Spring Session - Spring Boot

标签： +

The completed guide can be found in theboot sample application.

Updating Dependencies

Before you use Spring Session, you must ensure to update your dependencies. We assume you are working with a working Spring Boot web application. If you are using Maven, ensure to add the following dependencies:

pom.xml

<dependencies>
        <!-- ... -->

        <dependency>
                <groupId>org.springframework.session</groupId>
                <artifactId>spring-session</artifactId>
                <version>1.0.2.RELEASE</version>
        </dependency>
        <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-redis</artifactId>
        </dependency>
</dependencies>

Spring Configuration

After adding the required dependencies, we can create our Spring configuration. The Spring configuration is responsible for creating a Servlet Filter that replaces theHttpSessionimplementation with an implementation backed by Spring Session. Add the following Spring Configuration:

@EnableRedisHttpSession 
public class HttpSessionConfig { }

The@EnableRedisHttpSessionannotation creates a Spring Bean with the name ofspringSessionRepositoryFilterthat implements Filter. The filter is what is in charge of replacing theHttpSessionimplementation to be backed by Spring Session. In this instance Spring Session is backed by Redis.

Configuring the Redis Connection

Spring Boot automatically creates aRedisConnectionFactorythat connects Spring Session to a Redis Server on localhost on port 6379 (default port). In a production environment you need to ensure to update your configuration to point to your Redis server. For example, you can include the following in yourapplication.properties

src/main/resources/application.properties

spring.redis.host=localhost
spring.redis.password=secret
spring.redis.port=6379

For more information, refer toConnecting to Redisportion of the Spring Boot documentation.

Servlet Container Initialization

OurSpring Configurationcreated a Spring Bean namedspringSessionRepositoryFilterthat implementsFilter. ThespringSessionRepositoryFilterbean is responsible for replacing theHttpSessionwith a custom implementation that is backed by Spring Session.

In order for ourFilterto do its magic, Spring needs to load ourConfigclass. Last we need to ensure that our Servlet Container (i.e. Tomcat) uses ourspringSessionRepositoryFilterfor every request. Fortunately, Spring Boot takes care of both of these steps for us.

boot Sample Application

The boot Sample Application demonstrates how to use Spring Session to transparently leverage Redis to back a web application’sHttpSessionwhen using Spring Boot.

Running the boot Sample Application

You can run the sample by obtaining thesource codeand invoking the following command:

For the sample to work, you mustinstall Redis 2.8+on localhost and run it with the default port (6379). Alternatively, you can update theJedisConnectionFactoryto point to a Redis server.

$ ./gradlew :samples:boot:bootRun

You should now be able to access the application athttp://localhost:8080/

Exploring the security Sample Application

Try using the application. Enter the following to log in:

Usernameuser
Passwordpassword

Now click theLoginbutton. You should now see a message indicating your are logged in with the user entered previously. The user’s information is stored in Redis rather than Tomcat’sHttpSessionimplementation.

How does it work?

Instead of using Tomcat’sHttpSession, we are actually persisting the values in Redis. Spring Session replaces theHttpSessionwith an implementation that is backed by Redis. When Spring Security’sSecurityContextPersistenceFiltersaves theSecurityContextto theHttpSessionit is then persisted into Redis.

When a newHttpSessionis created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session. Go ahead and view the cookies (click for help withChromeorFirefox).

If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:

$ redis-cli keys '*' | xargs redis-cli del

The Redis documentation has instructions forinstalling redis-cli.

Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace7e8383a4-082c-4ffe-a4bc-c40fd3363c5ewith the value of your SESSION cookie:

$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e

Now visit the application athttp://localhost:8080/and observe that we are no longer authenticated.

转载于:https://www.cnblogs.com/duyinqiang/p/5696486.html