Bootiful Sessions

Transcript

1. S P R I N G S E S S

   I O N Josh Long (⻰龙之春) @starbuxman [email protected] github.com/joshlong G E T T I N G S TA R T E D W I T H huge thanks to Rob Winch! @rob_winch

2. Spring Developer Advocate Josh Long (⻰龙之春) @starbuxman [email protected] | Jean

   Claude van Damme! Java mascot Duke some thing’s I’ve authored...

3. @starbuxman

4. @starbuxman is a stinky! • people jam all sorts of

   nasty state in there (I’m looking at you Java Server Faces!) the Servlet HttpSession..

5. @starbuxman the Servlet HttpSession..

6. @starbuxman is hard to scale: Tomcat the Servlet HttpSession.. http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html

   <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster" channelSendOptions="8"> <Manager className= 
 "org.apache.catalina.ha.session.DeltaManager" expireSessionsOnShutdown="false" notifyListenersOnReplication="true"/> <Channel className= 
 "org.apache.catalina.tribes.group.GroupChannel"> <Membership className= "org.apache.catalina.tribes.membership.McastService" … <Receiver className= "org.apache.catalina.tribes.transport.nio.NioReceiver" … <Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> <Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/> /Sender> ame="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/> .catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>

7. @starbuxman is hard to scale: Jetty the Servlet HttpSession.. http://www.eclipse.org/jetty/documentation/9.2.3.v20140905/session-clustering-jdbc.html

   <Set name="sessionIdManager"> <New id="jdbcidmgr" class="org.eclipse.jetty.server.session.JDBCSessionIdManager"> <Arg> <Ref id="Server"/> </Arg> <Set name="workerName">fred</Set> <Set name="DatasourceName">javax.sql.DataSource/default</Set> <Set name="scavengeInterval">60</Set> </New> </Set> <Call name="setAttribute"> <Arg>jdbcIdMgr</Arg> <Arg> <Ref id="jdbcidmgr"/> </Arg> </Call>

8. @starbuxman nope. • multicast is a huge no-no in most

   cloud environments • even if it were permitted, most clustering facilities don’t have multi-zone high availability support just works in the cloud tho, right? https://devcenter.heroku.com/articles/intro-for-java-developers

9. @starbuxman some exceptions.. just works in the cloud tho, right?

   http://blog.pivotal.io/cloud-foundry-pivotal/products/session-replication-on-cloud-foundry-2 • Cloud Foundry supports sticky sessions. • as of late 2014, it also supports session replication for Tomcat and .wars (specifically)

10. @starbuxman a Servlet HttpSession wrapper Spring Session package sample; import

    org.springframework.session.web.context
 .AbstractHttpSessionApplicationInitializer; /** * web.xml equivalent */ public class Initializer extends AbstractHttpSessionApplicationInitializer { }

11. @starbuxman a Servlet HttpSession wrapper Spring Session package sample; import

    javax.servlet.*; import javax.servlet.annotation.*; import javax.servlet.http.*; import java.io.IOException; @WebServlet("/session") public class SessionServlet extends HttpServlet { @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String attributeName = req.getParameter("attributeName"); String attributeValue = req.getParameter("attributeValue"); req.getSession().setAttribute(attributeName, attributeValue); // just works! resp.sendRedirect(req.getContextPath() + "/"); } private static final long serialVersionUID = 2878267318695777395L; }

12. @starbuxman multi-platform Spring Session • works for your web container

    (Tomcat) or classic application server (JBoss, WebSphere, etc) • works in the cloud • doesn’t require Spring
 (I know right?? WHY?)

13. @starbuxman polyglot persistence Spring Session • pluggable implementations: • defaults

    for Redis, Map<K,V> • about the Map<K,V>.. • implies Hazelcast, Coherence,
 Gemfire support

14. @starbuxman Demonstration basic setup

15. @starbuxman HttpSessionStrategy strategies Spring Session • headers (x-auth-token) • cookies

    (you can ditch JSESSIONID!)

16. @starbuxman Demonstration session strategies

17. @starbuxman works with WebSockets! Spring Session • the standard is

    utterly broken here. No, seriously. #WTF • no easy way to perpetuate HTTP session from WS handler. As soon as HTTP session dies, so does WS communication. https://java.net/jira/browse/WEBSOCKET_SPEC-175 
 https://issues.apache.org/bugzilla/show_bug.cgi?id=54738

18. @starbuxman Demonstration websockets

19. @starbuxman User Switching (e.g.: Google accounts) Spring Session HttpServletRequest httpRequest

    = (HttpServletRequest) request; HttpSessionManager sessionManager = (HttpSessionManager) httpRequest.getAttribute(HttpSessionManager.class.getName()); SessionRepository<Session> repo = (SessionRepository<Session>) httpRequest.getAttribute(SessionRepository.class.getName()); String currentSessionAlias = sessionManager.getCurrentSessionAlias(httpRequest); Map<String, String> sessionIds = sessionManager.getSessionIds(httpRequest);

20. @starbuxman Demonstration user switching

21. @starbuxman • @Scope(“flash”) 
 UserConfirmation confirmation(){ .. } • @Scope(“session”)

    
 ShoppingCart cart (){ … } • two logically different applications can now talk to each other! (e.g.: poor- man’s single-sign on!) Other Use Cases

22. @starbuxman • session concurrency control (“sign me out of other

    accounts”) • Spring Batch & Integration claim-check • support for managing accounts easier • smarter injectable beans, @MVC arg resolvers, etc. • optimized persistence (alternatives to Java serialization) What’s in the Works

23. Josh Long (⻰龙之春) @starbuxman @springcentral [email protected] github.com/joshlong References spring.io/guides docs.spring.io/spring-session

    github.com/joshlong/bootiful-sessions Questions? huge thanks to Rob Winch! @rob_winch