queries. DevNexus 2022
byDavid Gómez García
 
Measuring Code Quality in WTF/min.
byDavid Gómez García
 
Parallel streams in java 8
byDavid Gómez García
 
Construccion de proyectos con gradle
byDavid Gómez García
 
Wtf per lineofcode
byDavid Gómez García
 
Gradle como alternativa a maven
byDavid Gómez García
 
Spring4 whats up doc?
byDavid Gómez García
 
Cdm mil-18 - hypermedia ap is for headless platforms and data integration
byDavid Gómez García
 
Leveraging Completable Futures to handle your query results Asynchrhonously
byDavid Gómez García
 
Java9 Beyond Modularity - Java 9 más allá de la modularidad
byDavid Gómez García
 
HDTR images with Photoshop Javascript Scripting
byDavid Gómez García
 
Building modular monoliths that could scale to microservices (only if they ne...
byDavid Gómez García
 
Builiding Modular monoliths that can scale to microservices. JBCNConf 2021
byDavid Gómez García
 
Midiendo la calidad de código en WTF/Min (Revisado EUI Abril 2014)
byDavid Gómez García
 
Geo-SentimentZ
byDavid Gómez García
 
What's in a community like Liferay's
byDavid Gómez García
 
A real systemwithjms-rest-protobuf-mongodb
byDavid Gómez García
 
El poder del creador de Software. Entre la ingeniería y la artesanía
byDavid Gómez García
 

Recently uploaded

PDF
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
PDF
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
PDF
Lets Build a Serverless Function with Kiro
byChris Bingham
 
PDF
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
PDF
[DevFest Strasbourg 2025] - NodeJs Can do that !!
bymoassiongbon
 
PDF
Transforming Supply Chains with Amazon Bedrock AgentCore (AWS Swiss User Grou...
byChris Bingham
 
PDF
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
PDF
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
PPTX
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
PDF
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
PDF
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
PDF
[BDD 2025 - Mobile Development] Crafting Immersive UI with E2E and AGSL Shade...
byWintari Yasmin
 
PDF
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
PPTX
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
PDF
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 
PDF
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
PPTX
Connecting the unconnectable: Exploring LoRaWAN for IoT
byasasiraarthur
 
PDF
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
PDF
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
PDF
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
Lets Build a Serverless Function with Kiro
byChris Bingham
 
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
[DevFest Strasbourg 2025] - NodeJs Can do that !!
bymoassiongbon
 
Transforming Supply Chains with Amazon Bedrock AgentCore (AWS Swiss User Grou...
byChris Bingham
 
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
[BDD 2025 - Mobile Development] Crafting Immersive UI with E2E and AGSL Shade...
byWintari Yasmin
 
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
Connecting the unconnectable: Exploring LoRaWAN for IoT
byasasiraarthur
 
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 

Managing user's data with Spring Session

  • 1.
    Managing user’s datawith Spring Session David  Gómez  G.   @dgomezg
  • 2.
    @dgomezg Agenda • Session  Data: State  of  the  art   • Spring-­‐Session:  Motivations  &  Goals   • Out  of  the  box  integration  with  Redis   • Use  Cases   • Change  persistent  store   • Multiple  user  login  handling   • Adding  session  to  RESTful  APIs
  • 3.
    @dgomezg Session  Data:  State of  the  art. • Sometimes  you  need/want  to  keep  data  from   the  user
  • 4.
    @dgomezg Session  Data:  State of  the  art. • HttpSession  as  data  container   • Retrieved  from  the  HttpServletRequest   • Implementation  dependent  on  servlet   container   • Persistency  configurable  on  servlet   container
  • 5.
  • 6.
    @dgomezg Session  Data:  Caveats •Data  should  be  Serializable   • Servlet  Container  specific   • Implementation   • Persistent  storage  configuration.
  • 7.
    @dgomezg Spring  session  motivation •Provide  a  mechanism  to  store  &  configure   session  data  handling
  • 8.
    @dgomezg Spring  Session  Goals •Provide  a  mechanism  to  store  &  configure   session  data  handling   • Platform  independent   • Transparent  to  standard  HttpSession  usage   • Easily  configurable   • Easily  extensible   • New  persistence  mechanisms
  • 9.
  • 10.
    @dgomezg How  it  works Session is  accessed  via  HttpRequest @RequestMapping("/user/session")
 public String addToSession(HttpServletRequest request,
 @RequestParam("attr") String attribute,
 @RequestParam("val") String value) {
 HttpSession session = request.getSession();
 session.setAttribute(attribute, value);
 return "redirect:/";
 } The  Goal:  intercept  the  Session  access  to    replace  the  Session  creation  by  a  richer  implementation
  • 11.
  • 12.
    @dgomezg SessionRepositoryRequestWrapper Overrides  methods  that return  an  HttpSession   •Encapsulates  creation  of  specific  HttpSession   •Handles  HttpSession  persistence  (if  any) private final class SessionRepositoryRequestWrapper extends HttpServletRequestWrapper { @Override
 public HttpSession getSession(boolean create) {/* Impl omitted */}
 
 @Override
 public HttpSession getSession() {/* Impl omitted */}
 }
  • 13.
    @dgomezg HttpSessionWrapper Specific  HttpSession  implementation    •Transparent  interface  for  the  Application   •Independent  from  Servlet  Container   •Spring-­‐Session  and  Spring-­‐Repository  aware private final class HttpSessionWrapper implements HttpSession {
 }
  • 14.
    @dgomezg SessionRepositoryFilter Bootstraps  Spring  Session architecture   Should  be  placed  first  in  the  Filter  Chain   Bean  name  is  mandatory:   • springSessionRepositoryFilter <filter>
 <filter-name>springSessionRepositoryFilter</filter-name>
 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 </filter>
 <filter-mapping>
 <filter-name>springSessionRepositoryFilter</filter-name>
 <url-pattern>/*</url-pattern>
 </filter-mapping>

  • 15.
    @dgomezg SessionRepositoryFilter Bootstraps  Spring  Session architecture   Servlet  3.0:    Use  AbstractHttpSessionApplicationInitializer   public class Initializer
 extends AbstractHttpSessionApplicationInitializer {
 
 public Initializer() {
 super(Config.class);
 }
 }
  • 16.
  • 17.
    @dgomezg USING  SPRING  SESSION IN  YOUR   APPLICATION 17
  • 18.
    @dgomezg Components  needed • SpringSessionFilter (already  implemented)   • A  SessionRepository  implementation   • A  redis  backed  implementation  out-­‐of-­‐the-­‐ box   • A  persistence  service  (optional)   • (i.e)  an  external  redis  service
  • 19.
    @dgomezg Step  1:  Setup dependencies <dependencies> <dependency> <groupId>org.springframework.session</groupId>
 <artifactId>spring-session</artifactId>
 <version>1.0.1.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.session</groupId>
 <artifactId>spring-session-data-redis</artifactId>
 <version>1.0.1.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId>
 <artifactId>spring-web</artifactId>
 <version>4.1.6.RELEASE</version> </dependency> </dependencies>
  • 20.
    @dgomezg Step  2:  Import Redis  Configuration <context:annotation-config/>
 <bean class="org.springframework.session.data.redis.config.annotation.web.ht tp.RedisHttpSessionConfiguration"/> RedisHttpSessionConfiguration  configures:   • SessionRepositoryFilter   • A  SessionRepository  that  persists  to  redis   • needs  a  RedisConnectionFactory spring/session.xml
  • 21.
    @dgomezg Step  2:  Import Redis  Configuration @EnableRedisHttpSession //@Import(RedisHttpSessionConfiguration.class) public class Config {
 } RedisHttpSessionConfiguration  configures:   • SessionRepositoryFilter   • A  SessionRepository  that  persists  to  redis   • needs  a  RedisConnectionFactory
  • 22.
    @dgomezg Step  3:  RedisConnectionFactory <beanid="connectionFactory"
 class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory"
 p:hostName="${redis.host}" p:port="${redis.port}" p:password="${redis.pass}"/>
 
 <context:property-placeholder location="classpath:redis.properties"/> Using  Jedis  client   • Defined  in  spring-­‐data-­‐redis.jar   Configures  the  external  connection  to  Redis  server   spring/redis.xml
  • 23.
    @dgomezg Step  3:  RedisConnectionFactory @Bean
 publicJedisConnectionFactory connectionFactory( @Value("${spring.redis.host") String host,
 @Value(“${spring.redis.port}”) int port,
 @Value("${spring.redis.pass}") String pass) {
 JedisConnectionFactory connection = new JedisConnectionFactory();
 connection.setHostName(host);
 connection.setPort(port);
 connection.setPassword(pass);
 return connection;
 } Using  Jedis  client   • Defined  in  spring-­‐data-­‐redis.jar   Configures  the  external  connection  to  Redis  server  
  • 24.
    @dgomezg Step  3b:  RedisConnectionFactory @EnableEmbeddedRedis// @Import(EmbeddedRedisConfiguration.class)
 @EnableRedisHttpSession 
 public class Config {
 
 
 @Bean
 public JedisConnectionFactory connectionFactory( @RedisServerPort int port) {
 JedisConnectionFactory connection = new JedisConnectionFactory(); 
 connection.setPort(port);
 return connection;
 }
 } An  embedded  Redis  Configuration  is  available  in   spring-­‐session-­‐samples  project
  • 25.
    @dgomezg Step  4:  Session usage @Controller
 public class SessionDataController {
 
 @RequestMapping("/user/session")
 public String addToSession(HttpServletRequest request,
 @RequestParam("attr") String attribute,
 @RequestParam("val") String value) {
 HttpSession session = request.getSession();
 session.setAttribute(attribute, value);
 return "redirect:/";
 }
 }
 Use  your  HttpSession  as  usual     (through  HttpServletRequest)
  • 26.
    @dgomezg Step  5:  Bootstrap SpringSession public class Initializer
 extends AbstractHttpSessionApplicationInitializer {
 
 public Initializer() {
 super(Config.class);
 }
 } Define  a  DelegatingFilterProxy  with  specific  name   springSessionRepositoryFilter
  • 27.
    @dgomezg Step  6:  Deploy and  test $ curl https://localhost:8080/user/session?attr=username&val=dgomezg $ $ ./redis-cli -p 6379 127.0.0.1:6379> keys * 1) "spring:session:expirations:1430159640000" 2) "spring:session:sessions:c7f8d8e3-df49-43d1-866a-ca442c99df91" 127.0.0.1:6379>
  • 28.
    @dgomezg Step  6:  Deploy and  test $ curl https://localhost:8080/user/session?attr=username&val=dgomezg $ $ ./redis-cli -p 6379 127.0.0.1:6379> keys * 1) "spring:session:expirations:1430159640000" 2) "spring:session:sessions:c7f8d8e3-df49-43d1-866a-ca442c99df91" 127.0.0.1:6379> 127.0.0.1:6379> hgetall spring:session:sessions:c7f8d8e3-df49-43d1-866a-ca442c99df91 1) "lastAccessedTime" 2) "xacxedx00x05srx00x0ejava.lang.Long;x8bxe4x90xccx8f#xdfx02x00x01Jx00x05valuexr x00x10java.lang.Numberx86xacx95x1dx0bx94xe0x8bx02x00x00xpx00x00x01Lxfcx0cx84?" 3) "maxInactiveInterval" 4) "xacxedx00x05srx00x11java.lang.Integerx12xe2xa0xa4xf7x81x878x02x00x01I x00x05valuexrx00x10java.lang.Numberx86xacx95x1dx0bx94xe0x8bx02x00x00xpx00x00ab" 5) "creationTime" 6) "xacxedx00x05srx00x0ejava.lang.Long;x8bxe4x90xccx8f#xdfx02x00x01Jx00x05valuexr x00x10java.lang.Numberx86xacx95x1dx0bx94xe0x8bx02x00x00xpx00x00x01Lxfcx0ckx01" 7) "sessionAttr:username" 8) "xacxedx00x05tx00adgomezg" 127.0.0.1:6379>
  • 29.
  • 30.
    @dgomezg Further  customization • Out of  the  box  impl.  implies:   • MaxInactiveInterval  =  30  min     • Session  id  exchanged  through  cookies   (SessionStrategy)   • SessionStore:   RedisOperationsSessionRepository   • RedisSerialization   • All  defined  in  RedisHttpSessionConfiguration
  • 31.
    @dgomezg Default  inactive  time •Configurable  as  property  in   RedisHttpSessionConfiguration <context:annotation-config/>
 <bean class=“org.springframework.session.data.redis.config.annotation.web.ht tp.RedisHttpSessionConfiguration" p:maxInactiveIntervalInSeconds="3600"/> spring/session.xml @EnableRedisHttpSession(maxInactiveIntervalInSeconds = 3600) 
 public class Config {
 }
  • 32.
    @dgomezg Session  Strategy Configures  the policy  to  exchange  the  session  Id.   Two  implementations:   •CookieSessionStrategy  (default)   •HeaderHttpSessionStrategy   <context:annotation-config/>
 <bean class=“org.springframework.session.data.redis.config.annotation.web.ht tp.RedisHttpSessionConfiguration" p:maxInactiveIntervalInSeconds="3600"/> spring/session.xml
  • 33.
    @dgomezg CookieSessionStrategy Default  strategy  on RedisHttpSessionConfiguration   Sets  a  Cookie  with  the  session  ID.
  • 34.
    @dgomezg CookieSessionStrategy Can  be  customised to  change  cookie  name <context:annotation-config/> <bean id="httpSessionStrategy"
 class="org.springframework.session.web.http.CookieHttpSessionStrategy"
 p:cookieName="UserSessionID"/>
 
 <bean class=“o.s.s.d.r.c.annotation.web.http.RedisHttpSessionConfiguration" p:httpSessionStrategy-ref=“httpSessionStrategy”/> spring/session.xml
  • 35.
    @dgomezg HeaderHttpSessionStrategy Session  id  is specified  on  request  headers   • x-­‐auth-­‐token  by  default   • header  name  can  be  modified <context:annotation-config/> <bean id="httpSessionStrategy"
 class="org.springframework.session.web.http.HeaderHttpSessionStrategy"
 p:headerName=“x-auth-token“/>
 
 <bean class=“o.s.s.d.r.c.annotation.web.http.RedisHttpSessionConfiguration" p:httpSessionStrategy-ref=“httpSessionStrategy”/> spring/session.xml
  • 36.
    @dgomezg Your  own  Strategy Other strategies  can  be  implemented  &  plugged   Implement  HttpSessionStrategy public interface HttpSessionStrategy {
 
 String getRequestedSessionId(HttpServletRequest request);
 
 void onNewSession(Session session, HttpServletRequest request, HttpServletResponse response);
 
 void onInvalidateSession(HttpServletRequest request, HttpServletResponse response);
 }

  • 37.
    @dgomezg USE  CASE  1  CHANGE  PERSISTENCE  STORE 37
  • 38.
    @dgomezg Customize  SessionStorage Different  storage options  could  be  implemented.   1)  Implement  a  SessionRepository public interface SessionRepository<S extends Session> {
 
 S createSession();
 
 void save(S session);
 
 S getSession(String id);
 
 void delete(String id);
 }
  • 39.
    @dgomezg Customize  SessionStorage Different  storage options  could  be  implemented.   2)  Inject  to  SessionRepositoryFilter  constructor public class SessionRepositoryFilter<S extends ExpiringSession> extends OncePerRequestFilter {
 /* … */ 
 public SessionRepositoryFilter(SessionRepository<S> sessionRepository) {
 if(sessionRepository == null) {
 throw new IllegalArgumentException("SessionRepository cannot be null");
 }
 this.sessionRepository = sessionRepository;
 }
 }
  • 40.
    @dgomezg USE  CASE  2  MULTIPLE  USER  SESSIONS 40
  • 41.
    @dgomezg Multiple  Session  Handling Session id  is  :   1)  exchanged  with  the  client  via  CookieSessionStrategy   2)  which  is  a  MultipleSessionStrategy
  • 42.
    @dgomezg Multiple  Session  handling Session id  is  :   1)  exchanged  with  the  client  via  CookieSessionStrategy   2)  which  is  a  MultipleSessionStrategy   3)  so,  different  session  IDs  are  kept.
  • 43.
    @dgomezg Multiple  Session  handling Session id  is  :   1)  exchanged  with  the  client  via  CookieSessionStrategy   2)  which  is  a  MultipleSessionStrategy   3)  so,  different  session  IDs  are  kept.   4)  all  we  have  to  do  is  specify/select  the  right  one.
  • 44.
    @dgomezg Session  selection Specific  Session selected  by  parameter  ?_s=#alias   http://localhost:8080/?_s=0  
  • 45.
    @dgomezg New  Session   if index  is  found  in  array,  session  id  is  used   otherwise,  new  session  is  created <a id="addAccount" href=“http://localhost:8080/?_s=17“> Add Account </a>
  • 46.
    @dgomezg Compose  new  Session URL   We  can  create  the  new  Session  through  the   HttpSessionManager <a id=“addAccount" href=“${addAccountUrl}”/> Add Account </a> HttpSessionManager sessionManager = (HttpSessionManager) httpRequest.getAttribute(HttpSessionManager.class.getName()); String addAlias = sessionManager.getNewSessionAlias(httpRequest); httpRequest.setAttribute(“addAccountUrl", sessionManager.encodeURL(contextPath, addAlias));
  • 47.
    @dgomezg Using  session  index in  URLs HttpServletResponseWrapper  automatically   encodes  the  session  id  in  URL. class CookieSessionStrategy.MultiSessionHttpServletResponse extends HttpServletResponseWrapper { @Override
 public String encodeURL(String url) {
 url = super.encodeURL(url);
 
 String alias = getCurrentSessionAlias(request);
 return CookieHttpSessionStrategy.this.encodeURL(url, alias);
 }
 }

  • 48.
    @dgomezg USE  CASE  3  RESTORING  STATE  TO  RESTFUL  APIS 48
  • 49.
    @dgomezg State  in  RESTful APIs We  could  add  State  to  REST  endpoints:   •  Persisted  on  external  persistent  service  (redis)   •  Restored  into  the  HttpSession  by  the  filter   •  Used  trasparently  
  • 50.
    @dgomezg HeaderHttpSessionStrategy Uses  an  specific header  in  Response  to  return   session  ID @Bean
 public HttpSessionStrategy httpSessionStrategy() {
 return new HeaderHttpSessionStrategy();
 }
  • 51.
    @dgomezg HeaderHttpSessionStrategy Uses  an  specific header  in  Response  to  return  session   ID   By  default  x-­‐auth-­‐token @Bean
 public HttpSessionStrategy httpSessionStrategy() {
 return new HeaderHttpSessionStrategy();
 }
  • 52.
    @dgomezg HeaderHttpSessionStrategy Use  an  HeaderHttpSessionStrategy @Bean
 publicHttpSessionStrategy httpSessionStrategy() {
 return new HeaderHttpSessionStrategy();
 }
  • 53.
    @dgomezg HeaderHttpSessionStrategy Session  header  name can  be  customised @Bean
 public HttpSessionStrategy httpSessionStrategy() {
 HeaderHttpSessionStrategy sessionStrategy = new HeaderHttpSessionStrategy();
 sessionStrategy.setHeaderName("x-custom-session-id");
 return sessionStrategy;
 }

  • 54.
  • 55.
    @dgomezg Conclusions •HttpSession  not  container dependant   •Implementation   •Configuration   •Persistent  store  easily  configurable   •Transparent  for  the  developer     •SpringSessionFilter,     •HttpServletRequest/HttpSession  Wrappers
  • 56.