Skip to content

Spring 中文文档社区
Spring 中文文档社区

开发云 / Spring 中文文档社区

通知 438
Star 128
Fork 144
Spring 中文文档社区
Spring 中文文档社区

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 a3ae08b0 编写于 作者: D dallascao
浏览文件
操作

MT translated data-flow/session

上级 ff17607b
展开全部 隐藏空白更改
内联 并排
Showing with 17567 addition and 0 deletion
docs/spring-cloud-data-flow/spring-cloud-dataflow.md 0 → 100644
浏览文件 @ a3ae08b0
此差异已折叠。
docs/spring-session/api.md 0 → 100644
浏览文件 @ a3ae08b0
此差异已折叠。
docs/spring-session/boot-findbyusername.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring 会话-按用户名查找
本指南描述了如何使用 Spring 会话通过用户名查找会话。
| |你可以在[FindByUserName 应用程序](#findbyusername-sample)中找到完整的指南。|
|---|---------------------------------------------------------------------------------------------|
[Index](../index.html)
## [](#findbyusername-assumptions)假设
该指南假定你已经通过使用内置的 Redis 配置支持向应用程序添加了 Spring 会话。该指南还假定你已经对应用程序应用了 Spring 安全性。然而,我们的指南是有点通用的目的,可以应用于任何技术,只需最小的变化,这一点我们将在后面的指南中进行讨论。
| |如果需要学习如何将 Spring 会话添加到项目中,请参见[样本和指南](../#samples)列表|
|---|--------------------------------------------------------------------------------------------------------------------|
## [](#_about_the_sample)关于样本
我们的样例使用此功能使可能受到危害的用户会话无效。考虑以下场景:
* 用户到库并对应用程序进行身份验证。
* 用户回家后发现自己忘了注销。
* 用户可以使用位置、创建时间、最后访问时间等线索从库中登录并结束会话。
如果我们可以让用户在库中的会话从他们用来进行身份验证的任何设备上失效,这不是很好吗?这个示例演示了这是如何实现的。
## [](#findbyindexnamesessionrepository)使用`FindByIndexNameSessionRepository`
要通过用户名查找用户,你必须首先选择一个实现[`FindByIndexNameSessionRepository`]的`SessionRepository`。我们的示例应用程序假定已经设置了 Redis 支持,因此我们已经准备好了。
## [](#_mapping_the_user_name)映射用户名
`FindByIndexNameSessionRepository`如果开发人员指示 Spring 会话什么用户与`Session`相关联,则只能通过用户名找到会话。你可以通过确保将名称`FindByUsernameSessionRepository.PRINCIPAL_NAME_INDEX_NAME`的会话属性填充为用户名来做到这一点。
一般来说,你可以在用户进行身份验证后立即使用以下代码来完成此操作:
```
String username = "username";
this.session.setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, username);
```
## [](#_mapping_the_user_name_with_spring_security)映射具有 Spring 安全性的用户名
由于我们使用 Spring 安全性,用户名将自动为我们建立索引。这意味着我们不需要执行任何步骤来确保对用户名进行索引。
## [](#_adding_additional_data_to_the_session)向会话添加附加数据
将附加信息(如 IP 地址、浏览器、位置和其他详细信息)与会话关联起来可能会很好。这样做可以使用户更容易地知道他们正在查看的会话。
要做到这一点,请确定你想要使用的会话属性以及你想要提供的信息。然后创建一个作为会话属性添加的 Java Bean。例如,我们的示例应用程序包括会话的位置和访问类型,如下面的清单所示:
```
public class SessionDetails implements Serializable {
private String location;
private String accessType;
public String getLocation() {
return this.location;
}
public void setLocation(String location) {
this.location = location;
}
public String getAccessType() {
return this.accessType;
}
public void setAccessType(String accessType) {
this.accessType = accessType;
}
private static final long serialVersionUID = 8850489178248613501L;
}
```
然后,我们使用`SessionDetailsFilter`将该信息注入到每个 HTTP 请求的会话中,如下例所示:
```
@Override
public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
chain.doFilter(request, response);
HttpSession session = request.getSession(false);
if (session != null) {
String remoteAddr = getRemoteAddress(request);
String geoLocation = getGeoLocation(remoteAddr);
SessionDetails details = new SessionDetails();
details.setAccessType(request.getHeader("User-Agent"));
details.setLocation(remoteAddr + " " + geoLocation);
session.setAttribute("SESSION_DETAILS", details);
}
}
```
我们获得我们想要的信息,然后将`SessionDetails`设置为`Session`中的一个属性。当我们通过用户名检索`Session`时,我们可以使用会话来访问我们的`SessionDetails`,就像我们将访问任何其他会话属性一样。
| |你可能想知道为什么 Spring 会话没有提供`SessionDetails`开箱即用的功能。<br/>我们有两个原因。<br/>第一个原因是应用程序自己实现这一点是非常琐碎的。<br/>第二个原因是信息会话中填充的内容(以及信息更新的频率)高度依赖于应用程序。|
|---|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
## [](#_finding_sessions_for_a_specific_user)查找特定用户的会话
现在,我们可以为特定用户找到所有会话。下面的示例展示了如何做到这一点:
```
@Autowired
FindByIndexNameSessionRepository<? extends Session> sessions;
@RequestMapping("/")
public String index(Principal principal, Model model) {
Collection<? extends Session> usersSessions = this.sessions.findByPrincipalName(principal.getName()).values();
model.addAttribute("sessions", usersSessions);
return "index";
}
```
在我们的例子中,我们找到了当前登录用户的所有会话。但是,你可以对此进行修改,以便管理员使用表单来指定要查找的用户。
## [](#findbyusername-sample)`findbyusername`示例应用程序
本节介绍如何使用`findbyusername`示例应用程序。
### [](#_running_the_findbyusername_sample_application)运行`findbyusername`示例应用程序
你可以通过获取[源代码](https://github.com/spring-projects/spring-session/archive/main.zip)并调用以下命令来运行示例:
```
$ ./gradlew :spring-session-sample-boot-findbyusername:bootRun
```
| |要使示例工作,你必须在 localhost 上[安装 Redis2.8+](https://redis.io/download)并使用默认端口(6379)运行它。<br/>或者,你可以更新`RedisConnectionFactory`以指向 Redis 服务器。<br/>另一个选项是使用[Docker](https://www.docker.com/)在 localhost 上运行 Redis。<br/>有关详细说明,请参见[Docker Redis 存储库](https://hub.docker.com/_/redis/)。|
|---|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
现在你应该可以在[http://localhost:8080/](http://localhost:8080/)上访问应用程序了。
### [](#_exploring_the_security_sample_application)探索安全示例应用程序
你现在可以尝试使用该应用程序了。输入以下内容即可登录:
* **用户 Name ** *User *
* **密码** *密码*
现在点击**登录**按钮。你现在应该会看到一条消息,表明你是用先前输入的用户登录的。你还应该看到当前登录用户的活动会话列表。
你可以通过执行以下操作来模拟我们在[关于样本](#_about_the_sample)部分中讨论的流程:
* 打开一个新的隐身窗口并导航到[http://localhost:8080/](http://localhost:8080/)
* 输入以下内容即可登录:
* **用户 Name ** *User *
* **密码** *密码*
* 结束你的原始会话。
* 刷新原始窗口并查看你已注销。
\ No newline at end of file
docs/spring-session/boot-jdbc.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring 会话- Spring 启动
本指南描述了在使用 Spring 引导时如何使用 Spring 会话来透明地利用关系数据库来支持 Web 应用程序的`HttpSession`
| |你可以在[httpsession-jdbc-boot 示例应用程序](#httpsession-jdbc-boot-sample)中找到完整的指南。|
|---|------------------------------------------------------------------------------------------------------------------|
[Index](../index.html)
## [](#_updating_dependencies)更新依赖项
在使用 Spring 会话之前,你必须更新你的依赖关系。我们假设你正在使用一个有效的启动 Web 应用程序。如果使用 Maven,则必须添加以下依赖项:
POM.xml
```
<dependencies>
<!-- ... -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-jdbc</artifactId>
</dependency>
</dependencies>
```
Spring 启动为 Spring 会话模块提供了依赖管理,因此不需要显式地声明依赖版本。
## [](#httpsession-jdbc-boot-spring-configuration) Spring 引导配置
在添加了所需的依赖项之后,我们就可以创建我们的 Spring 启动配置了。多亏了一流的自动配置支持,在关系数据库支持下设置 Spring 会话就像在`application.properties`中添加一个配置属性一样简单。下面的清单展示了如何做到这一点:
SRC/主/资源/应用程序.properties
```
spring.session.store-type=jdbc # Session store type.
```
如果在 Classpath 上存在单个 Spring 会话模块,则 Spring 引导将自动使用该存储实现。如果有多个实现,则必须选择要用来存储会话的 StoreType,如上面所示。
在这种情况下, Spring boot 应用的配置相当于手动添加`@EnableJdbcHttpSession`注释。这将创建一个名为`springSessionRepositoryFilter`的 Spring Bean。 Bean 实现`Filter`。过滤器负责替换要由 Spring 会话支持的`HttpSession`实现。
你可以使用`application.properties`来进一步自定义。下面的清单展示了如何做到这一点:
SRC/主/资源/应用程序.properties
```
server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds are used.
spring.session.jdbc.initialize-schema=embedded # Database schema initialization mode.
spring.session.jdbc.schema=classpath:org/springframework/session/jdbc/[email protected]@[email protected]@.sql # Path to the SQL file to use to initialize the database schema.
spring.session.jdbc.table-name=SPRING_SESSION # Name of the database table used to store sessions.
```
有关更多信息,请参见 Spring 引导文档的[Spring Session](https://docs.spring.io/spring-boot/docs/2.5.6/reference/htmlsingle/#boot-features-session)部分。
## [](#httpsession-jdbc-boot-configuration)配置`DataSource`
Spring 引导会自动创建一个`DataSource`,它将 Spring 会话连接到 H2 数据库的嵌入式实例。在生产环境中,你需要更新配置以指向关系数据库。例如,你可以在应用程序中包含以下内容:
SRC/主/资源/应用程序.properties
```
spring.datasource.url= # JDBC URL of the database.
spring.datasource.username= # Login username of the database.
spring.datasource.password= # Login password of the database.
```
有关更多信息,请参见 Spring 引导文档的[配置数据源](https://docs.spring.io/spring-boot/docs/2.5.6/reference/htmlsingle/#boot-features-configure-datasource)部分。
## [](#httpsession-jdbc-boot-servlet-configuration) Servlet 容器初始化
我们的[Spring Boot Configuration](#httpsession-jdbc-boot-spring-configuration)创建了一个名为`springSessionRepositoryFilter`的 Spring Bean,它实现了`Filter``springSessionRepositoryFilter` Bean 负责用 Spring 会话支持的自定义实现替换`HttpSession`
为了让我们的`Filter`发挥其魔力, Spring 需要加载我们的`Config`类。最后,我们需要确保我们的 Servlet 容器(即 Tomcat)为每个请求使用我们的`springSessionRepositoryFilter`。幸运的是,Boot 为我们解决了这两个步骤。
## [](#httpsession-jdbc-boot-sample)`httpsession-jdbc-boot`示例应用程序
HttpSession-JDBC-Boot 示例应用程序演示了如何在使用 Spring 引导时使用 Spring 会话透明地利用 H2 数据库来支持 Web 应用程序的`HttpSession`
### [](#httpsession-jdbc-boot-running)运行`httpsession-jdbc-boot`示例应用程序
你可以通过获取[源代码](https://github.com/spring-projects/spring-session/archive/main.zip)并调用以下命令来运行示例:
```
$ ./gradlew :spring-session-sample-boot-jdbc:bootRun
```
现在你应该可以在[http://localhost:8080/](http://localhost:8080/)上访问应用程序了。
### [](#httpsession-jdbc-boot-explore)探索安全示例应用程序
你现在可以尝试使用该应用程序了。要这样做,请输入以下内容以进行登录:
* **用户 Name** *User*
* **密码** *密码*
现在点击**登录**按钮。你现在应该会看到一条消息,该消息指示你是用先前输入的用户登录的。用户的信息存储在 H2 数据库中,而不是 Tomcat 的`HttpSession`实现。
### [](#httpsession-jdbc-boot-how)它是如何工作的?
我们不使用 Tomcat 的`HttpSession`,而是将这些值保存在 H2 数据库中。 Spring 会话使用由关系数据库支持的实现来替换`HttpSession`。当 Spring Security 的`SecurityContextPersistenceFilter``SecurityContext`保存到`HttpSession`时,它将被持久化到 H2 数据库中。
当创建一个新的`HttpSession`时, Spring 会话将在浏览器中创建一个名为`SESSION`的 cookie。该 cookie 包含你的会话的 ID。你可以查看 cookies(使用[Chrome](https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies)[Firefox](https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector))。
你可以通过使用 H2Web 控制台来删除会话:[http://localhost:8080/h2-console/](http://localhost:8080/h2-console/)(对于 JDBC URL 使用`jdbc:h2:mem:testdb`)。
现在,你可以访问[http://localhost:8080/](http://localhost:8080/)上的应用程序,并看到我们不再经过身份验证。
\ No newline at end of file
docs/spring-session/boot-mongo.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring 会话-MongoDB 存储库
本指南描述了如何使用由 MongoDB 支持的 Spring 会话。
| |完整的指南可在[Mongo 示例应用程序](#mongo-sample)中找到。|
|---|----------------------------------------------------------------------------------|
[Index](../index.html)
## [](#_updating_dependencies)更新依赖项
在使用 Spring 会话 MongoDB 之前,必须确保更新依赖项。我们假设你正在使用一个有效的启动 Web 应用程序。如果你正在使用 Maven,请确保添加以下依赖项:
POM.xml
```
<dependencies>
<!-- ... -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-mongodb</artifactId>
</dependency>
</dependencies>
```
由于我们使用的是快照版本,因此我们需要确保添加 Spring 快照 Maven 存储库。确保在 POM.xml 中包含以下内容:
POM.xml
```
<repositories>
<!-- ... -->
<repository>
<id>spring-snapshot</id>
<url>https://repo.spring.io/libs-snapshot</url>
</repository>
</repositories>
```
## [](#mongo-spring-configuration) Spring 配置
在添加了所需的依赖关系之后,我们就可以创建我们的 Spring 配置了。 Spring 配置负责创建一个 Servlet 过滤器,该过滤器将`HttpSession`实现替换为由 Spring 会话支持的实现。
你所要做的就是添加以下 Spring 配置:
```
@EnableMongoHttpSession (1)
public class HttpSessionConfig {
@Bean
public JdkMongoSessionConverter jdkMongoSessionConverter() {
return new JdkMongoSessionConverter(Duration.ofMinutes(30)); (2)
}
}
```
|**1**|`@EnableMongoHttpSession`注释创建了一个名为`springSessionRepositoryFilter`的 Spring Bean,它实现了 filter。<br/>这个 filter 用 MongoDB 支持的 Bean 替换了默认的`HttpSession`。|
|-----|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|**2**|将会话超时时间配置为 30 分钟。|
## [](#boot-mongo-configuration)配置 MongoDB 连接
Spring 引导会自动创建一个`MongoClient`,它将 Spring 会话连接到端口 27017(默认端口)上的 LocalHost 上的 MongoDB 服务器。在生产环境中,你需要确保更新配置以指向 MongoDB 服务器。例如,你可以在**应用程序.属性**中包含以下内容
SRC/主/资源/应用程序.properties
```
spring.data.mongodb.host=mongo-srv
spring.data.mongodb.port=27018
spring.data.mongodb.database=prod
```
有关更多信息,请参阅 Spring 引导文档的[连接到 MongoDB](https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-connecting-to-mongodb)部分。
## [](#boot-servlet-configuration) Servlet 容器初始化
我们的[Spring Configuration](#boot-mongo-configuration)创建了一个名为`springSessionRepositoryFilter`的 Spring Bean,它实现了`Filter``springSessionRepositoryFilter` Bean 负责用 Spring 会话支持的自定义实现替换`HttpSession`
为了让我们的`Filter`发挥其魔力, Spring 需要加载我们的`Config`类。最后,我们需要确保我们的 Servlet 容器(即 Tomcat)对每个请求使用我们的`springSessionRepositoryFilter`。幸运的是,Boot 为我们解决了这两个步骤。
## [](#mongo-sample)MongoDB 示例应用程序
MongoDB 示例应用程序演示了如何在使用 Spring 引导时使用 Spring 会话透明地利用 MongoDB 来支持 Web 应用程序的`HttpSession`
### [](#mongo-running)运行 MongoDB 示例应用程序
你可以通过获取[源代码](https://github.com/spring-projects/spring-session/archive/main.zip)并调用以下命令来运行示例:
```
$ ./gradlew :samples:mongo:bootRun
```
现在你应该可以在[http://localhost:8080/](http://localhost:8080/)上访问应用程序了。
### [](#boot-explore)探索安全示例应用程序
尝试使用该应用程序。输入以下内容即可登录:
* **用户 Name** *User*
* **密码** *密码*
现在点击**登录**按钮。你现在应该会看到一条消息,表明你是用先前输入的用户登录的。用户的信息存储在 MongoDB 中,而不是 Tomcat 的`HttpSession`实现中。
### [](#mongo-how)它是如何工作的?
而不是使用 Tomcat 的`HttpSession`,我们实际上是在 Mongo 中持久化这些值。 Spring 会话用 Mongo 支持的实现替换`HttpSession`。当 Spring Security 的`SecurityContextPersistenceFilter``SecurityContext`保存到`HttpSession`时,它将被持久化到 Mongo 中。
当创建一个新的`HttpSession`时, Spring 会话将在浏览器中创建一个名为会话的 cookie,其中包含会话的 ID。继续查看 cookies(单击[Chrome](https://developer.chrome.com/devtools/docs/resources#cookies)[Firefox](https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List)以获取帮助)。
如果你愿意,你可以使用 Mongo 客户机轻松地检查会话。例如,在基于 Linux 的系统上,你可以键入:
| |示例应用程序使用了一个嵌入式 MongoDB 实例,该实例监听随机分配的端口。<br/>嵌入式 MongoDB 使用的端口以及用于连接到它的 Exact 命令在应用程序启动时记录。|
|---|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
```
$ mongo --port ...
> use test
> db.sessions.find().pretty()
```
或者,你也可以删除显式密钥。在终端中输入以下内容,以确保用会话 cookie 的值替换`60f17293-839b-477c-bb92-07a9c3658843`:
```
> db.sessions.remove({"_id":"60f17293-839b-477c-bb92-07a9c3658843"})
```
现在访问[http://localhost:8080/](http://localhost:8080/)上的应用程序,并观察到我们不再经过身份验证。
\ No newline at end of file
docs/spring-session/boot-redis.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring 会话- Spring 启动
本指南描述了在使用 Spring 引导时如何使用 Spring 会话透明地利用 Redis 来支持 Web 应用程序的`HttpSession`
| |你可以在[引导示例应用程序](#boot-sample)中找到完整的指南。|
|---|--------------------------------------------------------------------------------|
[Index](../index.html)
## [](#_updating_dependencies)更新依赖项
在使用 Spring 会话之前,你必须确保你的依赖关系。我们假设你正在使用一个有效的启动 Web 应用程序。如果正在使用 Maven,则必须添加以下依赖项:
POM.xml
```
<dependencies>
<!-- ... -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
</dependencies>
```
Spring 启动为 Spring 会话模块提供了依赖管理,因此不需要显式声明依赖版本。
## [](#boot-spring-configuration) Spring 引导配置
在添加了所需的依赖项之后,我们就可以创建我们的 Spring 启动配置了。多亏了一流的自动配置支持,由 Redis 支持的设置 Spring 会话非常简单,只需向你的`application.properties`添加一个配置属性,如以下清单所示:
SRC/主/资源/应用程序.properties
```
spring.session.store-type=redis # Session store type.
```
在这种情况下, Spring boot 应用的配置相当于手动添加`@EnableRedisHttpSession`注释。这将创建一个名为`springSessionRepositoryFilter`的 Spring Bean,实现`Filter`。过滤器负责替换要由 Spring 会话支持的`HttpSession`实现。
使用`application.properties`还可以进行进一步的定制,如以下清单所示:
SRC/主/资源/应用程序.properties
```
server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds is used.
spring.session.redis.flush-mode=on_save # Sessions flush mode.
spring.session.redis.namespace=spring:session # Namespace for keys used to store sessions.
```
有关更多信息,请参见 Spring 引导文档的[Spring Session](https://docs.spring.io/spring-boot/docs/2.5.6/reference/htmlsingle/#boot-features-session)部分。
## [](#boot-redis-configuration)配置 Redis 连接
Spring 启动会自动创建一个`RedisConnectionFactory`,它将 Spring 会话连接到端口 6379(默认端口)上本地主机上的 Redis 服务器。在生产环境中,你需要更新配置以指向 Redis 服务器。例如,你可以在应用程序中包含以下内容:
SRC/主/资源/应用程序.properties
```
spring.redis.host=localhost # Redis server host.
spring.redis.password= # Login password of the redis server.
spring.redis.port=6379 # Redis server port.
```
有关更多信息,请参见 Spring 引导文档的[连接到 Redis](https://docs.spring.io/spring-boot/docs/2.5.6/reference/htmlsingle/#boot-features-connecting-to-redis)部分。
## [](#boot-servlet-configuration) Servlet 容器初始化
我们的[Spring Boot Configuration](#boot-spring-configuration)创建了一个名为`springSessionRepositoryFilter`的 Spring Bean,它实现了`Filter``springSessionRepositoryFilter` Bean 负责用 Spring 会话支持的自定义实现替换`HttpSession`
为了使我们的`Filter`发挥其魔力, Spring 需要加载我们的`Config`类。最后,我们需要确保我们的 Servlet 容器(即 Tomcat)为每个请求使用我们的`springSessionRepositoryFilter`。幸运的是,Boot 为我们解决了这两个步骤。
## [](#boot-sample)引导示例应用程序
引导示例应用程序演示了如何在使用 Spring 引导时使用 Spring 会话透明地利用 Redis 来支持 Web 应用程序的`HttpSession`
### [](#boot-running)运行引导示例应用程序
你可以通过获取[源代码](https://github.com/spring-projects/spring-session/archive/main.zip)并调用以下命令来运行示例:
```
$ ./gradlew :spring-session-sample-boot-redis:bootRun
```
| |要使示例工作,你必须在 localhost 上[安装 Redis2.8+](https://redis.io/download)并使用默认端口(6379)运行它。<br/>或者,你可以更新`RedisConnectionFactory`以指向 Redis 服务器。<br/>另一个选项是使用[Docker](https://www.docker.com/)在 localhost 上运行 Redis。详细说明见[Docker Redis 存储库](https://hub.docker.com/_/redis/)。|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
现在你应该可以在[http://localhost:8080/](http://localhost:8080/)上访问应用程序了。
### [](#boot-explore)探索`security`示例应用程序
现在你可以尝试使用该应用程序了。输入以下内容即可登录:
* **用户 Name** *User*
* **密码** *密码*
现在点击**登录**按钮。你现在应该会看到一条消息,表明你是用先前输入的用户登录的。用户的信息存储在 Redis 中,而不是 Tomcat 的`HttpSession`实现中。
### [](#boot-how)它是如何工作的?
我们不使用 Tomcat 的`HttpSession`,而是在 Redis 中保存这些值。 Spring 会话用一个由 Redis 支持的实现替换`HttpSession`。当 Spring Security 的`SecurityContextPersistenceFilter``SecurityContext`保存到`HttpSession`时,它将被持久化到 Redis 中。
当创建一个新的`HttpSession`时, Spring 会话将在浏览器中创建一个名为`SESSION`的 cookie。该 cookie 包含你的会话的 ID。你可以查看 cookies(使用[Chrome](https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies)[Firefox](https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector))。
你可以使用 redis-cli 删除会话。例如,在基于 Linux 的系统上,你可以键入以下内容:
```
$ redis-cli keys '*' | xargs redis-cli del
```
| |Redis 文档中有[安装 Redis-CLI](https://redis.io/topics/quickstart)的说明。|
|---|--------------------------------------------------------------------------------------------------------|
或者,你也可以删除显式密钥。要这样做,请在终端中输入以下内容,并确保将`7e8383a4-082c-4ffe-a4bc-c40fd3363c5e`替换为`SESSION`cookie 的值:
```
$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
```
现在,你可以访问[http://localhost:8080/](http://localhost:8080/)上的应用程序,并观察到我们不再经过身份验证。
\ No newline at end of file
docs/spring-session/boot-webflux-custom-cookie.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring 带有自定义 cookie 的会话-WebFlux
本指南描述了如何配置 Spring 会话以在基于 WebFlux 的应用程序中使用自定义 Cookie。该指南假定你已经使用所选的数据存储在项目中设置了 Spring 会话。例如,[HttpSession with Redis ](./boot-redis.html)
| |你可以在[WebFlux 自定义 Cookie 示例应用程序](#webflux-custom-cookie-sample)中找到完整的指南。|
|---|------------------------------------------------------------------------------------------------------------------|
[Index](../index.html)
## [](#webflux-custom-cookie-spring-configuration) Spring 引导配置
一旦设置了 Spring 会话,就可以通过将`WebSessionIdResolver`公开为 Spring Bean 来自定义会话 cookie 的编写方式。 Spring 默认情况下,会话使用`CookieWebSessionIdResolver`。在使用`@EnableRedisHttpSession`之类的配置时,将`WebSessionIdResolver`公开为 Spring Bean 会增强现有的配置。下面的示例展示了如何自定义 Spring 会话的 cookie:
```
@Bean
public WebSessionIdResolver webSessionIdResolver() {
CookieWebSessionIdResolver resolver = new CookieWebSessionIdResolver();
resolver.setCookieName("JSESSIONID"); (1)
resolver.addCookieInitializer((builder) -> builder.path("/")); (2)
resolver.addCookieInitializer((builder) -> builder.sameSite("Strict")); (3)
return resolver;
}
```
|**1**|我们将 cookie 的名称自定义为`JSESSIONID`。|
|-----|--------------------------------------------------------------------------------------------|
|**2**|我们将 cookie 的路径自定义为`/`(而不是上下文根的默认值)。|
|**3**|我们将`SameSite`cookie 指令自定义为`Strict`。|
## [](#webflux-custom-cookie-sample)`webflux-custom-cookie`示例应用程序
本节介绍如何使用`webflux-custom-cookie`示例应用程序。
### [](#_running_the_webflux_custom_cookie_sample_application)运行`webflux-custom-cookie`示例应用程序
你可以通过获取[源代码](https://github.com/spring-projects/spring-session/archive/main.zip)并调用以下命令来运行示例:
```
$ ./gradlew :spring-session-sample-boot-webflux-custom-cookie:bootRun
```
| |要使示例工作,你必须在 localhost 上[安装 Redis2.8+](https://redis.io/download)并使用默认端口(6379)运行它。<br/>或者,你可以更新`RedisConnectionFactory`以指向 Redis 服务器。<br/>另一个选项是使用[Docker](https://www.docker.com/)在 localhost 上运行 Redis。详细说明见[Docker Redis 存储库](https://hub.docker.com/_/redis/)。|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
现在你应该可以在[http://localhost:8080/](http://localhost:8080/)上访问应用程序了。
### [](#_exploring_the_webflux_custom_cookie_sample_application)探索`webflux-custom-cookie`示例应用程序
现在你可以使用该应用程序了。请在表格中填写以下信息:
* **属性名称:** *用户 Name *
* **属性值:** *罗布*
现在点击**设置属性**按钮。现在你应该可以看到表中显示的值了。
如果查看应用程序的 cookie,可以看到 cookie 已保存到自定义名称`JSESSIONID`
\ No newline at end of file
docs/spring-session/boot-websocket.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring 会议- WebSocket
本指南描述了如何使用 Spring 会话来确保 WebSocket 消息使你的 HttpSession 保持活跃。
| |Spring session 的 WebSocket 支持仅对 Spring 的 WebSocket 支持有效。<br/>具体来说,它不能直接使用[JSR-356](https://www.jcp.org/en/jsr/detail?id=356),因为 JSR-356 没有拦截传入 WebSocket 消息的机制。|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
[Index](../index.html)
## [](#_httpsession_setup)HttpSession 设置
第一步是将 Spring 会话与 HttpSession 集成在一起。这些步骤已经在[HttpSession with Redis 指南](./boot-redis.html)中进行了概述。
在继续之前,请确保你已经将 Spring 会话集成到 HttpSession 中。
## [](#websocket-spring-configuration) Spring 配置
在典型的 Spring WebSocket 应用程序中,你将实现`WebSocketMessageBrokerConfigurer`。例如,配置可能如下所示:
```
@Configuration
@EnableScheduling
@EnableWebSocketMessageBroker
public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/messages").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry registry) {
registry.enableSimpleBroker("/queue/", "/topic/");
registry.setApplicationDestinationPrefixes("/app");
}
}
```
我们可以更新配置以使用 Spring 会话的 WebSocket 支持。下面的示例展示了如何做到这一点:
SRC/main/java/samples/config/websocketconfig.java
```
@Configuration
@EnableScheduling
@EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractSessionWebSocketMessageBrokerConfigurer<Session> { (1)
@Override
protected void configureStompEndpoints(StompEndpointRegistry registry) { (2)
registry.addEndpoint("/messages").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry registry) {
registry.enableSimpleBroker("/queue/", "/topic/");
registry.setApplicationDestinationPrefixes("/app");
}
}
```
要连接 Spring 会话支持,我们只需要更改两件事:
|**1**|而不是实现`WebSocketMessageBrokerConfigurer`,我们扩展`AbstractSessionWebSocketMessageBrokerConfigurer`|
|-----|-----------------------------------------------------------------------------------------------------------------------|
|**2**|我们将`registerStompEndpoints`方法重命名为`configureStompEndpoints`|
`AbstractSessionWebSocketMessageBrokerConfigurer`在幕后做什么?
* `WebSocketConnectHandlerDecoratorFactory`作为`WebSocketHandlerDecoratorFactory`添加到`WebSocketTransportRegistration`。这确保了一个包含`WebSocketSession`的自定义`SessionConnectEvent`被触发。当 Spring 会话结束时,要结束任何仍处于打开状态的 WebSocket 连接,`WebSocketSession`是必需的。
* `SessionRepositoryMessageInterceptor`作为`HandshakeInterceptor`添加到每个`StompWebSocketEndpointRegistration`。这确保将`Session`添加到 WebSocket 属性中,以允许更新上次访问的时间。
* `SessionRepositoryMessageInterceptor`作为`ChannelInterceptor`添加到我们的入站`ChannelRegistration`中。这确保了每次接收入站消息时,都会更新我们 Spring 会话的最后一次访问时间。
* `WebSocketRegistryListener`被创建为 Spring Bean。这确保了我们将所有`Session`ID 映射到相应的 WebSocket 连接。通过维护此映射,我们可以在 Spring 会话结束时关闭所有 WebSocket 连接。
## [](#websocket-sample)`websocket`示例应用程序
`websocket`示例应用程序演示了如何在 WebSockets 中使用 Spring 会话。
### [](#_running_the_websocket_sample_application)运行`websocket`示例应用程序
你可以通过获取[源代码](https://github.com/spring-projects/spring-session/archive/main.zip)并调用以下命令来运行示例:
```
$ ./gradlew :spring-session-sample-boot-websocket:bootRun
```
| |为了测试会话过期,你可能希望在启动应用程序之前添加以下配置属性,从而将会话过期时间更改为 1 分钟(默认为 30 分钟):<br/><br/>SRC/main/resources/application.properties<br/><br/>```<br/>server.servlet.session.timeout=1m # Session timeout. If a duration suffix is not specified, seconds will be used.<br/>```|
|---|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| |要使示例工作,你必须在 localhost 上[安装 Redis2.8+](https://redis.io/download)并使用默认端口(6379)运行它。<br/>或者,你可以更新`RedisConnectionFactory`以指向 Redis 服务器。<br/>另一个选项是使用[Docker](https://www.docker.com/)在 localhost 上运行 Redis。<br/>有关详细说明,请参见[Docker Redis 存储库](https://hub.docker.com/_/redis/)。|
|---|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
现在你应该可以在[http://localhost:8080/](http://localhost:8080/)上访问应用程序了。
### [](#_exploring_the_websocket_sample_application)探索`websocket`示例应用程序
现在你可以尝试使用该应用程序了。使用以下信息进行身份验证:
* **用户 Name ** *罗布*
* **密码** *密码*
现在点击**登录**按钮。你现在应该被验证为用户**罗布**
打开一个隐身窗口并访问[http://localhost:8080/](http://localhost:8080/)
系统会提示你输入登录表单。使用以下信息进行身份验证:
* **用户 Name ** *卢克*
* **密码** *密码*
现在把罗布的话传给卢克。消息应该会出现。
等两分钟,再试着把罗布的信息发送给卢克。你可以看到该消息已不再发送。
| |为什么是两分钟?<br/><br/> Spring 会话在 60 秒内到期,但是来自 Redis 的通知不能保证在 60 秒内发生。<br/>以确保套接字在合理的时间内关闭, Spring 会话在 00 秒时每分钟运行一个后台任务,该任务强制清除任何过期的会话。<br/>这意味着在关闭 WebSocket 连接之前,你最多需要等待两分钟。|
|---|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
你现在可以尝试访问[http://localhost:8080/](http://localhost:8080/),提示你再次进行身份验证。这表明会话正确地过期了。
现在重复同样的练习,但不是等待两分钟,而是每 30 秒发送一条来自每个用户的消息。你可以看到消息继续被发送。尝试访问[http://localhost:8080/](http://localhost:8080/),没有提示你再次进行身份验证。这表明会话是保持活力的。
| |只有来自用户的消息才能使会话保持活跃。<br/>这是因为只有来自用户的消息才意味着用户活动。<br/>收到的消息并不意味着活动,因此不会更新会话过期时间。|
|---|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
\ No newline at end of file
docs/spring-session/en/api.md 0 → 100644
浏览文件 @ a3ae08b0
此差异已折叠。
docs/spring-session/en/boot-findbyusername.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring Session - find by username
This guide describes how to use Spring Session to find sessions by username.
| |You can find the completed guide in the [findbyusername application](#findbyusername-sample).|
|---|---------------------------------------------------------------------------------------------|
[Index](../index.html)
## [](#findbyusername-assumptions)Assumptions
The guide assumes you have already added Spring Session to your application by using the built-in Redis configuration support.
The guide also assumes you have already applied Spring Security to your application.
However, we the guide is somewhat general purpose and can be applied to any technology with minimal changes, which we discuss later in the guide.
| |If you need to learn how to add Spring Session to your project, see the listing of [samples and guides](../#samples)|
|---|--------------------------------------------------------------------------------------------------------------------|
## [](#_about_the_sample)About the Sample
Our sample uses this feature to invalidate the users session that might have been compromised.
Consider the following scenario:
* User goes to library and authenticates to the application.
* User goes home and realizes they forgot to log out.
* User can log in and end the session from the library using clues like the location, created time, last accessed time, and so on.
Would it not be nice if we could let the user invalidate the session at the library from any device with which they authenticate?
This sample demonstrates how this is possible.
## [](#findbyindexnamesessionrepository)Using `FindByIndexNameSessionRepository`
To look up a user by their username, you must first choose a `SessionRepository` that implements [`FindByIndexNameSessionRepository`](../#api-findbyindexnamesessionrepository).
Our sample application assumes that the Redis support is already set up, so we are ready to go.
## [](#_mapping_the_user_name)Mapping the User Name
`FindByIndexNameSessionRepository` can find a session only by the user name if the developer instructs Spring Session what user is associated with the `Session`.
You can do so by ensuring that the session attribute with the name `FindByUsernameSessionRepository.PRINCIPAL_NAME_INDEX_NAME` is populated with the username.
Generally speaking, you can do so with the following code immediately after the user authenticates:
```
String username = "username";
this.session.setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, username);
```
## [](#_mapping_the_user_name_with_spring_security)Mapping the User Name with Spring Security
Since we use Spring Security, the user name is automatically indexed for us.
This means we need not perform any steps to ensure the user name is indexed.
## [](#_adding_additional_data_to_the_session)Adding Additional Data to the Session
It may be nice to associate additional information (such as the IP Address, the browser, location, and other details) to the session.
Doing so makes it easier for the user to know which session they are looking at.
To do so, determine which session attribute you want to use and what information you wish to provide.
Then create a Java bean that is added as a session attribute.
For example, our sample application includes the location and access type of the session, as the following listing shows:
```
public class SessionDetails implements Serializable {
private String location;
private String accessType;
public String getLocation() {
return this.location;
}
public void setLocation(String location) {
this.location = location;
}
public String getAccessType() {
return this.accessType;
}
public void setAccessType(String accessType) {
this.accessType = accessType;
}
private static final long serialVersionUID = 8850489178248613501L;
}
```
We then inject that information into the session on each HTTP request using a `SessionDetailsFilter`, as the following example shows:
```
@Override
public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
chain.doFilter(request, response);
HttpSession session = request.getSession(false);
if (session != null) {
String remoteAddr = getRemoteAddress(request);
String geoLocation = getGeoLocation(remoteAddr);
SessionDetails details = new SessionDetails();
details.setAccessType(request.getHeader("User-Agent"));
details.setLocation(remoteAddr + " " + geoLocation);
session.setAttribute("SESSION_DETAILS", details);
}
}
```
We obtain the information we want and then set the `SessionDetails` as an attribute in the `Session`.
When we retrieve the `Session` by user name, we can then use the session to access our `SessionDetails` as we would any other session attribute.
| |You might wonder why Spring Session does not provide `SessionDetails` functionality out of the box.<br/>We have two reasons.<br/>The first reason is that it is very trivial for applications to implement this themselves.<br/>The second reason is that the information that is populated in the session (and how frequently that information is updated) is highly application-dependent.|
|---|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
## [](#_finding_sessions_for_a_specific_user)Finding sessions for a specific user
We can now find all the sessions for a specific user.
The following example shows how to do so:
```
@Autowired
FindByIndexNameSessionRepository<? extends Session> sessions;
@RequestMapping("/")
public String index(Principal principal, Model model) {
Collection<? extends Session> usersSessions = this.sessions.findByPrincipalName(principal.getName()).values();
model.addAttribute("sessions", usersSessions);
return "index";
}
```
In our instance, we find all sessions for the currently logged in user.
However, you can modify this for an administrator to use a form to specify which user to look up.
## [](#findbyusername-sample)`findbyusername` Sample Application
This section describes how to use the `findbyusername` sample application.
### [](#_running_the_findbyusername_sample_application)Running the `findbyusername` Sample Application
You can run the sample by obtaining the [source code](https://github.com/spring-projects/spring-session/archive/main.zip) and invoking the following command:
```
$ ./gradlew :spring-session-sample-boot-findbyusername:bootRun
```
| |For the sample to work, you must [install Redis 2.8+](https://redis.io/download) on localhost and run it with the default port (6379).<br/>Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.<br/>Another option is to use [Docker](https://www.docker.com/) to run Redis on localhost.<br/>See [Docker Redis repository](https://hub.docker.com/_/redis/) for detailed instructions.|
|---|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
You should now be able to access the application at [http://localhost:8080/](http://localhost:8080/)
### [](#_exploring_the_security_sample_application)Exploring the security Sample Application
You can now try using the application. Enter the following to log in:
* **Username** *user*
* **Password** *password*
Now click the **Login** button.
You should now see a message indicating your are logged in with the user entered previously.
You should also see a listing of active sessions for the currently logged in user.
You can emulate the flow we discussed in the [About the Sample](#_about_the_sample) section by doing the following:
* Open a new incognito window and navigate to [http://localhost:8080/](http://localhost:8080/)
* Enter the following to log in:
* **Username** *user*
* **Password** *password*
* End your original session.
* Refresh the original window and see that you are logged out.
\ No newline at end of file
docs/spring-session/en/boot-jdbc.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring Session - Spring Boot
This guide describes how to use Spring Session to transparently leverage a relational database to back a web application’s `HttpSession` when you use Spring Boot.
| |You can find the completed guide in the [httpsession-jdbc-boot sample application](#httpsession-jdbc-boot-sample).|
|---|------------------------------------------------------------------------------------------------------------------|
[Index](../index.html)
## [](#_updating_dependencies)Updating Dependencies
Before you use Spring Session, you must update your dependencies.
We assume you are working with a working Spring Boot web application.
If you use Maven, you must add the following dependencies:
pom.xml
```
<dependencies>
<!-- ... -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-jdbc</artifactId>
</dependency>
</dependencies>
```
Spring Boot provides dependency management for Spring Session modules, so you need not explicitly declare the dependency version.
## [](#httpsession-jdbc-boot-spring-configuration)Spring Boot Configuration
After adding the required dependencies, we can create our Spring Boot configuration.
Thanks to first-class auto configuration support, setting up Spring Session backed by a relational database is as simple as adding a single configuration property to your `application.properties`.
The following listing shows how to do so:
src/main/resources/application.properties
```
spring.session.store-type=jdbc # Session store type.
```
If a single Spring Session module is present on the classpath, Spring Boot uses that store implementation automatically.
If you have more than one implementation, you must choose the StoreType that you wish to use to store the sessions, as shows above.
Under the hood, Spring Boot applies configuration that is equivalent to manually adding the `@EnableJdbcHttpSession` annotation.
This creates a Spring bean with the name of `springSessionRepositoryFilter`. That bean implements `Filter`.
The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
You can further customize by using `application.properties`.
The following listing shows how to do so:
src/main/resources/application.properties
```
server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds are used.
spring.session.jdbc.initialize-schema=embedded # Database schema initialization mode.
spring.session.jdbc.schema=classpath:org/springframework/session/jdbc/[email protected]@[email protected]@.sql # Path to the SQL file to use to initialize the database schema.
spring.session.jdbc.table-name=SPRING_SESSION # Name of the database table used to store sessions.
```
For more information, see the [Spring Session](https://docs.spring.io/spring-boot/docs/2.5.6/reference/htmlsingle/#boot-features-session) portion of the Spring Boot documentation.
## [](#httpsession-jdbc-boot-configuration)Configuring the `DataSource`
Spring Boot automatically creates a `DataSource` that connects Spring Session to an embedded instance of an H2 database.
In a production environment, you need to update your configuration to point to your relational database.
For example, you can include the following in your application.properties:
src/main/resources/application.properties
```
spring.datasource.url= # JDBC URL of the database.
spring.datasource.username= # Login username of the database.
spring.datasource.password= # Login password of the database.
```
For more information, see the [Configure a DataSource](https://docs.spring.io/spring-boot/docs/2.5.6/reference/htmlsingle/#boot-features-configure-datasource) portion of the Spring Boot documentation.
## [](#httpsession-jdbc-boot-servlet-configuration)Servlet Container Initialization
Our [Spring Boot Configuration](#httpsession-jdbc-boot-spring-configuration) created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
Last, we need to ensure that our Servlet Container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
Fortunately, Spring Boot takes care of both of these steps for us.
## [](#httpsession-jdbc-boot-sample)`httpsession-jdbc-boot` Sample Application
The httpsession-jdbc-boot Sample Application demonstrates how to use Spring Session to transparently leverage an H2 database to back a web application’s `HttpSession` when you use Spring Boot.
### [](#httpsession-jdbc-boot-running)Running the `httpsession-jdbc-boot` Sample Application
You can run the sample by obtaining the [source code](https://github.com/spring-projects/spring-session/archive/main.zip) and invoking the following command:
```
$ ./gradlew :spring-session-sample-boot-jdbc:bootRun
```
You should now be able to access the application at [http://localhost:8080/](http://localhost:8080/)
### [](#httpsession-jdbc-boot-explore)Exploring the Security Sample Application
You can now try using the application.
To do so, enter the following to log in:
* **Username** *user*
* **Password** *password*
Now click the **Login** button.
You should now see a message indicating that your are logged in with the user entered previously.
The user’s information is stored in the H2 database rather than Tomcat’s `HttpSession` implementation.
### [](#httpsession-jdbc-boot-how)How Does It Work?
Instead of using Tomcat’s `HttpSession`, we persist the values in the H2 database.
Spring Session replaces the `HttpSession` with an implementation that is backed by a relational database.
When Spring Security’s `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession`, it is then persisted into the H2 database.
When a new `HttpSession` is created, Spring Session creates a cookie named `SESSION` in your browser. That cookie contains the ID of your session.
You can view the cookies (with [Chrome](https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies) or [Firefox](https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector)).
You can remove the session by using the H2 web console available at: [http://localhost:8080/h2-console/](http://localhost:8080/h2-console/) (use `jdbc:h2:mem:testdb` for JDBC URL).
Now you can visit the application at [http://localhost:8080/](http://localhost:8080/) and see that we are no longer authenticated.
\ No newline at end of file
docs/spring-session/en/boot-mongo.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring Session - MongoDB Repositories
This guide describes how to use Spring Session backed by MongoDB.
| |The completed guide can be found in the [mongo sample application](#mongo-sample).|
|---|----------------------------------------------------------------------------------|
[Index](../index.html)
## [](#_updating_dependencies)Updating Dependencies
Before you use Spring Session MongoDB, you must ensure to update your dependencies.
We assume you are working with a working Spring Boot web application.
If you are using Maven, ensure to add the following dependencies:
pom.xml
```
<dependencies>
<!-- ... -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-mongodb</artifactId>
</dependency>
</dependencies>
```
Since We are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
Ensure you have the following in your pom.xml:
pom.xml
```
<repositories>
<!-- ... -->
<repository>
<id>spring-snapshot</id>
<url>https://repo.spring.io/libs-snapshot</url>
</repository>
</repositories>
```
## [](#mongo-spring-configuration)Spring Configuration
After adding the required dependencies, we can create our Spring configuration.
The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
All you have to do is to add the following Spring Configuration:
```
@EnableMongoHttpSession (1)
public class HttpSessionConfig {
@Bean
public JdkMongoSessionConverter jdkMongoSessionConverter() {
return new JdkMongoSessionConverter(Duration.ofMinutes(30)); (2)
}
}
```
|**1**|The `@EnableMongoHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.<br/>This filter is what replaces the default `HttpSession` with the MongoDB-backed bean.|
|-----|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|**2**| Configures the session timeout to 30 minutes. |
## [](#boot-mongo-configuration)Configuring the MongoDB Connection
Spring Boot automatically creates a `MongoClient` that connects Spring Session to a MongoDB Server on localhost on port 27017 (default port).
In a production environment you need to ensure to update your configuration to point to your MongoDB server.
For example, you can include the following in your **application.properties**
src/main/resources/application.properties
```
spring.data.mongodb.host=mongo-srv
spring.data.mongodb.port=27018
spring.data.mongodb.database=prod
```
For more information, refer to [Connecting to MongoDB](https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-connecting-to-mongodb) portion of the Spring Boot documentation.
## [](#boot-servlet-configuration)Servlet Container Initialization
Our [Spring Configuration](#boot-mongo-configuration) created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
Fortunately, Spring Boot takes care of both of these steps for us.
## [](#mongo-sample)MongoDB Sample Application
The MongoDB Sample Application demonstrates how to use Spring Session to transparently leverage MongoDB to back a web application’s `HttpSession` when using Spring Boot.
### [](#mongo-running)Running the MongoDB Sample Application
You can run the sample by obtaining the [source code](https://github.com/spring-projects/spring-session/archive/main.zip) and invoking the following command:
```
$ ./gradlew :samples:mongo:bootRun
```
You should now be able to access the application at [http://localhost:8080/](http://localhost:8080/)
### [](#boot-explore)Exploring the security Sample Application
Try using the application. Enter the following to log in:
* **Username** *user*
* **Password** *password*
Now click the **Login** button.
You should now see a message indicating your are logged in with the user entered previously.
The user’s information is stored in MongoDB rather than Tomcat’s `HttpSession` implementation.
### [](#mongo-how)How does it work?
Instead of using Tomcat’s `HttpSession`, we are actually persisting the values in Mongo.
Spring Session replaces the `HttpSession` with an implementation that is backed by Mongo.
When Spring Security’s `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Mongo.
When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
Go ahead and view the cookies (click for help with [Chrome](https://developer.chrome.com/devtools/docs/resources#cookies) or [Firefox](https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List)).
If you like, you can easily inspect the session using mongo client. For example, on a Linux based system you can type:
| |The sample application uses an embedded MongoDB instance that listens on a randomly allocated port.<br/>The port used by embedded MongoDB together with exact command to connect to it is logged during application startup.|
|---|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
```
$ mongo --port ...
> use test
> db.sessions.find().pretty()
```
Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `60f17293-839b-477c-bb92-07a9c3658843` with the value of your SESSION cookie:
```
> db.sessions.remove({"_id":"60f17293-839b-477c-bb92-07a9c3658843"})
```
Now visit the application at [http://localhost:8080/](http://localhost:8080/) and observe that we are no longer authenticated.
\ No newline at end of file
docs/spring-session/en/boot-redis.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring Session - Spring Boot
This guide describes how to use Spring Session to transparently leverage Redis to back a web application’s `HttpSession` when you use Spring Boot.
| |You can find the completed guide in the [boot sample application](#boot-sample).|
|---|--------------------------------------------------------------------------------|
[Index](../index.html)
## [](#_updating_dependencies)Updating Dependencies
Before you use Spring Session, you must ensure your dependencies.
We assume you are working with a working Spring Boot web application.
If you are using Maven, you must add the following dependencies:
pom.xml
```
<dependencies>
<!-- ... -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
</dependencies>
```
Spring Boot provides dependency management for Spring Session modules, so you need not explicitly declare dependency version.
## [](#boot-spring-configuration)Spring Boot Configuration
After adding the required dependencies, we can create our Spring Boot configuration.
Thanks to first-class auto configuration support, setting up Spring Session backed by Redis is as simple as adding a single configuration property to your `application.properties`, as the following listing shows:
src/main/resources/application.properties
```
spring.session.store-type=redis # Session store type.
```
Under the hood, Spring Boot applies configuration that is equivalent to manually adding `@EnableRedisHttpSession` annotation.
This creates a Spring bean with the name of `springSessionRepositoryFilter` that implements `Filter`.
The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
Further customization is possible by using `application.properties`, as the following listing shows:
src/main/resources/application.properties
```
server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds is used.
spring.session.redis.flush-mode=on_save # Sessions flush mode.
spring.session.redis.namespace=spring:session # Namespace for keys used to store sessions.
```
For more information, see the [Spring Session](https://docs.spring.io/spring-boot/docs/2.5.6/reference/htmlsingle/#boot-features-session) portion of the Spring Boot documentation.
## [](#boot-redis-configuration)Configuring the Redis Connection
Spring Boot automatically creates a `RedisConnectionFactory` that connects Spring Session to a Redis Server on localhost on port 6379 (default port).
In a production environment, you need to update your configuration to point to your Redis server.
For example, you can include the following in your application.properties:
src/main/resources/application.properties
```
spring.redis.host=localhost # Redis server host.
spring.redis.password= # Login password of the redis server.
spring.redis.port=6379 # Redis server port.
```
For more information, see the [Connecting to Redis](https://docs.spring.io/spring-boot/docs/2.5.6/reference/htmlsingle/#boot-features-connecting-to-redis) portion of the Spring Boot documentation.
## [](#boot-servlet-configuration)Servlet Container Initialization
Our [Spring Boot Configuration](#boot-spring-configuration) created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
Last, we need to ensure that our servlet container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
Fortunately, Spring Boot takes care of both of these steps for us.
## [](#boot-sample)Boot Sample Application
The Boot Sample Application demonstrates how to use Spring Session to transparently leverage Redis to back a web application’s `HttpSession` when you use Spring Boot.
### [](#boot-running)Running the Boot Sample Application
You can run the sample by obtaining the [source code](https://github.com/spring-projects/spring-session/archive/main.zip) and invoking the following command:
```
$ ./gradlew :spring-session-sample-boot-redis:bootRun
```
| |For the sample to work, you must [install Redis 2.8+](https://redis.io/download) on localhost and run it with the default port (6379).<br/>Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.<br/>Another option is to use [Docker](https://www.docker.com/) to run Redis on localhost. See [Docker Redis repository](https://hub.docker.com/_/redis/) for detailed instructions.|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
You should now be able to access the application at [http://localhost:8080/](http://localhost:8080/)
### [](#boot-explore)Exploring the `security` Sample Application
Now you can try using the application. Enter the following to log in:
* **Username** *user*
* **Password** *password*
Now click the **Login** button.
You should now see a message indicating your are logged in with the user entered previously.
The user’s information is stored in Redis rather than Tomcat’s `HttpSession` implementation.
### [](#boot-how)How Does It Work?
Instead of using Tomcat’s `HttpSession`, we persist the values in Redis.
Spring Session replaces the `HttpSession` with an implementation that is backed by Redis.
When Spring Security’s `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession`, it is then persisted into Redis.
When a new `HttpSession` is created, Spring Session creates a cookie named `SESSION` in your browser.
That cookie contains the ID of your session.
You can view the cookies (with [Chrome](https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies) or [Firefox](https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector)).
You can remove the session by using redis-cli.
For example, on a Linux based system you can type the following:
```
$ redis-cli keys '*' | xargs redis-cli del
```
| |The Redis documentation has instructions for [installing redis-cli](https://redis.io/topics/quickstart).|
|---|--------------------------------------------------------------------------------------------------------|
Alternatively, you can also delete the explicit key.
To do so, enter the following into your terminal, being sure to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your `SESSION` cookie:
```
$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
```
Now you can visit the application at [http://localhost:8080/](http://localhost:8080/) and observe that we are no longer authenticated.
\ No newline at end of file
docs/spring-session/en/boot-webflux-custom-cookie.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring Session - WebFlux with Custom Cookie
This guide describes how to configure Spring Session to use custom cookies in a WebFlux based application.
The guide assumes you have already set up Spring Session in your project using your chosen data store. For example, [HttpSession with Redis](./boot-redis.html).
| |You can find the completed guide in the [WebFlux Custom Cookie sample application](#webflux-custom-cookie-sample).|
|---|------------------------------------------------------------------------------------------------------------------|
[Index](../index.html)
## [](#webflux-custom-cookie-spring-configuration)Spring Boot Configuration
Once you have set up Spring Session, you can customize how the session cookie is written by exposing a `WebSessionIdResolver` as a Spring bean.
Spring Session uses a `CookieWebSessionIdResolver` by default.
Exposing the `WebSessionIdResolver` as a Spring bean augments the existing configuration when you use configurations like `@EnableRedisHttpSession`.
The following example shows how to customize Spring Session’s cookie:
```
@Bean
public WebSessionIdResolver webSessionIdResolver() {
CookieWebSessionIdResolver resolver = new CookieWebSessionIdResolver();
resolver.setCookieName("JSESSIONID"); (1)
resolver.addCookieInitializer((builder) -> builder.path("/")); (2)
resolver.addCookieInitializer((builder) -> builder.sameSite("Strict")); (3)
return resolver;
}
```
|**1**| We customize the name of the cookie to be `JSESSIONID`. |
|-----|--------------------------------------------------------------------------------------------|
|**2**|We customize the path of the cookie to be `/` (rather than the default of the context root).|
|**3**| We customize the `SameSite` cookie directive to be `Strict`. |
## [](#webflux-custom-cookie-sample)`webflux-custom-cookie` Sample Application
This section describes how to work with the `webflux-custom-cookie` sample application.
### [](#_running_the_webflux_custom_cookie_sample_application)Running the `webflux-custom-cookie` Sample Application
You can run the sample by obtaining the [source code](https://github.com/spring-projects/spring-session/archive/main.zip) and invoking the following command:
```
$ ./gradlew :spring-session-sample-boot-webflux-custom-cookie:bootRun
```
| |For the sample to work, you must [install Redis 2.8+](https://redis.io/download) on localhost and run it with the default port (6379).<br/>Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.<br/>Another option is to use [Docker](https://www.docker.com/) to run Redis on localhost. See [Docker Redis repository](https://hub.docker.com/_/redis/) for detailed instructions.|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
You should now be able to access the application at [http://localhost:8080/](http://localhost:8080/)
### [](#_exploring_the_webflux_custom_cookie_sample_application)Exploring the `webflux-custom-cookie` Sample Application
Now you can use the application. Fill out the form with the following information:
* **Attribute Name:** *username*
* **Attribute Value:** *rob*
Now click the **Set Attribute** button.
You should now see the values displayed in the table.
If you look at the cookies for the application, you can see the cookie is saved to the custom name of `JSESSIONID`.
\ No newline at end of file
docs/spring-session/en/boot-websocket.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring Session - WebSocket
This guide describes how to use Spring Session to ensure that WebSocket messages keep your HttpSession alive.
| |Spring Session’s WebSocket support works only with Spring’s WebSocket support.<br/>Specifically,it does not work with using [JSR-356](https://www.jcp.org/en/jsr/detail?id=356) directly, because JSR-356 does not have a mechanism for intercepting incoming WebSocket messages.|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
[Index](../index.html)
## [](#_httpsession_setup)HttpSession Setup
The first step is to integrate Spring Session with the HttpSession. These steps are already outlined in the [HttpSession with Redis Guide](./boot-redis.html).
Please make sure you have already integrated Spring Session with HttpSession before proceeding.
## [](#websocket-spring-configuration)Spring Configuration
In a typical Spring WebSocket application, you would implement `WebSocketMessageBrokerConfigurer`.
For example, the configuration might look something like the following:
```
@Configuration
@EnableScheduling
@EnableWebSocketMessageBroker
public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/messages").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry registry) {
registry.enableSimpleBroker("/queue/", "/topic/");
registry.setApplicationDestinationPrefixes("/app");
}
}
```
We can update our configuration to use Spring Session’s WebSocket support.
The following example shows how to do so:
src/main/java/samples/config/WebSocketConfig.java
```
@Configuration
@EnableScheduling
@EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractSessionWebSocketMessageBrokerConfigurer<Session> { (1)
@Override
protected void configureStompEndpoints(StompEndpointRegistry registry) { (2)
registry.addEndpoint("/messages").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry registry) {
registry.enableSimpleBroker("/queue/", "/topic/");
registry.setApplicationDestinationPrefixes("/app");
}
}
```
To hook in the Spring Session support we only need to change two things:
|**1**|Instead of implementing `WebSocketMessageBrokerConfigurer`, we extend `AbstractSessionWebSocketMessageBrokerConfigurer`|
|-----|-----------------------------------------------------------------------------------------------------------------------|
|**2**| We rename the `registerStompEndpoints` method to `configureStompEndpoints` |
What does `AbstractSessionWebSocketMessageBrokerConfigurer` do behind the scenes?
* `WebSocketConnectHandlerDecoratorFactory` is added as a `WebSocketHandlerDecoratorFactory` to `WebSocketTransportRegistration`.
This ensures a custom `SessionConnectEvent` is fired that contains the `WebSocketSession`.
The `WebSocketSession` is necessary to end any WebSocket connections that are still open when a Spring Session is ended.
* `SessionRepositoryMessageInterceptor` is added as a `HandshakeInterceptor` to every `StompWebSocketEndpointRegistration`.
This ensures that the `Session` is added to the WebSocket properties to enable updating the last accessed time.
* `SessionRepositoryMessageInterceptor` is added as a `ChannelInterceptor` to our inbound `ChannelRegistration`.
This ensures that every time an inbound message is received, that the last accessed time of our Spring Session is updated.
* `WebSocketRegistryListener` is created as a Spring bean.
This ensures that we have a mapping of all of the `Session` IDs to the corresponding WebSocket connections.
By maintaining this mapping, we can close all the WebSocket connections when a Spring Session (HttpSession) is ended.
## [](#websocket-sample)`websocket` Sample Application
The `websocket` sample application demonstrates how to use Spring Session with WebSockets.
### [](#_running_the_websocket_sample_application)Running the `websocket` Sample Application
You can run the sample by obtaining the [source code](https://github.com/spring-projects/spring-session/archive/main.zip) and invoking the following command:
```
$ ./gradlew :spring-session-sample-boot-websocket:bootRun
```
| |For the purposes of testing session expiration, you may want to change the session expiration to be 1 minute (the default is 30 minutes) by adding the following configuration property before starting the application:<br/><br/>src/main/resources/application.properties<br/><br/>```<br/>server.servlet.session.timeout=1m # Session timeout. If a duration suffix is not specified, seconds will be used.<br/>```|
|---|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| |For the sample to work, you must [install Redis 2.8+](https://redis.io/download) on localhost and run it with the default port (6379).<br/>Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.<br/>Another option is to use [Docker](https://www.docker.com/) to run Redis on localhost.<br/>See [Docker Redis repository](https://hub.docker.com/_/redis/) for detailed instructions.|
|---|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
You should now be able to access the application at [http://localhost:8080/](http://localhost:8080/)
### [](#_exploring_the_websocket_sample_application)Exploring the `websocket` Sample Application
Now you can try using the application. Authenticate with the following information:
* **Username** *rob*
* **Password** *password*
Now click the **Login** button. You should now be authenticated as the user **rob**.
Open an incognito window and access [http://localhost:8080/](http://localhost:8080/)
You are prompted with a login form. Authenticate with the following information:
* **Username** *luke*
* **Password** *password*
Now send a message from rob to luke. The message should appear.
Wait for two minutes and try sending a message from rob to luke again.
You can see that the message is no longer sent.
| |Why two minutes?<br/><br/>Spring Session expires in 60 seconds, but the notification from Redis is not guaranteed to happen within 60 seconds.<br/>To ensure the socket is closed in a reasonable amount of time, Spring Session runs a background task every minute at 00 seconds that forcibly cleans up any expired sessions.<br/>This means you need to wait at most two minutes before the WebSocket connection is closed.|
|---|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
You can now try accessing [http://localhost:8080/](http://localhost:8080/)You are prompted to authenticate again.
This demonstrates that the session properly expires.
Now repeat the same exercise, but instead of waiting two minutes, send a message from each of the users every 30 seconds.
You can see that the messages continue to be sent.
Try accessing [http://localhost:8080/](http://localhost:8080/)You are not prompted to authenticate again.
This demonstrates the session is kept alive.
| |Only messages sent from a user keep the session alive.<br/>This is because only messages coming from a user imply user activity.<br/>Received messages do not imply activity and, thus, do not renew the session expiration.|
|---|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
\ No newline at end of file
docs/spring-session/en/http-session.md 0 → 100644
浏览文件 @ a3ae08b0
此差异已折叠。
docs/spring-session/en/index.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring Session
Spring Session provides an API and implementations for managing a user’s session information.
Spring Session provides an API and implementations for managing a user’s session information while also making it trivial to support clustered sessions without being tied to an application container-specific solution.
It also provides transparent integration with:
* [HttpSession](http-session.html#httpsession): Allows replacing the `HttpSession` in an application container-neutral way, with support for providing session IDs in headers to work with RESTful APIs.
* [WebSocket](web-socket.html#websocket): Provides the ability to keep the `HttpSession` alive when receiving WebSocket messages
* [WebSession](web-session.html#websession): Allows replacing the Spring WebFlux’s `WebSession` in an application container-neutral way.
## [](#community)Spring Session Community
We are glad to consider you a part of our community.
The following sections provide additional about how to interact with the Spring Session community.
### [](#community-support)Support
You can get help by asking questions on [Stack Overflow with the `spring-session` tag](https://stackoverflow.com/questions/tagged/spring-session).
Similarly, we encourage helping others by answering questions on Stack Overflow.
### [](#community-source)Source Code
You can find the source code on GitHub at [https://github.com/spring-projects/spring-session/](https://github.com/spring-projects/spring-session/)
### [](#community-issues)Issue Tracking
We track issues in GitHub issues at [https://github.com/spring-projects/spring-session/issues](https://github.com/spring-projects/spring-session/issues)
### [](#community-contributing)Contributing
We appreciate [pull requests](https://help.github.com/articles/using-pull-requests/).
### [](#community-license)License
Spring Session is Open Source software released under the [Apache 2.0 license](https://www.apache.org/licenses/LICENSE-2.0).
### [](#community-extensions)Community Extensions
| Name | Location |
|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|Spring Session Infinispan|[https://infinispan.org/infinispan-spring-boot/master/spring\_boot\_starter.html#\_enabling\_spring\_session\_support](https://infinispan.org/infinispan-spring-boot/master/spring_boot_starter.html#_enabling_spring_session_support)|
## [](#minimum-requirements)Minimum Requirements
The minimum requirements for Spring Session are:
* Java 8+.
* If you run in a Servlet Container (not required), Servlet 3.1+.
* If you use other Spring libraries (not required), the minimum required version is Spring 5.0.x.
* `@EnableRedisHttpSession` requires Redis 2.8+. This is necessary to support [Session Expiration](api.html#api-redisindexedsessionrepository-expiration)
* `@EnableHazelcastHttpSession` requires Hazelcast 3.6+. This is necessary to support [`FindByIndexNameSessionRepository`](api.html#api-enablehazelcasthttpsession-storage)
| |At its core, Spring Session has a required dependency only on `spring-jcl`.<br/>For an example of using Spring Session without any other Spring dependencies, see the [hazelcast sample](samples.html#samples) application.|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
\ No newline at end of file
docs/spring-session/en/modules.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring Session Modules
In Spring Session 1.x, all of the Spring Session’s `SessionRepository` implementations were available within the `spring-session` artifact.
While convenient, this approach was not sustainable long-term as more features and `SessionRepository` implementations were added to the project.
With Spring Session 2.0, several modules were split off to be separate modules as well as managed repositories.
Spring Session for MongoDB was retired, but was later reactivated as a separate module.
As of Spring Session 2.6, Spring Session for MongoDB was merged back into Spring Session.
Now the situation with the various repositories and modules is as follows:
* [`spring-session` repository](https://github.com/spring-projects/spring-session)
* Hosts the Spring Session Core, Spring Session for MongoDB, Spring Session for Redis, Spring Session JDBC, and Spring Session Hazelcast modules.
* [`spring-session-data-geode` repository](https://github.com/spring-projects/spring-session-data-geode)
* Hosts the Spring Session Data Geode modules. Spring Session Data Geode has its own user guide, which you can find at the [[https://spring.io/projects/spring-session-data-geode#learn](https://spring.io/projects/spring-session-data-geode#learn) site].
Finally, Spring Session also provides a Maven BOM (“bill of materials”) module in order to help users with version management concerns:
* [`spring-session-bom` repository](https://github.com/spring-projects/spring-session-bom)
* Hosts the Spring Session BOM module
\ No newline at end of file
docs/spring-session/en/samples.md 0 → 100644
浏览文件 @ a3ae08b0
# Samples and Guides (Start Here)
To get started with Spring Session, the best place to start is our Sample Applications.
| Source | Description | Guide |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|
| [HttpSession with Redis](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-redis) | Demonstrates how to use Spring Session to replace the `HttpSession` with Redis. | [HttpSession with Redis Guide](guides/boot-redis.html) |
| [HttpSession with JDBC](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-jdbc) | Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store. | [HttpSession with JDBC Guide](guides/boot-jdbc.html) |
| [HttpSession with Hazelcast](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-hazelcast) | Demonstrates how to use Spring Session to replace the `HttpSession` with Hazelcast. | |
| [Find by Username](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-findbyusername) | Demonstrates how to use Spring Session to find sessions by username. | [Find by Username Guide](guides/boot-findbyusername.html) |
| [WebSockets](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-websocket) | Demonstrates how to use Spring Session with WebSockets. | [WebSockets Guide](guides/boot-websocket.html) |
| [WebFlux](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-webflux) | Demonstrates how to use Spring Session to replace the Spring WebFlux’s `WebSession` with Redis. | |
| [WebFlux with Custom Cookie](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-webflux-custom-cookie) | Demonstrates how to use Spring Session to customize the Session cookie in a WebFlux based application. |[WebFlux with Custom Cookie Guide](guides/boot-webflux-custom-cookie.html)|
| [HttpSession with Redis JSON serialization](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-redis-json) | Demonstrates how to use Spring Session to replace the `HttpSession` with Redis using JSON serialization. | |
| [HttpSession with simple Redis `SessionRepository`](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-redis-simple) |Demonstrates how to use Spring Session to replace the `HttpSession` with Redis using `RedisSessionRepository`.| |
|[Spring Session with MongoDB Repositories (servlet-based)](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-mongodb-traditional)| Demonstrates how to back Spring Session with traditional MongoDB repositories. | [Spring Session with MongoDB Repositories](guides/boot-mongo.html) |
| [Spring Session with MongoDB Repositories (reactive)](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-mongodb-reactive) | Demonstrates how to back Spring Session with reactive MongoDB repositories. | [Spring Session with MongoDB Repositories](guides/boot-mongo.html) |
| Source | Description | Guide |
|-----------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|--------------------------------------------------------------|
| [HttpSession with Redis](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-redis) | Demonstrates how to use Spring Session to replace the `HttpSession` with Redis. | [HttpSession with Redis Guide](guides/java-redis.html) |
| [HttpSession with JDBC](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-jdbc) |Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store.| [HttpSession with JDBC Guide](guides/java-jdbc.html) |
|[HttpSession with Hazelcast](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-hazelcast)| Demonstrates how to use Spring Session to replace the `HttpSession` with Hazelcast. |[HttpSession with Hazelcast Guide](guides/java-hazelcast.html)|
| [Custom Cookie](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-custom-cookie) | Demonstrates how to use Spring Session and customize the cookie. | [Custom Cookie Guide](guides/java-custom-cookie.html) |
| [Spring Security](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-security) | Demonstrates how to use Spring Session with an existing Spring Security application. | [Spring Security Guide](guides/java-security.html) |
| [REST](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-rest) |Demonstrates how to use Spring Session in a REST application to support authenticating with a header.| [REST Guide](guides/java-rest.html) |
| Source | Description | Guide |
|--------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|-----------------------------------------------------|
|[HttpSession with Redis](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-xml-redis)| Demonstrates how to use Spring Session to replace the `HttpSession` with a Redis store. |[HttpSession with Redis Guide](guides/xml-redis.html)|
| [HttpSession with JDBC](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-xml-jdbc) |Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store.| [HttpSession with JDBC Guide](guides/xml-jdbc.html) |
| Source | Description |Guide|
|------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------|-----|
|[Hazelcast](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-misc-hazelcast)|Demonstrates how to use Spring Session with Hazelcast in a Java EE application.| |
\ No newline at end of file
docs/spring-session/en/spring-security.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring Security Integration
Spring Session provides integration with Spring Security.
## [](#spring-security-rememberme)Spring Security Remember-me Support
Spring Session provides integration with [Spring Security’s Remember-me Authentication](https://docs.spring.io/spring-security/site/docs/5.6.2/reference/html5/#servlet-rememberme).
The support:
* Changes the session expiration length
* Ensures that the session cookie expires at `Integer.MAX_VALUE`.
The cookie expiration is set to the largest possible value, because the cookie is set only when the session is created.
If it were set to the same value as the session expiration, the session would get renewed when the user used it but the cookie expiration would not be updated (causing the expiration to be fixed).
To configure Spring Session with Spring Security in Java Configuration, you can use the following listing as a guide:
```
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// ... additional configuration ...
.rememberMe((rememberMe) -> rememberMe
.rememberMeServices(rememberMeServices())
);
}
@Bean
public SpringSessionRememberMeServices rememberMeServices() {
SpringSessionRememberMeServices rememberMeServices =
new SpringSessionRememberMeServices();
// optionally customize
rememberMeServices.setAlwaysRemember(true);
return rememberMeServices;
}
```
An XML-based configuration would look something like the following:
```
<security:http>
<!-- ... -->
<security:form-login />
<security:remember-me services-ref="rememberMeServices"/>
</security:http>
<bean id="rememberMeServices"
class="org.springframework.session.security.web.authentication.SpringSessionRememberMeServices"
p:alwaysRemember="true"/>
```
## [](#spring-security-concurrent-sessions)Spring Security Concurrent Session Control
Spring Session provides integration with Spring Security to support its concurrent session control.
This allows limiting the number of active sessions that a single user can have concurrently, but, unlike the default
Spring Security support, this also works in a clustered environment. This is done by providing a custom
implementation of Spring Security’s `SessionRegistry` interface.
When using Spring Security’s Java config DSL, you can configure the custom `SessionRegistry` through the`SessionManagementConfigurer`, as the following listing shows:
```
@Configuration
public class SecurityConfiguration<S extends Session> extends WebSecurityConfigurerAdapter {
@Autowired
private FindByIndexNameSessionRepository<S> sessionRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
// other config goes here...
.sessionManagement((sessionManagement) -> sessionManagement
.maximumSessions(2)
.sessionRegistry(sessionRegistry())
);
// @formatter:on
}
@Bean
public SpringSessionBackedSessionRegistry<S> sessionRegistry() {
return new SpringSessionBackedSessionRegistry<>(this.sessionRepository);
}
}
```
This assumes that you have also configured Spring Session to provide a `FindByIndexNameSessionRepository` that
returns `Session` instances.
When using XML configuration, it would look something like the following listing:
```
<security:http>
<!-- other config goes here... -->
<security:session-management>
<security:concurrency-control max-sessions="2" session-registry-ref="sessionRegistry"/>
</security:session-management>
</security:http>
<bean id="sessionRegistry"
class="org.springframework.session.security.SpringSessionBackedSessionRegistry">
<constructor-arg ref="sessionRepository"/>
</bean>
```
This assumes that your Spring Session `SessionRegistry` bean is called `sessionRegistry`, which is the name used by all`SpringHttpSessionConfiguration` subclasses.
## [](#spring-security-concurrent-sessions-limitations)Limitations
Spring Session’s implementation of Spring Security’s `SessionRegistry` interface does not support the `getAllPrincipals`method, as this information cannot be retrieved by using Spring Session. This method is never called by Spring Security,
so this affects only applications that access the `SessionRegistry` themselves.
\ No newline at end of file
docs/spring-session/en/upgrading.md 0 → 100644
浏览文件 @ a3ae08b0
# Upgrading to 2.x
With the new major release version, the Spring Session team took the opportunity to make some non-passive changes.
The focus of these changes is to improve and harmonize Spring Session’s APIs as well as remove the deprecated components.
## [](#_baseline_update)Baseline Update
Spring Session 2.0 requires Java 8 and Spring Framework 5.0 as a baseline, since its entire codebase is now based on Java 8 source code.
See [Upgrading to Spring Framework 5.x](https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-5.x) for more on upgrading Spring Framework.
## [](#_replaced_and_removed_modules)Replaced and Removed Modules
As a part of the project’s splitting of the modules, the existing `spring-session` has been replaced with the `spring-session-core` module.
The `spring-session-core` module holds only the common set of APIs and components, while other modules contain the implementation of the appropriate `SessionRepository` and functionality related to that data store.
This applies to several existing modules that were previously a simple dependency aggregator helper module.
With new module arrangement, the following modules actually carry the implementation:
* Spring Session for MongoDB
* Spring Session for Redis
* Spring Session JDBC
* Spring Session Hazelcast
Also, the following were removed from the main project repository:
* Spring Session Data GemFire
* [`spring-session-data-geode`](https://github.com/spring-projects/spring-session-data-geode)
## [](#_replaced_and_removed_packages_classes_and_methods)Replaced and Removed Packages, Classes, and Methods
The following changes were made to packages, classes, and methods:
* `ExpiringSession` API has been merged into the `Session` API.
* The `Session` API has been enhanced to make full use of Java 8.
* The `Session` API has been extended with `changeSessionId` support.
* The `SessionRepository` API has been updated to better align with Spring Data method naming conventions.
* `AbstractSessionEvent` and its subclasses are no longer constructable without an underlying `Session` object.
* The Redis namespace used by `RedisOperationsSessionRepository` is now fully configurable, instead of being partially configurable.
* Redis configuration support has been updated to avoid registering a Spring Session-specific `RedisTemplate` bean.
* JDBC configuration support has been updated to avoid registering a Spring Session-specific `JdbcTemplate` bean.
* Previously deprecated classes and methods have been removed across the codebase
## [](#_dropped_support)Dropped Support
As a part of the changes to `HttpSessionStrategy` and its alignment to the counterpart from the reactive world, the support for managing multiple users' sessions in a single browser instance has been removed.
The introduction of a new API to replace this functionality is under consideration for future releases.
\ No newline at end of file
docs/spring-session/en/web-session.md 0 → 100644
浏览文件 @ a3ae08b0
# WebSession Integration
Spring Session provides transparent integration with Spring WebFlux’s `WebSession`.
This means that you can switch the `WebSession` implementation out with an implementation that is backed by Spring Session.
## [](#websession-why)Why Spring Session and WebSession?
We have already mentioned that Spring Session provides transparent integration with Spring WebFlux’s `WebSession`, but what benefits do we get out of this?
As with `HttpSession`, Spring Session makes it trivial to support [clustered sessions](#websession-redis) without being tied to an application container specific solution.
## [](#websession-redis)WebSession with Redis
Using Spring Session with `WebSession` is enabled by registering a `WebSessionManager` implementation backed by Spring Session’s `ReactiveSessionRepository`.
The Spring configuration is responsible for creating a `WebSessionManager` that replaces the `WebSession` implementation with an implementation backed by Spring Session.
To do so, add the following Spring Configuration:
```
@EnableRedisWebSession (1)
public class SessionConfiguration {
@Bean
public LettuceConnectionFactory redisConnectionFactory() {
return new LettuceConnectionFactory(); (2)
}
}
```
|**1**| The `@EnableRedisWebSession` annotation creates a Spring bean with the name of `webSessionManager`. That bean implements the `WebSessionManager`.<br/>This is what is in charge of replacing the `WebSession` implementation to be backed by Spring Session.<br/>In this instance, Spring Session is backed by Redis. |
|-----|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|**2**|We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.<br/>We configure the connection to connect to localhost on the default port (6379)<br/>For more information on configuring Spring Data Redis, see the [reference documentation](https://docs.spring.io/spring-data/data-redis/docs/2.6.2/reference/html/).|
## [](#websession-how)How WebSession Integration Works
It is considerably easier for Spring Session to integrate with Spring WebFlux and its `WebSession`, compared to Servlet API and its `HttpSession`.
Spring WebFlux provides the `WebSessionStore` API, which presents a strategy for persisting `WebSession`.
| |This section describes how Spring Session provides transparent integration with `WebSession`. We offer this content so that you can understand what is happening under the covers. This functionality is already integrated and you do NOT need to implement this logic yourself.|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
First, we create a custom `SpringSessionWebSession` that delegates to Spring Session’s `Session`.
It looks something like the following:
```
public class SpringSessionWebSession implements WebSession {
enum State {
NEW, STARTED
}
private final S session;
private AtomicReference<State> state = new AtomicReference<>();
SpringSessionWebSession(S session, State state) {
this.session = session;
this.state.set(state);
}
@Override
public void start() {
this.state.compareAndSet(State.NEW, State.STARTED);
}
@Override
public boolean isStarted() {
State value = this.state.get();
return (State.STARTED.equals(value)
|| (State.NEW.equals(value) && !this.session.getAttributes().isEmpty()));
}
@Override
public Mono<Void> changeSessionId() {
return Mono.defer(() -> {
this.session.changeSessionId();
return save();
});
}
// ... other methods delegate to the original Session
}
```
Next, we create a custom `WebSessionStore` that delegates to the `ReactiveSessionRepository` and wraps `Session` into custom `WebSession` implementation, as the following listing shows:
```
public class SpringSessionWebSessionStore<S extends Session> implements WebSessionStore {
private final ReactiveSessionRepository<S> sessions;
public SpringSessionWebSessionStore(ReactiveSessionRepository<S> reactiveSessionRepository) {
this.sessions = reactiveSessionRepository;
}
// ...
}
```
To be detected by Spring WebFlux, this custom `WebSessionStore` needs to be registered with `ApplicationContext` as a bean named `webSessionManager`.
For additional information on Spring WebFlux, see the [Spring Framework Reference Documentation](https://docs.spring.io/spring-framework/docs/5.3.16/reference/html/web-reactive.html).
\ No newline at end of file
docs/spring-session/en/web-socket.md 0 → 100644
浏览文件 @ a3ae08b0
# WebSocket Integration
Spring Session provides transparent integration with Spring’s WebSocket support.
| |Spring Session’s WebSocket support works only with Spring’s WebSocket support.<br/>Specifically,it does not work with using [JSR-356](https://www.jcp.org/en/jsr/detail?id=356) directly, because JSR-356 does not have a mechanism for intercepting incoming WebSocket messages.|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
## [](#websocket-why)Why Spring Session and WebSockets?
So why do we need Spring Session when we use WebSockets?
Consider an email application that does much of its work through HTTP requests.
However, there is also a chat application embedded within it that works over WebSocket APIs.
If a user is actively chatting with someone, we should not timeout the `HttpSession`, since this would be a pretty poor user experience.
However, this is exactly what [JSR-356](https://java.net/jira/browse/WEBSOCKET_SPEC-175) does.
Another issue is that, according to JSR-356, if the `HttpSession` times out, any WebSocket that was created with that `HttpSession` and an authenticated user should be forcibly closed.
This means that, if we are actively chatting in our application and are not using the HttpSession, we also do disconnect from our conversation.
## [](#websocket-usage)WebSocket Usage
The [ WebSocket Sample](samples.html#samples) provides a working sample of how to integrate Spring Session with WebSockets.
You can follow the basic steps for integration described in the next few headings, but we encourage you to follow along with the detailed WebSocket Guide when integrating with your own application.
### [](#websocket-httpsession)`HttpSession` Integration
Before using WebSocket integration, you should be sure that you have [`HttpSession` Integration](http-session.html#httpsession) working first.
#### [](#websocket-spring-configuration)Spring Configuration
In a typical Spring WebSocket application, you would implement `WebSocketMessageBrokerConfigurer`.
For example, the configuration might look something like the following:
```
@Configuration
@EnableScheduling
@EnableWebSocketMessageBroker
public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/messages").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry registry) {
registry.enableSimpleBroker("/queue/", "/topic/");
registry.setApplicationDestinationPrefixes("/app");
}
}
```
We can update our configuration to use Spring Session’s WebSocket support.
The following example shows how to do so:
src/main/java/samples/config/WebSocketConfig.java
```
@Configuration
@EnableScheduling
@EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractSessionWebSocketMessageBrokerConfigurer<Session> { (1)
@Override
protected void configureStompEndpoints(StompEndpointRegistry registry) { (2)
registry.addEndpoint("/messages").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry registry) {
registry.enableSimpleBroker("/queue/", "/topic/");
registry.setApplicationDestinationPrefixes("/app");
}
}
```
To hook in the Spring Session support we only need to change two things:
|**1**|Instead of implementing `WebSocketMessageBrokerConfigurer`, we extend `AbstractSessionWebSocketMessageBrokerConfigurer`|
|-----|-----------------------------------------------------------------------------------------------------------------------|
|**2**| We rename the `registerStompEndpoints` method to `configureStompEndpoints` |
What does `AbstractSessionWebSocketMessageBrokerConfigurer` do behind the scenes?
* `WebSocketConnectHandlerDecoratorFactory` is added as a `WebSocketHandlerDecoratorFactory` to `WebSocketTransportRegistration`.
This ensures a custom `SessionConnectEvent` is fired that contains the `WebSocketSession`.
The `WebSocketSession` is necessary to end any WebSocket connections that are still open when a Spring Session is ended.
* `SessionRepositoryMessageInterceptor` is added as a `HandshakeInterceptor` to every `StompWebSocketEndpointRegistration`.
This ensures that the `Session` is added to the WebSocket properties to enable updating the last accessed time.
* `SessionRepositoryMessageInterceptor` is added as a `ChannelInterceptor` to our inbound `ChannelRegistration`.
This ensures that every time an inbound message is received, that the last accessed time of our Spring Session is updated.
* `WebSocketRegistryListener` is created as a Spring bean.
This ensures that we have a mapping of all of the `Session` IDs to the corresponding WebSocket connections.
By maintaining this mapping, we can close all the WebSocket connections when a Spring Session (HttpSession) is ended.
\ No newline at end of file
docs/spring-session/en/whats-new.md 0 → 100644
浏览文件 @ a3ae08b0
# What’s New
Check also the Spring Session BOM [release notes](https://github.com/spring-projects/spring-session-bom/wiki#release-notes)for a list of new and noteworthy features, as well as upgrade instructions for each release.
\ No newline at end of file
docs/spring-session/http-session.md 0 → 100644
浏览文件 @ a3ae08b0
此差异已折叠。
docs/spring-session/index.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring 会议
Spring 会话提供了用于管理用户的会话信息的 API 和实现。
Spring 会话提供了用于管理用户会话信息的 API 和实现,同时也使得在不绑定到特定于应用程序容器的解决方案的情况下支持群集会话变得非常简单。它还提供了以下方面的透明整合:
* [HttpSession ](http-session.html#httpsession):允许以与应用程序容器无关的方式替换`HttpSession`,并支持在头文件中提供会话 ID,以便与 RESTful API 一起工作。
* [WebSocket](web-socket.html#websocket):提供了在接收 WebSocket 消息时保持`HttpSession`活动的能力
* [WebSession](web-session.html#websession):允许以与应用程序容器无关的方式替换 Spring WebFlux 的`WebSession`
## [](#community) Spring 会话社区
我们 GLAD 将你视为我们社区的一部分。以下各节提供了有关如何与 Spring 会话社区交互的更多信息。
### [](#community-support)支持
你可以通过在[stack overflow with`spring-session`tag](https://stackoverflow.com/questions/tagged/ Spring-session)上提问来获得帮助。同样,我们通过回答有关 Stack Overflow 的问题来鼓励帮助他人。
### [](#community-source)源代码
你可以在 Github 上找到源代码,网址为[https://github.com/spring-projects/spring-session/](https://github.com/spring-projects/spring-session/)
### [](#community-issues)问题跟踪
我们在[https://github.com/spring-projects/spring-session/issues](https://github.com/spring-projects/spring-session/issues)上跟踪 GitHub 问题
### [](#community-contributing)贡献
我们感谢[拉请求](https://help.github.com/articles/using-pull-requests/)
### [](#community-license)许可证
Spring 会话是在[Apache2.0 许可证](https://www.apache.org/licenses/LICENSE-2.0)下发布的开源软件。
### [](#community-extensions)社区扩展
| Name |位置|
|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|Spring Session Infinispan|[https://infinispan.org/infinispan-spring-boot/master/spring\_boot\_starter.html#\_enabling\_spring\_session\_support](https://infinispan.org/infinispan-spring-boot/master/spring_boot_starter.html#_enabling_spring_session_support)|
## [](#minimum-requirements)最低要求
Spring 场会议的最低要求是:
* Java8+。
* 如果你在 Servlet 容器中运行(不是必需的),则 Servlet 3.1+。
* 如果使用其他 Spring 库(不是必需的),则所需的最低版本是 Spring 5.0.x。
* `@EnableRedisHttpSession`需要 Redis2.8+。这是支持[会话过期](api.html#api-redisindexedsessionrepository-expiration)所必需的
* `@EnableHazelcastHttpSession`需要 HazelCast3.6+。这是支持[`FindByIndexNameSessionRepository`]所必需的(api.html#api-enablehazelcasthtpsession-storage)
| |在其核心, Spring 会话仅对`spring-jcl`具有所需的依赖关系。<br/>关于使用 Spring 会话而不使用任何其他 Spring 依赖关系的示例,请参见[Hazelcast 样品](samples.html#samples)应用程序。|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
\ No newline at end of file
docs/spring-session/modules.md 0 → 100644
浏览文件 @ a3ae08b0
# Spring 会话模块
在 Spring session1.x 中, Spring session 的所有`SessionRepository`实现都在`spring-session`工件中可用。虽然方便,但这种方法不能长期持续,因为项目中增加了更多的特性和`SessionRepository`实现。
在 Spring Session2.0 中,将几个模块拆分成独立的模块和托管存储库。 Spring MongoDB 的会话已退役,但后来作为一个单独的模块重新激活。从 Spring 会话 2.6 开始,MongoDB 的 Spring 会话被合并回 Spring 会话。
现在,各种存储库和模块的情况如下:
* [`spring-session`Repository](https://github.com/ Spring-projects/ Spring-session)
* 主持 Spring 会话核心、 Spring MongoDB 会话、 Spring Redis 会话、 Spring 会话 JDBC 和 Spring 会话 Hazelcast 模块。
* [`spring-session-data-geode`Repository](https://github.com/ Spring-projects/ Spring-session-data-geode)
* 托管 Spring 会话数据 Geode 模块。 Spring 会话数据 Geode 有其自己的用户指南,你可以在[[https://spring.io/projects/spring-session-data-geode#learn](https://spring.io/projects/spring-session-data-geode#learn)站点]上找到它。
最后, Spring Session 还提供了一个 Maven BOM(“物料清单”)模块,以帮助用户处理版本管理问题:
* [`spring-session-bom`Repository](https://github.com/ Spring-projects/ Spring-session-bom)
* 主持 Spring 会话 BOM 模块
\ No newline at end of file
docs/spring-session/samples.md 0 → 100644
浏览文件 @ a3ae08b0
# 示例和指南(从这里开始)
要开始使用 Spring 会话,最好的起点是我们的示例应用程序。
|来源| Description | Guide |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|
|[HttpSession with Redis](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-redis)| Demonstrates how to use Spring Session to replace the `HttpSession` with Redis. | [HttpSession with Redis Guide](guides/boot-redis.html) |
|[HttpSession with JDBC](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-jdbc)| Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store. | [HttpSession with JDBC Guide](guides/boot-jdbc.html) |
|[Hazelcast 的 HttpSession](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-hazelcast)| Demonstrates how to use Spring Session to replace the `HttpSession` with Hazelcast. | |
|[按用户名查找 Name](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-findbyusername)| Demonstrates how to use Spring Session to find sessions by username. | [Find by Username Guide](guides/boot-findbyusername.html) |
|[WebSockets](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-websocket)| Demonstrates how to use Spring Session with WebSockets. | [WebSockets Guide](guides/boot-websocket.html) |
|[WebFlux](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-webflux)| Demonstrates how to use Spring Session to replace the Spring WebFlux’s `WebSession` with Redis. | |
|[带有自定义 cookie 的 WebFlux](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-webflux-custom-cookie)| Demonstrates how to use Spring Session to customize the Session cookie in a WebFlux based application. |[WebFlux with Custom Cookie Guide](guides/boot-webflux-custom-cookie.html)|
|[带有 Redis JSON 序列化的 HttpSession](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-redis-json)| Demonstrates how to use Spring Session to replace the `HttpSession` with Redis using JSON serialization. | |
|[HttpSession with Simple Redis`SessionRepository`](https://github.com/ Spring-projects/ Spring-session/tree/main/ Spring-session-samples/ Spring-session-sample-boot-redis-simple)|Demonstrates how to use Spring Session to replace the `HttpSession` with Redis using `RedisSessionRepository`.| |
|[Spring Session with MongoDB Repositories (servlet-based)](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-mongodb-traditional)| Demonstrates how to back Spring Session with traditional MongoDB repositories. | [Spring Session with MongoDB Repositories](guides/boot-mongo.html) |
|[Spring Session with MongoDB Repositories (reactive)](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-mongodb-reactive)| Demonstrates how to back Spring Session with reactive MongoDB repositories. | [Spring Session with MongoDB Repositories](guides/boot-mongo.html) |
|来源| Description | Guide |
|-----------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|--------------------------------------------------------------|
|[HttpSession with Redis](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-redis)| Demonstrates how to use Spring Session to replace the `HttpSession` with Redis. | [HttpSession with Redis Guide](guides/java-redis.html) |
|[HttpSession with JDBC](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-jdbc)|Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store.| [HttpSession with JDBC Guide](guides/java-jdbc.html) |
|[Hazelcast 的 HttpSession](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-hazelcast)| Demonstrates how to use Spring Session to replace the `HttpSession` with Hazelcast. |[HttpSession with Hazelcast Guide](guides/java-hazelcast.html)|
|[自定义 cookie](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-custom-cookie)| Demonstrates how to use Spring Session and customize the cookie. | [Custom Cookie Guide](guides/java-custom-cookie.html) |
|[Spring Security](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-security)| Demonstrates how to use Spring Session with an existing Spring Security application. | [Spring Security Guide](guides/java-security.html) |
|[REST](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-rest)|Demonstrates how to use Spring Session in a REST application to support authenticating with a header.| [REST Guide](guides/java-rest.html) |
|来源| Description | Guide |
|--------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|-----------------------------------------------------|
|[HttpSession with Redis](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-xml-redis)| Demonstrates how to use Spring Session to replace the `HttpSession` with a Redis store. |[HttpSession with Redis Guide](guides/xml-redis.html)|
|[HttpSession with JDBC](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-xml-jdbc)|Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store.| [HttpSession with JDBC Guide](guides/xml-jdbc.html) |
|来源| Description |Guide|
|------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------|-----|
|[Hazelcast](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-misc-hazelcast)|Demonstrates how to use Spring Session with Hazelcast in a Java EE application.| |
\ No newline at end of file
docs/spring-session/spring-security.md 0 → 100644
浏览文件 @ a3ae08b0
此差异已折叠。
docs/spring-session/upgrading.md 0 → 100644
浏览文件 @ a3ae08b0
# 升级到 2.x
有了新的主要版本, Spring 会话团队利用这个机会进行了一些非被动的更改。这些更改的重点是改进和协调 Spring Session 的 API,以及删除不受欢迎的组件。
## [](#_baseline_update)基线更新
Spring 会话 2.0 需要 Java8 和 Spring Framework5.0 作为基线,因为其整个代码库现在基于 Java8 源代码。有关升级 Spring 框架的更多信息,请参见[Upgrading to Spring Framework 5.x](https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-5.x)
## [](#_replaced_and_removed_modules)替换和移除模块
作为项目拆分模块的一部分,现有的`spring-session`已被`spring-session-core`模块所取代。`spring-session-core`模块只保存公共的一组 API 和组件,而其他模块则包含适当的`SessionRepository`的实现以及与该数据存储相关的功能。这适用于几个现有的模块,这些模块以前是一个简单的依赖聚合器助手模块。通过新的模块设置,以下模块实际进行了实现:
* Spring MongoDB 的会话
* Spring Redis 会议
* Spring 会话 JDBC
* Spring 会议 Hazelcast
此外,从主项目存储库中删除了以下内容:
* Spring 会话数据 Gemfire
* [`spring-session-data-geode`](https://github.com/ Spring-projects/ Spring-session-data-geode)
## [](#_replaced_and_removed_packages_classes_and_methods)替换和删除包、类和方法
对包、类和方法进行了以下更改:
* `ExpiringSession`API 已合并到`Session`API 中。
* 已经对`Session`API 进行了增强,以充分利用 Java8。
* `Session`API 已通过`changeSessionId`支持进行了扩展。
* 已经更新了`SessionRepository`API,以更好地与 Spring 数据方法命名约定保持一致。
* 如果没有底层`Session`对象,`AbstractSessionEvent`及其子类将不再可构造。
* `RedisOperationsSessionRepository`使用的 Redis 命名空间现在是完全可配置的,而不是部分可配置的。
* 已更新了 Redis 配置支持,以避免注册 Spring 会话特定的`RedisTemplate` Bean。
* 已更新了 JDBC 配置支持,以避免注册 Spring 会话特定的`JdbcTemplate` Bean。
* 以前不推荐的类和方法已在整个代码库中被删除。
## [](#_dropped_support)支持度下降
作为对`HttpSessionStrategy`的更改及其与来自反应性世界的对应物的对齐的一部分,对在单个浏览器实例中管理多个用户会话的支持已被删除。正在考虑在未来的版本中引入一个新的 API 来取代此功能。
\ No newline at end of file
docs/spring-session/web-session.md 0 → 100644
浏览文件 @ a3ae08b0
此差异已折叠。
docs/spring-session/web-socket.md 0 → 100644
浏览文件 @ a3ae08b0
此差异已折叠。
docs/spring-session/whats-new.md 0 → 100644
浏览文件 @ a3ae08b0
# 有什么新鲜事吗?
还请检查 Spring 会话 BOM[发行说明](https://github.com/spring-projects/spring-session-bom/wiki#release-notes),以获取新的和值得注意的功能的列表,以及每个版本的升级说明。
\ No newline at end of file
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册