Skip to content

Spring 中文文档社区
Spring 中文文档社区

曹牛马 / Spring 中文文档社区
与 Fork 源项目一致

Fork自 开发云 / Spring 中文文档社区

通知 1
Star 0
Fork 0
Spring 中文文档社区
Spring 中文文档社区

体验新版 GitCode,发现更多精彩内容 >>

提交 c076dca0 编写于 作者: 茶陵後's avatar 茶陵後 👍
浏览文件
操作

#19 优化

上级 a3ae08b0
展开全部 隐藏空白更改
内联 并排
Showing with 157 addition and 2925 deletion
docs/spring-cloud-data-flow/spring-cloud-dataflow.md
浏览文件 @ c076dca0
......@@ -12316,8 +12316,4 @@ spring:
provider:
azure:
issuer-uri: https://login.microsoftonline.com/799dcfde-b9e3-4dfc-ac25-659b326e0bcd/v2.0
```
最近更新时间:2022-01-18 18:55:25UTC
hljs.inithighlighting()if{{{i[’GoogleAnalyticsObject’]=r;i[r]=i[r]||function(){(i[r].q=i[r].q|[]).push(参数)},i[r].l=1\*new date();a=s.createelement(o),m.getelementsname(o)[0];a.asymentsname=1;a.SRC=g.node=getname;google(a.com=node=gleanalytnode,’,’’docume’,’’’document’,’
\ No newline at end of file
```
\ No newline at end of file
docs/spring-session/api.md
浏览文件 @ c076dca0
......@@ -84,7 +84,7 @@ Spring 使用`Session`的会话最基本的 API 是`SessionRepository`。这个
一些`SessionRepository`实现方式也可以选择实现`FindByIndexNameSessionRepository`。例如, Spring 的 Redis、JDBC 和 Hazelcast 支持库都实现了`FindByIndexNameSessionRepository`
`FindByIndexNameSessionRepository`提供了一个方法来查找具有给定的索引名和索引值的所有会话。作为所有提供的`FindByIndexNameSessionRepository`实现所支持的通用用例,你可以使用一种方便的方法来查找特定用户的所有会话。这是通过确保将名称为`FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME`的会话属性填充为用户名来完成的。你有责任确保填充该属性,因为 Spring 会话不知道正在使用的身份验证机制。下面的清单中可以看到如何使用该方法的示例:
`FindByIndexNameSessionRepository`提供了一个方法来查找具有给定的索引名和索引值的所有会话。作为所有提供的`FindByIndexNameSessionRepository`实现所支持的通用用例,你可以使用一种方便的方法来查找特定用户的所有会话。这是通过确保将名称为`FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME`的会话属性填充为用户名来完成的。你有责任确保填充该属性,因为 Spring Session 不知道正在使用的身份验证机制。下面的清单中可以看到如何使用该方法的示例:
```
String username = "username";
......@@ -244,7 +244,7 @@ EXPIRE spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe 2100
| |`SessionRepository.findById(String)`方法确保不返回过期的会话。<br/>这意味着在使用会话之前不需要检查过期。|
|---|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
Spring 会话依赖于从 Redis 中删除和过期的[键位通知](https://redis.io/topics/notifications)来发射一个[`SessionDeletedEvent`](#api-redinidexedsessionRepository-sessionDestroyedEvent)和一个[<gtr="179"/>](#api-redinidexedsessionRepository-sessionDestroyedEvent)。<gtr="180"/><gtr="181"/>确保清理与<gtr="182"/>相关的资源。例如,当你使用 Spring 会话的 WebSocket 支持时,Redis 过期或删除事件将触发与会话相关的任何 WebSocket 连接以关闭。
Spring Session 依赖于从 Redis 中删除和过期的[键位通知](https://redis.io/topics/notifications)来发射一个[`SessionDeletedEvent`](#api-redinidexedsessionRepository-sessionDestroyedEvent)和一个[<gtr="179"/>](#api-redinidexedsessionRepository-sessionDestroyedEvent)。<gtr="180"/><gtr="181"/>确保清理与<gtr="182"/>相关的资源。例如,当你使用 Spring Session 的 WebSocket 支持时,Redis 过期或删除事件将触发与会话相关的任何 WebSocket 连接以关闭。
不会在会话密钥本身上直接跟踪过期,因为这将意味着会话数据将不再可用。相反,使用了一个特殊的会话过期键.在前面的示例中,Expires 键如下:
......@@ -285,7 +285,7 @@ EXPIRE spring:session:expirations1439245080000 2100
redis-cli config set notify-keyspace-events Egx
```
如果使用`@EnableRedisHttpSession`,那么管理`SessionMessageListener`并启用必要的 Redis 密钥空间事件将自动完成。但是,在一个安全的 Redis 环境中,config 命令是禁用的。这意味着 Spring 会话不能为你配置 Redis Keyspace 事件。若要禁用自动配置,请将`ConfigureRedisAction.NO_OP`添加为 Bean。
如果使用`@EnableRedisHttpSession`,那么管理`SessionMessageListener`并启用必要的 Redis 密钥空间事件将自动完成。但是,在一个安全的 Redis 环境中,config 命令是禁用的。这意味着 Spring Session 不能为你配置 Redis Keyspace 事件。若要禁用自动配置,请将`ConfigureRedisAction.NO_OP`添加为 Bean。
例如,对于 Java 配置,你可以使用以下方法:
......@@ -320,7 +320,7 @@ redis 127.0.0.1:6379> keys *
2) "spring:session:expirations:1418772300000" (2)
```
|**1**|此键的后缀是 Spring 会话的会话标识符。|
|**1**|此键的后缀是 Spring Session 的会话标识符。|
|-----|-----------------------------------------------------------------------------------------|
|**2**|此键包含在`1418772300000`时应删除的所有会话 ID。|
......@@ -379,7 +379,7 @@ redis 127.0.0.1:6379> keys *
1) "spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021" (1)
```
|**1**|此键的后缀是 Spring 会话的会话标识符。|
|**1**|此键的后缀是 Spring Session 的会话标识符。|
|-----|-----------------------------------------------------------------------|
你还可以使用`hkeys`命令查看每个会话的属性。下面的示例展示了如何做到这一点:
......@@ -406,7 +406,7 @@ redis 127.0.0.1:6379> hget spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed
SessionRepository<? extends Session> repository = new MapSessionRepository(new ConcurrentHashMap<>());
```
### [](#api-mapsessionrepository-hazelcast)使用 Spring 会话和 hazlecast
### [](#api-mapsessionrepository-hazelcast)使用 Spring Session 和 hazlecast
[Hazelcast 样品](samples.html#samples)是一个完整的应用程序,它演示了如何使用 Spring 与 HazelCast 会话。
......@@ -416,7 +416,7 @@ SessionRepository<? extends Session> repository = new MapSessionRepository(new C
./gradlew :samples:hazelcast:tomcatRun
```
[Hazelcast Spring Sample](samples.html#samples)是一个完整的应用程序,它演示了如何使用 Spring 会话与 Spring 安全性。
[Hazelcast Spring Sample](samples.html#samples)是一个完整的应用程序,它演示了如何使用 Spring Session 与 Spring 安全性。
它包括支持发射`SessionCreatedEvent``SessionDeletedEvent``SessionExpiredEvent`的示例 HazelCast`MapListener`实现。
......@@ -457,7 +457,7 @@ SessionRepository<? extends Session> repository = new JdbcIndexedSessionReposito
在 Web 环境中,创建新的`JdbcIndexedSessionRepository`的最简单方法是使用`@EnableJdbcHttpSession`。你可以在[示例和指南(从这里开始)](samples.html#samples)中找到完整的使用示例,你可以使用以下属性来定制配置:
* **表格 Name**: Spring 会话用于存储会话的数据库表名称
* **表格 Name**: Spring Session 用于存储会话的数据库表名称
* **最大活动间隔秒**:会话之前的时间将在几秒内到期
......@@ -583,7 +583,7 @@ HazelcastIndexedSessionRepository repository = new HazelcastIndexedSessionReposi
## [](#api-cookieserializer)使用`CookieSerializer`
a`CookieSerializer`负责定义会话 cookie 的编写方式。 Spring 会话带有使用`DefaultCookieSerializer`的默认实现。
a`CookieSerializer`负责定义会话 cookie 的编写方式。 Spring Session 带有使用`DefaultCookieSerializer`的默认实现。
### [](#api-cookieserializer-bean)将`CookieSerializer`暴露为 Bean
......@@ -635,8 +635,8 @@ a`CookieSerializer`负责定义会话 cookie 的编写方式。 Spring 会话带
## [](#custom-sessionrepository)自定义`SessionRepository`
实现自定义[`SessionRepository`](#API-SessionRepository)API 应该是一项相当简单的任务。将自定义实现与[`@EnableSpringHttpSession`](#api-enablespringhtpsession)支持相耦合,可以重用现有的 Spring 会话配置设施和基础设施。然而,有几个方面值得更仔细地考虑。
实现自定义[`SessionRepository`](#API-SessionRepository)API 应该是一项相当简单的任务。将自定义实现与[`@EnableSpringHttpSession`](#api-enablespringhtpsession)支持相耦合,可以重用现有的 Spring Session 配置设施和基础设施。然而,有几个方面值得更仔细地考虑。
在 HTTP 请求的生命周期中,`HttpSession`通常会两次持久化到`SessionRepository`。第一个持久化操作是确保一旦客户端访问了会话 ID,会话对客户端是可用的,并且还需要在会话提交后写入,因为可能会对会话进行进一步的修改。考虑到这一点,我们通常建议`SessionRepository`实现跟踪更改,以确保只保存增量。这在高度并发的环境中尤其重要,在这种环境中,多个请求在同一个`HttpSession`上运行,因此会导致竞争条件,因为请求会覆盖彼此对会话属性的更改。 Spring 会话提供的所有`SessionRepository`实现都使用所描述的方法来持久化会话更改,并且可以在实现自定义`SessionRepository`时用于指导。
在 HTTP 请求的生命周期中,`HttpSession`通常会两次持久化到`SessionRepository`。第一个持久化操作是确保一旦客户端访问了会话 ID,会话对客户端是可用的,并且还需要在会话提交后写入,因为可能会对会话进行进一步的修改。考虑到这一点,我们通常建议`SessionRepository`实现跟踪更改,以确保只保存增量。这在高度并发的环境中尤其重要,在这种环境中,多个请求在同一个`HttpSession`上运行,因此会导致竞争条件,因为请求会覆盖彼此对会话属性的更改。 Spring Session 提供的所有`SessionRepository`实现都使用所描述的方法来持久化会话更改,并且可以在实现自定义`SessionRepository`时用于指导。
请注意,同样的建议也适用于实现自定义[`ReactiveSessionRepository`](#API-reactivesessionRepository)。在这种情况下,你应该使用[`@EnableSpringWebSession`]。
\ No newline at end of file
docs/spring-session/boot-findbyusername.md
浏览文件 @ c076dca0
# Spring 会话-按用户名查找
# Spring Session-按用户名查找
本指南描述了如何使用 Spring 会话通过用户名查找会话。
本指南描述了如何使用 Spring Session 通过用户名查找会话。
| |你可以在[FindByUserName 应用程序](#findbyusername-sample)中找到完整的指南。|
|---|---------------------------------------------------------------------------------------------|
......@@ -9,9 +9,9 @@
## [](#findbyusername-assumptions)假设
该指南假定你已经通过使用内置的 Redis 配置支持向应用程序添加了 Spring 会话。该指南还假定你已经对应用程序应用了 Spring 安全性。然而,我们的指南是有点通用的目的,可以应用于任何技术,只需最小的变化,这一点我们将在后面的指南中进行讨论。
该指南假定你已经通过使用内置的 Redis 配置支持向应用程序添加了 Spring Session 。该指南还假定你已经对应用程序应用了 Spring 安全性。然而,我们的指南是有点通用的目的,可以应用于任何技术,只需最小的变化,这一点我们将在后面的指南中进行讨论。
| |如果需要学习如何将 Spring 会话添加到项目中,请参见[样本和指南](../#samples)列表|
| |如果需要学习如何将 Spring Session 添加到项目中,请参见[样本和指南](../#samples)列表|
|---|--------------------------------------------------------------------------------------------------------------------|
## [](#_about_the_sample)关于样本
......@@ -32,7 +32,7 @@
## [](#_mapping_the_user_name)映射用户名
`FindByIndexNameSessionRepository`如果开发人员指示 Spring 会话什么用户与`Session`相关联,则只能通过用户名找到会话。你可以通过确保将名称`FindByUsernameSessionRepository.PRINCIPAL_NAME_INDEX_NAME`的会话属性填充为用户名来做到这一点。
`FindByIndexNameSessionRepository`如果开发人员指示 Spring Session 什么用户与`Session`相关联,则只能通过用户名找到会话。你可以通过确保将名称`FindByUsernameSessionRepository.PRINCIPAL_NAME_INDEX_NAME`的会话属性填充为用户名来做到这一点。
一般来说,你可以在用户进行身份验证后立即使用以下代码来完成此操作:
......@@ -103,7 +103,7 @@ public void doFilterInternal(HttpServletRequest request, HttpServletResponse res
我们获得我们想要的信息,然后将`SessionDetails`设置为`Session`中的一个属性。当我们通过用户名检索`Session`时,我们可以使用会话来访问我们的`SessionDetails`,就像我们将访问任何其他会话属性一样。
| |你可能想知道为什么 Spring 会话没有提供`SessionDetails`开箱即用的功能。<br/>我们有两个原因。<br/>第一个原因是应用程序自己实现这一点是非常琐碎的。<br/>第二个原因是信息会话中填充的内容(以及信息更新的频率)高度依赖于应用程序。|
| |你可能想知道为什么 Spring Session 没有提供`SessionDetails`开箱即用的功能。<br/>我们有两个原因。<br/>第一个原因是应用程序自己实现这一点是非常琐碎的。<br/>第二个原因是信息会话中填充的内容(以及信息更新的频率)高度依赖于应用程序。|
|---|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
## [](#_finding_sessions_for_a_specific_user)查找特定用户的会话
......
docs/spring-session/boot-jdbc.md
浏览文件 @ c076dca0
# Spring 会话- Spring 启动
# Spring Session- Spring 启动
本指南描述了在使用 Spring 引导时如何使用 Spring 会话来透明地利用关系数据库来支持 Web 应用程序的`HttpSession`
本指南描述了在使用 Spring 引导时如何使用 Spring Session 来透明地利用关系数据库来支持 Web 应用程序的`HttpSession`
| |你可以在[httpsession-jdbc-boot 示例应用程序](#httpsession-jdbc-boot-sample)中找到完整的指南。|
|---|------------------------------------------------------------------------------------------------------------------|
......@@ -9,7 +9,7 @@
## [](#_updating_dependencies)更新依赖项
在使用 Spring 会话之前,你必须更新你的依赖关系。我们假设你正在使用一个有效的启动 Web 应用程序。如果使用 Maven,则必须添加以下依赖项:
在使用 Spring Session 之前,你必须更新你的依赖关系。我们假设你正在使用一个有效的启动 Web 应用程序。如果使用 Maven,则必须添加以下依赖项:
POM.xml
......@@ -24,11 +24,11 @@ POM.xml
</dependencies>
```
Spring 启动为 Spring 会话模块提供了依赖管理,因此不需要显式地声明依赖版本。
Spring 启动为 Spring Session 模块提供了依赖管理,因此不需要显式地声明依赖版本。
## [](#httpsession-jdbc-boot-spring-configuration) Spring 引导配置
在添加了所需的依赖项之后,我们就可以创建我们的 Spring 启动配置了。多亏了一流的自动配置支持,在关系数据库支持下设置 Spring 会话就像在`application.properties`中添加一个配置属性一样简单。下面的清单展示了如何做到这一点:
在添加了所需的依赖项之后,我们就可以创建我们的 Spring 启动配置了。多亏了一流的自动配置支持,在关系数据库支持下设置 Spring Session 就像在`application.properties`中添加一个配置属性一样简单。下面的清单展示了如何做到这一点:
SRC/主/资源/应用程序.properties
......@@ -36,9 +36,9 @@ SRC/主/资源/应用程序.properties
spring.session.store-type=jdbc # Session store type.
```
如果在 Classpath 上存在单个 Spring 会话模块,则 Spring 引导将自动使用该存储实现。如果有多个实现,则必须选择要用来存储会话的 StoreType,如上面所示。
如果在 Classpath 上存在单个 Spring Session 模块,则 Spring 引导将自动使用该存储实现。如果有多个实现,则必须选择要用来存储会话的 StoreType,如上面所示。
在这种情况下, Spring boot 应用的配置相当于手动添加`@EnableJdbcHttpSession`注释。这将创建一个名为`springSessionRepositoryFilter`的 Spring Bean。 Bean 实现`Filter`。过滤器负责替换要由 Spring 会话支持的`HttpSession`实现。
在这种情况下, Spring boot 应用的配置相当于手动添加`@EnableJdbcHttpSession`注释。这将创建一个名为`springSessionRepositoryFilter`的 Spring Bean。 Bean 实现`Filter`。过滤器负责替换要由 Spring Session 支持的`HttpSession`实现。
你可以使用`application.properties`来进一步自定义。下面的清单展示了如何做到这一点:
......@@ -55,7 +55,7 @@ spring.session.jdbc.table-name=SPRING_SESSION # Name of the database table used
## [](#httpsession-jdbc-boot-configuration)配置`DataSource`
Spring 引导会自动创建一个`DataSource`,它将 Spring 会话连接到 H2 数据库的嵌入式实例。在生产环境中,你需要更新配置以指向关系数据库。例如,你可以在应用程序中包含以下内容:
Spring 引导会自动创建一个`DataSource`,它将 Spring Session 连接到 H2 数据库的嵌入式实例。在生产环境中,你需要更新配置以指向关系数据库。例如,你可以在应用程序中包含以下内容:
SRC/主/资源/应用程序.properties
......@@ -69,13 +69,13 @@ spring.datasource.password= # Login password of the database.
## [](#httpsession-jdbc-boot-servlet-configuration) Servlet 容器初始化
我们的[Spring Boot Configuration](#httpsession-jdbc-boot-spring-configuration)创建了一个名为`springSessionRepositoryFilter`的 Spring Bean,它实现了`Filter``springSessionRepositoryFilter` Bean 负责用 Spring 会话支持的自定义实现替换`HttpSession`
我们的[Spring Boot Configuration](#httpsession-jdbc-boot-spring-configuration)创建了一个名为`springSessionRepositoryFilter`的 Spring Bean,它实现了`Filter``springSessionRepositoryFilter` Bean 负责用 Spring Session 支持的自定义实现替换`HttpSession`
为了让我们的`Filter`发挥其魔力, Spring 需要加载我们的`Config`类。最后,我们需要确保我们的 Servlet 容器(即 Tomcat)为每个请求使用我们的`springSessionRepositoryFilter`。幸运的是,Boot 为我们解决了这两个步骤。
## [](#httpsession-jdbc-boot-sample)`httpsession-jdbc-boot`示例应用程序
HttpSession-JDBC-Boot 示例应用程序演示了如何在使用 Spring 引导时使用 Spring 会话透明地利用 H2 数据库来支持 Web 应用程序的`HttpSession`
HttpSession-JDBC-Boot 示例应用程序演示了如何在使用 Spring 引导时使用 Spring Session 透明地利用 H2 数据库来支持 Web 应用程序的`HttpSession`
### [](#httpsession-jdbc-boot-running)运行`httpsession-jdbc-boot`示例应用程序
......@@ -99,9 +99,9 @@ $ ./gradlew :spring-session-sample-boot-jdbc:bootRun
### [](#httpsession-jdbc-boot-how)它是如何工作的?
我们不使用 Tomcat 的`HttpSession`,而是将这些值保存在 H2 数据库中。 Spring 会话使用由关系数据库支持的实现来替换`HttpSession`。当 Spring Security 的`SecurityContextPersistenceFilter``SecurityContext`保存到`HttpSession`时,它将被持久化到 H2 数据库中。
我们不使用 Tomcat 的`HttpSession`,而是将这些值保存在 H2 数据库中。 Spring Session 使用由关系数据库支持的实现来替换`HttpSession`。当 Spring Security 的`SecurityContextPersistenceFilter``SecurityContext`保存到`HttpSession`时,它将被持久化到 H2 数据库中。
当创建一个新的`HttpSession`时, Spring 会话将在浏览器中创建一个名为`SESSION`的 cookie。该 cookie 包含你的会话的 ID。你可以查看 cookies(使用[Chrome](https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies)[Firefox](https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector))。
当创建一个新的`HttpSession`时, Spring Session 将在浏览器中创建一个名为`SESSION`的 cookie。该 cookie 包含你的会话的 ID。你可以查看 cookies(使用[Chrome](https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies)[Firefox](https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector))。
你可以通过使用 H2Web 控制台来删除会话:[http://localhost:8080/h2-console/](http://localhost:8080/h2-console/)(对于 JDBC URL 使用`jdbc:h2:mem:testdb`)。
......
docs/spring-session/boot-mongo.md
浏览文件 @ c076dca0
# Spring 会话-MongoDB 存储库
# Spring Session-MongoDB 存储库
本指南描述了如何使用由 MongoDB 支持的 Spring 会话
本指南描述了如何使用由 MongoDB 支持的 Spring Session
| |完整的指南可在[Mongo 示例应用程序](#mongo-sample)中找到。|
|---|----------------------------------------------------------------------------------|
......@@ -9,7 +9,7 @@
## [](#_updating_dependencies)更新依赖项
在使用 Spring 会话 MongoDB 之前,必须确保更新依赖项。我们假设你正在使用一个有效的启动 Web 应用程序。如果你正在使用 Maven,请确保添加以下依赖项:
在使用 Spring Session MongoDB 之前,必须确保更新依赖项。我们假设你正在使用一个有效的启动 Web 应用程序。如果你正在使用 Maven,请确保添加以下依赖项:
POM.xml
......@@ -39,7 +39,7 @@ POM.xml
## [](#mongo-spring-configuration) Spring 配置
在添加了所需的依赖关系之后,我们就可以创建我们的 Spring 配置了。 Spring 配置负责创建一个 Servlet 过滤器,该过滤器将`HttpSession`实现替换为由 Spring 会话支持的实现。
在添加了所需的依赖关系之后,我们就可以创建我们的 Spring 配置了。 Spring 配置负责创建一个 Servlet 过滤器,该过滤器将`HttpSession`实现替换为由 Spring Session 支持的实现。
你所要做的就是添加以下 Spring 配置:
......@@ -61,7 +61,7 @@ public class HttpSessionConfig {
## [](#boot-mongo-configuration)配置 MongoDB 连接
Spring 引导会自动创建一个`MongoClient`,它将 Spring 会话连接到端口 27017(默认端口)上的 LocalHost 上的 MongoDB 服务器。在生产环境中,你需要确保更新配置以指向 MongoDB 服务器。例如,你可以在**应用程序.属性**中包含以下内容
Spring 引导会自动创建一个`MongoClient`,它将 Spring Session 连接到端口 27017(默认端口)上的 LocalHost 上的 MongoDB 服务器。在生产环境中,你需要确保更新配置以指向 MongoDB 服务器。例如,你可以在**应用程序.属性**中包含以下内容
SRC/主/资源/应用程序.properties
......@@ -75,13 +75,13 @@ spring.data.mongodb.database=prod
## [](#boot-servlet-configuration) Servlet 容器初始化
我们的[Spring Configuration](#boot-mongo-configuration)创建了一个名为`springSessionRepositoryFilter`的 Spring Bean,它实现了`Filter``springSessionRepositoryFilter` Bean 负责用 Spring 会话支持的自定义实现替换`HttpSession`
我们的[Spring Configuration](#boot-mongo-configuration)创建了一个名为`springSessionRepositoryFilter`的 Spring Bean,它实现了`Filter``springSessionRepositoryFilter` Bean 负责用 Spring Session 支持的自定义实现替换`HttpSession`
为了让我们的`Filter`发挥其魔力, Spring 需要加载我们的`Config`类。最后,我们需要确保我们的 Servlet 容器(即 Tomcat)对每个请求使用我们的`springSessionRepositoryFilter`。幸运的是,Boot 为我们解决了这两个步骤。
## [](#mongo-sample)MongoDB 示例应用程序
MongoDB 示例应用程序演示了如何在使用 Spring 引导时使用 Spring 会话透明地利用 MongoDB 来支持 Web 应用程序的`HttpSession`
MongoDB 示例应用程序演示了如何在使用 Spring 引导时使用 Spring Session 透明地利用 MongoDB 来支持 Web 应用程序的`HttpSession`
### [](#mongo-running)运行 MongoDB 示例应用程序
......@@ -105,9 +105,9 @@ $ ./gradlew :samples:mongo:bootRun
### [](#mongo-how)它是如何工作的?
而不是使用 Tomcat 的`HttpSession`,我们实际上是在 Mongo 中持久化这些值。 Spring 会话用 Mongo 支持的实现替换`HttpSession`。当 Spring Security 的`SecurityContextPersistenceFilter``SecurityContext`保存到`HttpSession`时,它将被持久化到 Mongo 中。
而不是使用 Tomcat 的`HttpSession`,我们实际上是在 Mongo 中持久化这些值。 Spring Session 用 Mongo 支持的实现替换`HttpSession`。当 Spring Security 的`SecurityContextPersistenceFilter``SecurityContext`保存到`HttpSession`时,它将被持久化到 Mongo 中。
当创建一个新的`HttpSession`时, Spring 会话将在浏览器中创建一个名为会话的 cookie,其中包含会话的 ID。继续查看 cookies(单击[Chrome](https://developer.chrome.com/devtools/docs/resources#cookies)[Firefox](https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List)以获取帮助)。
当创建一个新的`HttpSession`时, Spring Session 将在浏览器中创建一个名为会话的 cookie,其中包含会话的 ID。继续查看 cookies(单击[Chrome](https://developer.chrome.com/devtools/docs/resources#cookies)[Firefox](https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List)以获取帮助)。
如果你愿意,你可以使用 Mongo 客户机轻松地检查会话。例如,在基于 Linux 的系统上,你可以键入:
......
docs/spring-session/boot-redis.md
浏览文件 @ c076dca0
# Spring 会话- Spring 启动
# Spring Session- Spring 启动
本指南描述了在使用 Spring 引导时如何使用 Spring 会话透明地利用 Redis 来支持 Web 应用程序的`HttpSession`
本指南描述了在使用 Spring 引导时如何使用 Spring Session 透明地利用 Redis 来支持 Web 应用程序的`HttpSession`
| |你可以在[引导示例应用程序](#boot-sample)中找到完整的指南。|
|---|--------------------------------------------------------------------------------|
......@@ -9,7 +9,7 @@
## [](#_updating_dependencies)更新依赖项
在使用 Spring 会话之前,你必须确保你的依赖关系。我们假设你正在使用一个有效的启动 Web 应用程序。如果正在使用 Maven,则必须添加以下依赖项:
在使用 Spring Session 之前,你必须确保你的依赖关系。我们假设你正在使用一个有效的启动 Web 应用程序。如果正在使用 Maven,则必须添加以下依赖项:
POM.xml
......@@ -24,11 +24,11 @@ POM.xml
</dependencies>
```
Spring 启动为 Spring 会话模块提供了依赖管理,因此不需要显式声明依赖版本。
Spring 启动为 Spring Session 模块提供了依赖管理,因此不需要显式声明依赖版本。
## [](#boot-spring-configuration) Spring 引导配置
在添加了所需的依赖项之后,我们就可以创建我们的 Spring 启动配置了。多亏了一流的自动配置支持,由 Redis 支持的设置 Spring 会话非常简单,只需向你的`application.properties`添加一个配置属性,如以下清单所示:
在添加了所需的依赖项之后,我们就可以创建我们的 Spring 启动配置了。多亏了一流的自动配置支持,由 Redis 支持的设置 Spring Session 非常简单,只需向你的`application.properties`添加一个配置属性,如以下清单所示:
SRC/主/资源/应用程序.properties
......@@ -36,7 +36,7 @@ SRC/主/资源/应用程序.properties
spring.session.store-type=redis # Session store type.
```
在这种情况下, Spring boot 应用的配置相当于手动添加`@EnableRedisHttpSession`注释。这将创建一个名为`springSessionRepositoryFilter`的 Spring Bean,实现`Filter`。过滤器负责替换要由 Spring 会话支持的`HttpSession`实现。
在这种情况下, Spring boot 应用的配置相当于手动添加`@EnableRedisHttpSession`注释。这将创建一个名为`springSessionRepositoryFilter`的 Spring Bean,实现`Filter`。过滤器负责替换要由 Spring Session 支持的`HttpSession`实现。
使用`application.properties`还可以进行进一步的定制,如以下清单所示:
......@@ -52,7 +52,7 @@ spring.session.redis.namespace=spring:session # Namespace for keys used to store
## [](#boot-redis-configuration)配置 Redis 连接
Spring 启动会自动创建一个`RedisConnectionFactory`,它将 Spring 会话连接到端口 6379(默认端口)上本地主机上的 Redis 服务器。在生产环境中,你需要更新配置以指向 Redis 服务器。例如,你可以在应用程序中包含以下内容:
Spring 启动会自动创建一个`RedisConnectionFactory`,它将 Spring Session 连接到端口 6379(默认端口)上本地主机上的 Redis 服务器。在生产环境中,你需要更新配置以指向 Redis 服务器。例如,你可以在应用程序中包含以下内容:
SRC/主/资源/应用程序.properties
......@@ -66,13 +66,13 @@ spring.redis.port=6379 # Redis server port.
## [](#boot-servlet-configuration) Servlet 容器初始化
我们的[Spring Boot Configuration](#boot-spring-configuration)创建了一个名为`springSessionRepositoryFilter`的 Spring Bean,它实现了`Filter``springSessionRepositoryFilter` Bean 负责用 Spring 会话支持的自定义实现替换`HttpSession`
我们的[Spring Boot Configuration](#boot-spring-configuration)创建了一个名为`springSessionRepositoryFilter`的 Spring Bean,它实现了`Filter``springSessionRepositoryFilter` Bean 负责用 Spring Session 支持的自定义实现替换`HttpSession`
为了使我们的`Filter`发挥其魔力, Spring 需要加载我们的`Config`类。最后,我们需要确保我们的 Servlet 容器(即 Tomcat)为每个请求使用我们的`springSessionRepositoryFilter`。幸运的是,Boot 为我们解决了这两个步骤。
## [](#boot-sample)引导示例应用程序
引导示例应用程序演示了如何在使用 Spring 引导时使用 Spring 会话透明地利用 Redis 来支持 Web 应用程序的`HttpSession`
引导示例应用程序演示了如何在使用 Spring 引导时使用 Spring Session 透明地利用 Redis 来支持 Web 应用程序的`HttpSession`
### [](#boot-running)运行引导示例应用程序
......@@ -99,9 +99,9 @@ $ ./gradlew :spring-session-sample-boot-redis:bootRun
### [](#boot-how)它是如何工作的?
我们不使用 Tomcat 的`HttpSession`,而是在 Redis 中保存这些值。 Spring 会话用一个由 Redis 支持的实现替换`HttpSession`。当 Spring Security 的`SecurityContextPersistenceFilter``SecurityContext`保存到`HttpSession`时,它将被持久化到 Redis 中。
我们不使用 Tomcat 的`HttpSession`,而是在 Redis 中保存这些值。 Spring Session 用一个由 Redis 支持的实现替换`HttpSession`。当 Spring Security 的`SecurityContextPersistenceFilter``SecurityContext`保存到`HttpSession`时,它将被持久化到 Redis 中。
当创建一个新的`HttpSession`时, Spring 会话将在浏览器中创建一个名为`SESSION`的 cookie。该 cookie 包含你的会话的 ID。你可以查看 cookies(使用[Chrome](https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies)[Firefox](https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector))。
当创建一个新的`HttpSession`时, Spring Session 将在浏览器中创建一个名为`SESSION`的 cookie。该 cookie 包含你的会话的 ID。你可以查看 cookies(使用[Chrome](https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies)[Firefox](https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector))。
你可以使用 redis-cli 删除会话。例如,在基于 Linux 的系统上,你可以键入以下内容:
......
docs/spring-session/boot-webflux-custom-cookie.md
浏览文件 @ c076dca0
# Spring 带有自定义 cookie 的会话-WebFlux
本指南描述了如何配置 Spring 会话以在基于 WebFlux 的应用程序中使用自定义 Cookie。该指南假定你已经使用所选的数据存储在项目中设置了 Spring 会话。例如,[HttpSession with Redis ](./boot-redis.html)
本指南描述了如何配置 Spring Session 以在基于 WebFlux 的应用程序中使用自定义 Cookie。该指南假定你已经使用所选的数据存储在项目中设置了 Spring Session 。例如,[HttpSession with Redis ](./boot-redis.html)
| |你可以在[WebFlux 自定义 Cookie 示例应用程序](#webflux-custom-cookie-sample)中找到完整的指南。|
|---|------------------------------------------------------------------------------------------------------------------|
......@@ -9,7 +9,7 @@
## [](#webflux-custom-cookie-spring-configuration) Spring 引导配置
一旦设置了 Spring 会话,就可以通过将`WebSessionIdResolver`公开为 Spring Bean 来自定义会话 cookie 的编写方式。 Spring 默认情况下,会话使用`CookieWebSessionIdResolver`。在使用`@EnableRedisHttpSession`之类的配置时,将`WebSessionIdResolver`公开为 Spring Bean 会增强现有的配置。下面的示例展示了如何自定义 Spring 会话的 cookie:
一旦设置了 Spring Session ,就可以通过将`WebSessionIdResolver`公开为 Spring Bean 来自定义会话 cookie 的编写方式。 Spring 默认情况下,会话使用`CookieWebSessionIdResolver`。在使用`@EnableRedisHttpSession`之类的配置时,将`WebSessionIdResolver`公开为 Spring Bean 会增强现有的配置。下面的示例展示了如何自定义 Spring Session 的 cookie:
```
@Bean
......
docs/spring-session/boot-websocket.md
浏览文件 @ c076dca0
# Spring 会议- WebSocket
本指南描述了如何使用 Spring 会话来确保 WebSocket 消息使你的 HttpSession 保持活跃。
本指南描述了如何使用 Spring Session 来确保 WebSocket 消息使你的 HttpSession 保持活跃。
| |Spring session 的 WebSocket 支持仅对 Spring 的 WebSocket 支持有效。<br/>具体来说,它不能直接使用[JSR-356](https://www.jcp.org/en/jsr/detail?id=356),因为 JSR-356 没有拦截传入 WebSocket 消息的机制。|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
......@@ -9,9 +9,9 @@
## [](#_httpsession_setup)HttpSession 设置
第一步是将 Spring 会话与 HttpSession 集成在一起。这些步骤已经在[HttpSession with Redis 指南](./boot-redis.html)中进行了概述。
第一步是将 Spring Session 与 HttpSession 集成在一起。这些步骤已经在[HttpSession with Redis 指南](./boot-redis.html)中进行了概述。
在继续之前,请确保你已经将 Spring 会话集成到 HttpSession 中。
在继续之前,请确保你已经将 Spring Session 集成到 HttpSession 中。
## [](#websocket-spring-configuration) Spring 配置
......@@ -37,7 +37,7 @@ public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
}
```
我们可以更新配置以使用 Spring 会话的 WebSocket 支持。下面的示例展示了如何做到这一点:
我们可以更新配置以使用 Spring Session 的 WebSocket 支持。下面的示例展示了如何做到这一点:
SRC/main/java/samples/config/websocketconfig.java
......@@ -61,7 +61,7 @@ public class WebSocketConfig extends AbstractSessionWebSocketMessageBrokerConfig
}
```
要连接 Spring 会话支持,我们只需要更改两件事:
要连接 Spring Session 支持,我们只需要更改两件事:
|**1**|而不是实现`WebSocketMessageBrokerConfigurer`,我们扩展`AbstractSessionWebSocketMessageBrokerConfigurer`|
|-----|-----------------------------------------------------------------------------------------------------------------------|
......@@ -69,17 +69,17 @@ public class WebSocketConfig extends AbstractSessionWebSocketMessageBrokerConfig
`AbstractSessionWebSocketMessageBrokerConfigurer`在幕后做什么?
* `WebSocketConnectHandlerDecoratorFactory`作为`WebSocketHandlerDecoratorFactory`添加到`WebSocketTransportRegistration`。这确保了一个包含`WebSocketSession`的自定义`SessionConnectEvent`被触发。当 Spring 会话结束时,要结束任何仍处于打开状态的 WebSocket 连接,`WebSocketSession`是必需的。
* `WebSocketConnectHandlerDecoratorFactory`作为`WebSocketHandlerDecoratorFactory`添加到`WebSocketTransportRegistration`。这确保了一个包含`WebSocketSession`的自定义`SessionConnectEvent`被触发。当 Spring Session 结束时,要结束任何仍处于打开状态的 WebSocket 连接,`WebSocketSession`是必需的。
* `SessionRepositoryMessageInterceptor`作为`HandshakeInterceptor`添加到每个`StompWebSocketEndpointRegistration`。这确保将`Session`添加到 WebSocket 属性中,以允许更新上次访问的时间。
* `SessionRepositoryMessageInterceptor`作为`ChannelInterceptor`添加到我们的入站`ChannelRegistration`中。这确保了每次接收入站消息时,都会更新我们 Spring 会话的最后一次访问时间。
* `SessionRepositoryMessageInterceptor`作为`ChannelInterceptor`添加到我们的入站`ChannelRegistration`中。这确保了每次接收入站消息时,都会更新我们 Spring Session 的最后一次访问时间。
* `WebSocketRegistryListener`被创建为 Spring Bean。这确保了我们将所有`Session`ID 映射到相应的 WebSocket 连接。通过维护此映射,我们可以在 Spring 会话结束时关闭所有 WebSocket 连接。
* `WebSocketRegistryListener`被创建为 Spring Bean。这确保了我们将所有`Session`ID 映射到相应的 WebSocket 连接。通过维护此映射,我们可以在 Spring Session 结束时关闭所有 WebSocket 连接。
## [](#websocket-sample)`websocket`示例应用程序
`websocket`示例应用程序演示了如何在 WebSockets 中使用 Spring 会话
`websocket`示例应用程序演示了如何在 WebSockets 中使用 Spring Session
### [](#_running_the_websocket_sample_application)运行`websocket`示例应用程序
......@@ -119,7 +119,7 @@ $ ./gradlew :spring-session-sample-boot-websocket:bootRun
等两分钟,再试着把罗布的信息发送给卢克。你可以看到该消息已不再发送。
| |为什么是两分钟?<br/><br/> Spring 会话在 60 秒内到期,但是来自 Redis 的通知不能保证在 60 秒内发生。<br/>以确保套接字在合理的时间内关闭, Spring 会话在 00 秒时每分钟运行一个后台任务,该任务强制清除任何过期的会话。<br/>这意味着在关闭 WebSocket 连接之前,你最多需要等待两分钟。|
| |为什么是两分钟?<br/><br/> Spring Session 在 60 秒内到期,但是来自 Redis 的通知不能保证在 60 秒内发生。<br/>以确保套接字在合理的时间内关闭, Spring Session 在 00 秒时每分钟运行一个后台任务,该任务强制清除任何过期的会话。<br/>这意味着在关闭 WebSocket 连接之前,你最多需要等待两分钟。|
|---|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
你现在可以尝试访问[http://localhost:8080/](http://localhost:8080/),提示你再次进行身份验证。这表明会话正确地过期了。
......
docs/spring-session/en/api.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
此差异已折叠。
docs/spring-session/en/boot-findbyusername.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
# Spring Session - find by username
This guide describes how to use Spring Session to find sessions by username.
| |You can find the completed guide in the [findbyusername application](#findbyusername-sample).|
|---|---------------------------------------------------------------------------------------------|
[Index](../index.html)
## [](#findbyusername-assumptions)Assumptions
The guide assumes you have already added Spring Session to your application by using the built-in Redis configuration support.
The guide also assumes you have already applied Spring Security to your application.
However, we the guide is somewhat general purpose and can be applied to any technology with minimal changes, which we discuss later in the guide.
| |If you need to learn how to add Spring Session to your project, see the listing of [samples and guides](../#samples)|
|---|--------------------------------------------------------------------------------------------------------------------|
## [](#_about_the_sample)About the Sample
Our sample uses this feature to invalidate the users session that might have been compromised.
Consider the following scenario:
* User goes to library and authenticates to the application.
* User goes home and realizes they forgot to log out.
* User can log in and end the session from the library using clues like the location, created time, last accessed time, and so on.
Would it not be nice if we could let the user invalidate the session at the library from any device with which they authenticate?
This sample demonstrates how this is possible.
## [](#findbyindexnamesessionrepository)Using `FindByIndexNameSessionRepository`
To look up a user by their username, you must first choose a `SessionRepository` that implements [`FindByIndexNameSessionRepository`](../#api-findbyindexnamesessionrepository).
Our sample application assumes that the Redis support is already set up, so we are ready to go.
## [](#_mapping_the_user_name)Mapping the User Name
`FindByIndexNameSessionRepository` can find a session only by the user name if the developer instructs Spring Session what user is associated with the `Session`.
You can do so by ensuring that the session attribute with the name `FindByUsernameSessionRepository.PRINCIPAL_NAME_INDEX_NAME` is populated with the username.
Generally speaking, you can do so with the following code immediately after the user authenticates:
```
String username = "username";
this.session.setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, username);
```
## [](#_mapping_the_user_name_with_spring_security)Mapping the User Name with Spring Security
Since we use Spring Security, the user name is automatically indexed for us.
This means we need not perform any steps to ensure the user name is indexed.
## [](#_adding_additional_data_to_the_session)Adding Additional Data to the Session
It may be nice to associate additional information (such as the IP Address, the browser, location, and other details) to the session.
Doing so makes it easier for the user to know which session they are looking at.
To do so, determine which session attribute you want to use and what information you wish to provide.
Then create a Java bean that is added as a session attribute.
For example, our sample application includes the location and access type of the session, as the following listing shows:
```
public class SessionDetails implements Serializable {
private String location;
private String accessType;
public String getLocation() {
return this.location;
}
public void setLocation(String location) {
this.location = location;
}
public String getAccessType() {
return this.accessType;
}
public void setAccessType(String accessType) {
this.accessType = accessType;
}
private static final long serialVersionUID = 8850489178248613501L;
}
```
We then inject that information into the session on each HTTP request using a `SessionDetailsFilter`, as the following example shows:
```
@Override
public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
chain.doFilter(request, response);
HttpSession session = request.getSession(false);
if (session != null) {
String remoteAddr = getRemoteAddress(request);
String geoLocation = getGeoLocation(remoteAddr);
SessionDetails details = new SessionDetails();
details.setAccessType(request.getHeader("User-Agent"));
details.setLocation(remoteAddr + " " + geoLocation);
session.setAttribute("SESSION_DETAILS", details);
}
}
```
We obtain the information we want and then set the `SessionDetails` as an attribute in the `Session`.
When we retrieve the `Session` by user name, we can then use the session to access our `SessionDetails` as we would any other session attribute.
| |You might wonder why Spring Session does not provide `SessionDetails` functionality out of the box.<br/>We have two reasons.<br/>The first reason is that it is very trivial for applications to implement this themselves.<br/>The second reason is that the information that is populated in the session (and how frequently that information is updated) is highly application-dependent.|
|---|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
## [](#_finding_sessions_for_a_specific_user)Finding sessions for a specific user
We can now find all the sessions for a specific user.
The following example shows how to do so:
```
@Autowired
FindByIndexNameSessionRepository<? extends Session> sessions;
@RequestMapping("/")
public String index(Principal principal, Model model) {
Collection<? extends Session> usersSessions = this.sessions.findByPrincipalName(principal.getName()).values();
model.addAttribute("sessions", usersSessions);
return "index";
}
```
In our instance, we find all sessions for the currently logged in user.
However, you can modify this for an administrator to use a form to specify which user to look up.
## [](#findbyusername-sample)`findbyusername` Sample Application
This section describes how to use the `findbyusername` sample application.
### [](#_running_the_findbyusername_sample_application)Running the `findbyusername` Sample Application
You can run the sample by obtaining the [source code](https://github.com/spring-projects/spring-session/archive/main.zip) and invoking the following command:
```
$ ./gradlew :spring-session-sample-boot-findbyusername:bootRun
```
| |For the sample to work, you must [install Redis 2.8+](https://redis.io/download) on localhost and run it with the default port (6379).<br/>Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.<br/>Another option is to use [Docker](https://www.docker.com/) to run Redis on localhost.<br/>See [Docker Redis repository](https://hub.docker.com/_/redis/) for detailed instructions.|
|---|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
You should now be able to access the application at [http://localhost:8080/](http://localhost:8080/)
### [](#_exploring_the_security_sample_application)Exploring the security Sample Application
You can now try using the application. Enter the following to log in:
* **Username** *user*
* **Password** *password*
Now click the **Login** button.
You should now see a message indicating your are logged in with the user entered previously.
You should also see a listing of active sessions for the currently logged in user.
You can emulate the flow we discussed in the [About the Sample](#_about_the_sample) section by doing the following:
* Open a new incognito window and navigate to [http://localhost:8080/](http://localhost:8080/)
* Enter the following to log in:
* **Username** *user*
* **Password** *password*
* End your original session.
* Refresh the original window and see that you are logged out.
\ No newline at end of file
docs/spring-session/en/boot-jdbc.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
# Spring Session - Spring Boot
This guide describes how to use Spring Session to transparently leverage a relational database to back a web application’s `HttpSession` when you use Spring Boot.
| |You can find the completed guide in the [httpsession-jdbc-boot sample application](#httpsession-jdbc-boot-sample).|
|---|------------------------------------------------------------------------------------------------------------------|
[Index](../index.html)
## [](#_updating_dependencies)Updating Dependencies
Before you use Spring Session, you must update your dependencies.
We assume you are working with a working Spring Boot web application.
If you use Maven, you must add the following dependencies:
pom.xml
```
<dependencies>
<!-- ... -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-jdbc</artifactId>
</dependency>
</dependencies>
```
Spring Boot provides dependency management for Spring Session modules, so you need not explicitly declare the dependency version.
## [](#httpsession-jdbc-boot-spring-configuration)Spring Boot Configuration
After adding the required dependencies, we can create our Spring Boot configuration.
Thanks to first-class auto configuration support, setting up Spring Session backed by a relational database is as simple as adding a single configuration property to your `application.properties`.
The following listing shows how to do so:
src/main/resources/application.properties
```
spring.session.store-type=jdbc # Session store type.
```
If a single Spring Session module is present on the classpath, Spring Boot uses that store implementation automatically.
If you have more than one implementation, you must choose the StoreType that you wish to use to store the sessions, as shows above.
Under the hood, Spring Boot applies configuration that is equivalent to manually adding the `@EnableJdbcHttpSession` annotation.
This creates a Spring bean with the name of `springSessionRepositoryFilter`. That bean implements `Filter`.
The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
You can further customize by using `application.properties`.
The following listing shows how to do so:
src/main/resources/application.properties
```
server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds are used.
spring.session.jdbc.initialize-schema=embedded # Database schema initialization mode.
spring.session.jdbc.schema=classpath:org/springframework/session/jdbc/[email protected]@[email protected]@.sql # Path to the SQL file to use to initialize the database schema.
spring.session.jdbc.table-name=SPRING_SESSION # Name of the database table used to store sessions.
```
For more information, see the [Spring Session](https://docs.spring.io/spring-boot/docs/2.5.6/reference/htmlsingle/#boot-features-session) portion of the Spring Boot documentation.
## [](#httpsession-jdbc-boot-configuration)Configuring the `DataSource`
Spring Boot automatically creates a `DataSource` that connects Spring Session to an embedded instance of an H2 database.
In a production environment, you need to update your configuration to point to your relational database.
For example, you can include the following in your application.properties:
src/main/resources/application.properties
```
spring.datasource.url= # JDBC URL of the database.
spring.datasource.username= # Login username of the database.
spring.datasource.password= # Login password of the database.
```
For more information, see the [Configure a DataSource](https://docs.spring.io/spring-boot/docs/2.5.6/reference/htmlsingle/#boot-features-configure-datasource) portion of the Spring Boot documentation.
## [](#httpsession-jdbc-boot-servlet-configuration)Servlet Container Initialization
Our [Spring Boot Configuration](#httpsession-jdbc-boot-spring-configuration) created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
Last, we need to ensure that our Servlet Container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
Fortunately, Spring Boot takes care of both of these steps for us.
## [](#httpsession-jdbc-boot-sample)`httpsession-jdbc-boot` Sample Application
The httpsession-jdbc-boot Sample Application demonstrates how to use Spring Session to transparently leverage an H2 database to back a web application’s `HttpSession` when you use Spring Boot.
### [](#httpsession-jdbc-boot-running)Running the `httpsession-jdbc-boot` Sample Application
You can run the sample by obtaining the [source code](https://github.com/spring-projects/spring-session/archive/main.zip) and invoking the following command:
```
$ ./gradlew :spring-session-sample-boot-jdbc:bootRun
```
You should now be able to access the application at [http://localhost:8080/](http://localhost:8080/)
### [](#httpsession-jdbc-boot-explore)Exploring the Security Sample Application
You can now try using the application.
To do so, enter the following to log in:
* **Username** *user*
* **Password** *password*
Now click the **Login** button.
You should now see a message indicating that your are logged in with the user entered previously.
The user’s information is stored in the H2 database rather than Tomcat’s `HttpSession` implementation.
### [](#httpsession-jdbc-boot-how)How Does It Work?
Instead of using Tomcat’s `HttpSession`, we persist the values in the H2 database.
Spring Session replaces the `HttpSession` with an implementation that is backed by a relational database.
When Spring Security’s `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession`, it is then persisted into the H2 database.
When a new `HttpSession` is created, Spring Session creates a cookie named `SESSION` in your browser. That cookie contains the ID of your session.
You can view the cookies (with [Chrome](https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies) or [Firefox](https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector)).
You can remove the session by using the H2 web console available at: [http://localhost:8080/h2-console/](http://localhost:8080/h2-console/) (use `jdbc:h2:mem:testdb` for JDBC URL).
Now you can visit the application at [http://localhost:8080/](http://localhost:8080/) and see that we are no longer authenticated.
\ No newline at end of file
docs/spring-session/en/boot-mongo.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
# Spring Session - MongoDB Repositories
This guide describes how to use Spring Session backed by MongoDB.
| |The completed guide can be found in the [mongo sample application](#mongo-sample).|
|---|----------------------------------------------------------------------------------|
[Index](../index.html)
## [](#_updating_dependencies)Updating Dependencies
Before you use Spring Session MongoDB, you must ensure to update your dependencies.
We assume you are working with a working Spring Boot web application.
If you are using Maven, ensure to add the following dependencies:
pom.xml
```
<dependencies>
<!-- ... -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-mongodb</artifactId>
</dependency>
</dependencies>
```
Since We are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
Ensure you have the following in your pom.xml:
pom.xml
```
<repositories>
<!-- ... -->
<repository>
<id>spring-snapshot</id>
<url>https://repo.spring.io/libs-snapshot</url>
</repository>
</repositories>
```
## [](#mongo-spring-configuration)Spring Configuration
After adding the required dependencies, we can create our Spring configuration.
The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
All you have to do is to add the following Spring Configuration:
```
@EnableMongoHttpSession (1)
public class HttpSessionConfig {
@Bean
public JdkMongoSessionConverter jdkMongoSessionConverter() {
return new JdkMongoSessionConverter(Duration.ofMinutes(30)); (2)
}
}
```
|**1**|The `@EnableMongoHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.<br/>This filter is what replaces the default `HttpSession` with the MongoDB-backed bean.|
|-----|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|**2**| Configures the session timeout to 30 minutes. |
## [](#boot-mongo-configuration)Configuring the MongoDB Connection
Spring Boot automatically creates a `MongoClient` that connects Spring Session to a MongoDB Server on localhost on port 27017 (default port).
In a production environment you need to ensure to update your configuration to point to your MongoDB server.
For example, you can include the following in your **application.properties**
src/main/resources/application.properties
```
spring.data.mongodb.host=mongo-srv
spring.data.mongodb.port=27018
spring.data.mongodb.database=prod
```
For more information, refer to [Connecting to MongoDB](https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-connecting-to-mongodb) portion of the Spring Boot documentation.
## [](#boot-servlet-configuration)Servlet Container Initialization
Our [Spring Configuration](#boot-mongo-configuration) created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
Fortunately, Spring Boot takes care of both of these steps for us.
## [](#mongo-sample)MongoDB Sample Application
The MongoDB Sample Application demonstrates how to use Spring Session to transparently leverage MongoDB to back a web application’s `HttpSession` when using Spring Boot.
### [](#mongo-running)Running the MongoDB Sample Application
You can run the sample by obtaining the [source code](https://github.com/spring-projects/spring-session/archive/main.zip) and invoking the following command:
```
$ ./gradlew :samples:mongo:bootRun
```
You should now be able to access the application at [http://localhost:8080/](http://localhost:8080/)
### [](#boot-explore)Exploring the security Sample Application
Try using the application. Enter the following to log in:
* **Username** *user*
* **Password** *password*
Now click the **Login** button.
You should now see a message indicating your are logged in with the user entered previously.
The user’s information is stored in MongoDB rather than Tomcat’s `HttpSession` implementation.
### [](#mongo-how)How does it work?
Instead of using Tomcat’s `HttpSession`, we are actually persisting the values in Mongo.
Spring Session replaces the `HttpSession` with an implementation that is backed by Mongo.
When Spring Security’s `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Mongo.
When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
Go ahead and view the cookies (click for help with [Chrome](https://developer.chrome.com/devtools/docs/resources#cookies) or [Firefox](https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List)).
If you like, you can easily inspect the session using mongo client. For example, on a Linux based system you can type:
| |The sample application uses an embedded MongoDB instance that listens on a randomly allocated port.<br/>The port used by embedded MongoDB together with exact command to connect to it is logged during application startup.|
|---|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
```
$ mongo --port ...
> use test
> db.sessions.find().pretty()
```
Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `60f17293-839b-477c-bb92-07a9c3658843` with the value of your SESSION cookie:
```
> db.sessions.remove({"_id":"60f17293-839b-477c-bb92-07a9c3658843"})
```
Now visit the application at [http://localhost:8080/](http://localhost:8080/) and observe that we are no longer authenticated.
\ No newline at end of file
docs/spring-session/en/boot-redis.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
# Spring Session - Spring Boot
This guide describes how to use Spring Session to transparently leverage Redis to back a web application’s `HttpSession` when you use Spring Boot.
| |You can find the completed guide in the [boot sample application](#boot-sample).|
|---|--------------------------------------------------------------------------------|
[Index](../index.html)
## [](#_updating_dependencies)Updating Dependencies
Before you use Spring Session, you must ensure your dependencies.
We assume you are working with a working Spring Boot web application.
If you are using Maven, you must add the following dependencies:
pom.xml
```
<dependencies>
<!-- ... -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
</dependencies>
```
Spring Boot provides dependency management for Spring Session modules, so you need not explicitly declare dependency version.
## [](#boot-spring-configuration)Spring Boot Configuration
After adding the required dependencies, we can create our Spring Boot configuration.
Thanks to first-class auto configuration support, setting up Spring Session backed by Redis is as simple as adding a single configuration property to your `application.properties`, as the following listing shows:
src/main/resources/application.properties
```
spring.session.store-type=redis # Session store type.
```
Under the hood, Spring Boot applies configuration that is equivalent to manually adding `@EnableRedisHttpSession` annotation.
This creates a Spring bean with the name of `springSessionRepositoryFilter` that implements `Filter`.
The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
Further customization is possible by using `application.properties`, as the following listing shows:
src/main/resources/application.properties
```
server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds is used.
spring.session.redis.flush-mode=on_save # Sessions flush mode.
spring.session.redis.namespace=spring:session # Namespace for keys used to store sessions.
```
For more information, see the [Spring Session](https://docs.spring.io/spring-boot/docs/2.5.6/reference/htmlsingle/#boot-features-session) portion of the Spring Boot documentation.
## [](#boot-redis-configuration)Configuring the Redis Connection
Spring Boot automatically creates a `RedisConnectionFactory` that connects Spring Session to a Redis Server on localhost on port 6379 (default port).
In a production environment, you need to update your configuration to point to your Redis server.
For example, you can include the following in your application.properties:
src/main/resources/application.properties
```
spring.redis.host=localhost # Redis server host.
spring.redis.password= # Login password of the redis server.
spring.redis.port=6379 # Redis server port.
```
For more information, see the [Connecting to Redis](https://docs.spring.io/spring-boot/docs/2.5.6/reference/htmlsingle/#boot-features-connecting-to-redis) portion of the Spring Boot documentation.
## [](#boot-servlet-configuration)Servlet Container Initialization
Our [Spring Boot Configuration](#boot-spring-configuration) created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
Last, we need to ensure that our servlet container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
Fortunately, Spring Boot takes care of both of these steps for us.
## [](#boot-sample)Boot Sample Application
The Boot Sample Application demonstrates how to use Spring Session to transparently leverage Redis to back a web application’s `HttpSession` when you use Spring Boot.
### [](#boot-running)Running the Boot Sample Application
You can run the sample by obtaining the [source code](https://github.com/spring-projects/spring-session/archive/main.zip) and invoking the following command:
```
$ ./gradlew :spring-session-sample-boot-redis:bootRun
```
| |For the sample to work, you must [install Redis 2.8+](https://redis.io/download) on localhost and run it with the default port (6379).<br/>Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.<br/>Another option is to use [Docker](https://www.docker.com/) to run Redis on localhost. See [Docker Redis repository](https://hub.docker.com/_/redis/) for detailed instructions.|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
You should now be able to access the application at [http://localhost:8080/](http://localhost:8080/)
### [](#boot-explore)Exploring the `security` Sample Application
Now you can try using the application. Enter the following to log in:
* **Username** *user*
* **Password** *password*
Now click the **Login** button.
You should now see a message indicating your are logged in with the user entered previously.
The user’s information is stored in Redis rather than Tomcat’s `HttpSession` implementation.
### [](#boot-how)How Does It Work?
Instead of using Tomcat’s `HttpSession`, we persist the values in Redis.
Spring Session replaces the `HttpSession` with an implementation that is backed by Redis.
When Spring Security’s `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession`, it is then persisted into Redis.
When a new `HttpSession` is created, Spring Session creates a cookie named `SESSION` in your browser.
That cookie contains the ID of your session.
You can view the cookies (with [Chrome](https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies) or [Firefox](https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector)).
You can remove the session by using redis-cli.
For example, on a Linux based system you can type the following:
```
$ redis-cli keys '*' | xargs redis-cli del
```
| |The Redis documentation has instructions for [installing redis-cli](https://redis.io/topics/quickstart).|
|---|--------------------------------------------------------------------------------------------------------|
Alternatively, you can also delete the explicit key.
To do so, enter the following into your terminal, being sure to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your `SESSION` cookie:
```
$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
```
Now you can visit the application at [http://localhost:8080/](http://localhost:8080/) and observe that we are no longer authenticated.
\ No newline at end of file
docs/spring-session/en/boot-webflux-custom-cookie.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
# Spring Session - WebFlux with Custom Cookie
This guide describes how to configure Spring Session to use custom cookies in a WebFlux based application.
The guide assumes you have already set up Spring Session in your project using your chosen data store. For example, [HttpSession with Redis](./boot-redis.html).
| |You can find the completed guide in the [WebFlux Custom Cookie sample application](#webflux-custom-cookie-sample).|
|---|------------------------------------------------------------------------------------------------------------------|
[Index](../index.html)
## [](#webflux-custom-cookie-spring-configuration)Spring Boot Configuration
Once you have set up Spring Session, you can customize how the session cookie is written by exposing a `WebSessionIdResolver` as a Spring bean.
Spring Session uses a `CookieWebSessionIdResolver` by default.
Exposing the `WebSessionIdResolver` as a Spring bean augments the existing configuration when you use configurations like `@EnableRedisHttpSession`.
The following example shows how to customize Spring Session’s cookie:
```
@Bean
public WebSessionIdResolver webSessionIdResolver() {
CookieWebSessionIdResolver resolver = new CookieWebSessionIdResolver();
resolver.setCookieName("JSESSIONID"); (1)
resolver.addCookieInitializer((builder) -> builder.path("/")); (2)
resolver.addCookieInitializer((builder) -> builder.sameSite("Strict")); (3)
return resolver;
}
```
|**1**| We customize the name of the cookie to be `JSESSIONID`. |
|-----|--------------------------------------------------------------------------------------------|
|**2**|We customize the path of the cookie to be `/` (rather than the default of the context root).|
|**3**| We customize the `SameSite` cookie directive to be `Strict`. |
## [](#webflux-custom-cookie-sample)`webflux-custom-cookie` Sample Application
This section describes how to work with the `webflux-custom-cookie` sample application.
### [](#_running_the_webflux_custom_cookie_sample_application)Running the `webflux-custom-cookie` Sample Application
You can run the sample by obtaining the [source code](https://github.com/spring-projects/spring-session/archive/main.zip) and invoking the following command:
```
$ ./gradlew :spring-session-sample-boot-webflux-custom-cookie:bootRun
```
| |For the sample to work, you must [install Redis 2.8+](https://redis.io/download) on localhost and run it with the default port (6379).<br/>Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.<br/>Another option is to use [Docker](https://www.docker.com/) to run Redis on localhost. See [Docker Redis repository](https://hub.docker.com/_/redis/) for detailed instructions.|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
You should now be able to access the application at [http://localhost:8080/](http://localhost:8080/)
### [](#_exploring_the_webflux_custom_cookie_sample_application)Exploring the `webflux-custom-cookie` Sample Application
Now you can use the application. Fill out the form with the following information:
* **Attribute Name:** *username*
* **Attribute Value:** *rob*
Now click the **Set Attribute** button.
You should now see the values displayed in the table.
If you look at the cookies for the application, you can see the cookie is saved to the custom name of `JSESSIONID`.
\ No newline at end of file
docs/spring-session/en/boot-websocket.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
# Spring Session - WebSocket
This guide describes how to use Spring Session to ensure that WebSocket messages keep your HttpSession alive.
| |Spring Session’s WebSocket support works only with Spring’s WebSocket support.<br/>Specifically,it does not work with using [JSR-356](https://www.jcp.org/en/jsr/detail?id=356) directly, because JSR-356 does not have a mechanism for intercepting incoming WebSocket messages.|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
[Index](../index.html)
## [](#_httpsession_setup)HttpSession Setup
The first step is to integrate Spring Session with the HttpSession. These steps are already outlined in the [HttpSession with Redis Guide](./boot-redis.html).
Please make sure you have already integrated Spring Session with HttpSession before proceeding.
## [](#websocket-spring-configuration)Spring Configuration
In a typical Spring WebSocket application, you would implement `WebSocketMessageBrokerConfigurer`.
For example, the configuration might look something like the following:
```
@Configuration
@EnableScheduling
@EnableWebSocketMessageBroker
public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/messages").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry registry) {
registry.enableSimpleBroker("/queue/", "/topic/");
registry.setApplicationDestinationPrefixes("/app");
}
}
```
We can update our configuration to use Spring Session’s WebSocket support.
The following example shows how to do so:
src/main/java/samples/config/WebSocketConfig.java
```
@Configuration
@EnableScheduling
@EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractSessionWebSocketMessageBrokerConfigurer<Session> { (1)
@Override
protected void configureStompEndpoints(StompEndpointRegistry registry) { (2)
registry.addEndpoint("/messages").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry registry) {
registry.enableSimpleBroker("/queue/", "/topic/");
registry.setApplicationDestinationPrefixes("/app");
}
}
```
To hook in the Spring Session support we only need to change two things:
|**1**|Instead of implementing `WebSocketMessageBrokerConfigurer`, we extend `AbstractSessionWebSocketMessageBrokerConfigurer`|
|-----|-----------------------------------------------------------------------------------------------------------------------|
|**2**| We rename the `registerStompEndpoints` method to `configureStompEndpoints` |
What does `AbstractSessionWebSocketMessageBrokerConfigurer` do behind the scenes?
* `WebSocketConnectHandlerDecoratorFactory` is added as a `WebSocketHandlerDecoratorFactory` to `WebSocketTransportRegistration`.
This ensures a custom `SessionConnectEvent` is fired that contains the `WebSocketSession`.
The `WebSocketSession` is necessary to end any WebSocket connections that are still open when a Spring Session is ended.
* `SessionRepositoryMessageInterceptor` is added as a `HandshakeInterceptor` to every `StompWebSocketEndpointRegistration`.
This ensures that the `Session` is added to the WebSocket properties to enable updating the last accessed time.
* `SessionRepositoryMessageInterceptor` is added as a `ChannelInterceptor` to our inbound `ChannelRegistration`.
This ensures that every time an inbound message is received, that the last accessed time of our Spring Session is updated.
* `WebSocketRegistryListener` is created as a Spring bean.
This ensures that we have a mapping of all of the `Session` IDs to the corresponding WebSocket connections.
By maintaining this mapping, we can close all the WebSocket connections when a Spring Session (HttpSession) is ended.
## [](#websocket-sample)`websocket` Sample Application
The `websocket` sample application demonstrates how to use Spring Session with WebSockets.
### [](#_running_the_websocket_sample_application)Running the `websocket` Sample Application
You can run the sample by obtaining the [source code](https://github.com/spring-projects/spring-session/archive/main.zip) and invoking the following command:
```
$ ./gradlew :spring-session-sample-boot-websocket:bootRun
```
| |For the purposes of testing session expiration, you may want to change the session expiration to be 1 minute (the default is 30 minutes) by adding the following configuration property before starting the application:<br/><br/>src/main/resources/application.properties<br/><br/>```<br/>server.servlet.session.timeout=1m # Session timeout. If a duration suffix is not specified, seconds will be used.<br/>```|
|---|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| |For the sample to work, you must [install Redis 2.8+](https://redis.io/download) on localhost and run it with the default port (6379).<br/>Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.<br/>Another option is to use [Docker](https://www.docker.com/) to run Redis on localhost.<br/>See [Docker Redis repository](https://hub.docker.com/_/redis/) for detailed instructions.|
|---|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
You should now be able to access the application at [http://localhost:8080/](http://localhost:8080/)
### [](#_exploring_the_websocket_sample_application)Exploring the `websocket` Sample Application
Now you can try using the application. Authenticate with the following information:
* **Username** *rob*
* **Password** *password*
Now click the **Login** button. You should now be authenticated as the user **rob**.
Open an incognito window and access [http://localhost:8080/](http://localhost:8080/)
You are prompted with a login form. Authenticate with the following information:
* **Username** *luke*
* **Password** *password*
Now send a message from rob to luke. The message should appear.
Wait for two minutes and try sending a message from rob to luke again.
You can see that the message is no longer sent.
| |Why two minutes?<br/><br/>Spring Session expires in 60 seconds, but the notification from Redis is not guaranteed to happen within 60 seconds.<br/>To ensure the socket is closed in a reasonable amount of time, Spring Session runs a background task every minute at 00 seconds that forcibly cleans up any expired sessions.<br/>This means you need to wait at most two minutes before the WebSocket connection is closed.|
|---|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
You can now try accessing [http://localhost:8080/](http://localhost:8080/)You are prompted to authenticate again.
This demonstrates that the session properly expires.
Now repeat the same exercise, but instead of waiting two minutes, send a message from each of the users every 30 seconds.
You can see that the messages continue to be sent.
Try accessing [http://localhost:8080/](http://localhost:8080/)You are not prompted to authenticate again.
This demonstrates the session is kept alive.
| |Only messages sent from a user keep the session alive.<br/>This is because only messages coming from a user imply user activity.<br/>Received messages do not imply activity and, thus, do not renew the session expiration.|
|---|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
\ No newline at end of file
docs/spring-session/en/http-session.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
此差异已折叠。
docs/spring-session/en/index.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
# Spring Session
Spring Session provides an API and implementations for managing a user’s session information.
Spring Session provides an API and implementations for managing a user’s session information while also making it trivial to support clustered sessions without being tied to an application container-specific solution.
It also provides transparent integration with:
* [HttpSession](http-session.html#httpsession): Allows replacing the `HttpSession` in an application container-neutral way, with support for providing session IDs in headers to work with RESTful APIs.
* [WebSocket](web-socket.html#websocket): Provides the ability to keep the `HttpSession` alive when receiving WebSocket messages
* [WebSession](web-session.html#websession): Allows replacing the Spring WebFlux’s `WebSession` in an application container-neutral way.
## [](#community)Spring Session Community
We are glad to consider you a part of our community.
The following sections provide additional about how to interact with the Spring Session community.
### [](#community-support)Support
You can get help by asking questions on [Stack Overflow with the `spring-session` tag](https://stackoverflow.com/questions/tagged/spring-session).
Similarly, we encourage helping others by answering questions on Stack Overflow.
### [](#community-source)Source Code
You can find the source code on GitHub at [https://github.com/spring-projects/spring-session/](https://github.com/spring-projects/spring-session/)
### [](#community-issues)Issue Tracking
We track issues in GitHub issues at [https://github.com/spring-projects/spring-session/issues](https://github.com/spring-projects/spring-session/issues)
### [](#community-contributing)Contributing
We appreciate [pull requests](https://help.github.com/articles/using-pull-requests/).
### [](#community-license)License
Spring Session is Open Source software released under the [Apache 2.0 license](https://www.apache.org/licenses/LICENSE-2.0).
### [](#community-extensions)Community Extensions
| Name | Location |
|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|Spring Session Infinispan|[https://infinispan.org/infinispan-spring-boot/master/spring\_boot\_starter.html#\_enabling\_spring\_session\_support](https://infinispan.org/infinispan-spring-boot/master/spring_boot_starter.html#_enabling_spring_session_support)|
## [](#minimum-requirements)Minimum Requirements
The minimum requirements for Spring Session are:
* Java 8+.
* If you run in a Servlet Container (not required), Servlet 3.1+.
* If you use other Spring libraries (not required), the minimum required version is Spring 5.0.x.
* `@EnableRedisHttpSession` requires Redis 2.8+. This is necessary to support [Session Expiration](api.html#api-redisindexedsessionrepository-expiration)
* `@EnableHazelcastHttpSession` requires Hazelcast 3.6+. This is necessary to support [`FindByIndexNameSessionRepository`](api.html#api-enablehazelcasthttpsession-storage)
| |At its core, Spring Session has a required dependency only on `spring-jcl`.<br/>For an example of using Spring Session without any other Spring dependencies, see the [hazelcast sample](samples.html#samples) application.|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
\ No newline at end of file
docs/spring-session/en/modules.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
# Spring Session Modules
In Spring Session 1.x, all of the Spring Session’s `SessionRepository` implementations were available within the `spring-session` artifact.
While convenient, this approach was not sustainable long-term as more features and `SessionRepository` implementations were added to the project.
With Spring Session 2.0, several modules were split off to be separate modules as well as managed repositories.
Spring Session for MongoDB was retired, but was later reactivated as a separate module.
As of Spring Session 2.6, Spring Session for MongoDB was merged back into Spring Session.
Now the situation with the various repositories and modules is as follows:
* [`spring-session` repository](https://github.com/spring-projects/spring-session)
* Hosts the Spring Session Core, Spring Session for MongoDB, Spring Session for Redis, Spring Session JDBC, and Spring Session Hazelcast modules.
* [`spring-session-data-geode` repository](https://github.com/spring-projects/spring-session-data-geode)
* Hosts the Spring Session Data Geode modules. Spring Session Data Geode has its own user guide, which you can find at the [[https://spring.io/projects/spring-session-data-geode#learn](https://spring.io/projects/spring-session-data-geode#learn) site].
Finally, Spring Session also provides a Maven BOM (“bill of materials”) module in order to help users with version management concerns:
* [`spring-session-bom` repository](https://github.com/spring-projects/spring-session-bom)
* Hosts the Spring Session BOM module
\ No newline at end of file
docs/spring-session/en/samples.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
# Samples and Guides (Start Here)
To get started with Spring Session, the best place to start is our Sample Applications.
| Source | Description | Guide |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|
| [HttpSession with Redis](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-redis) | Demonstrates how to use Spring Session to replace the `HttpSession` with Redis. | [HttpSession with Redis Guide](guides/boot-redis.html) |
| [HttpSession with JDBC](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-jdbc) | Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store. | [HttpSession with JDBC Guide](guides/boot-jdbc.html) |
| [HttpSession with Hazelcast](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-hazelcast) | Demonstrates how to use Spring Session to replace the `HttpSession` with Hazelcast. | |
| [Find by Username](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-findbyusername) | Demonstrates how to use Spring Session to find sessions by username. | [Find by Username Guide](guides/boot-findbyusername.html) |
| [WebSockets](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-websocket) | Demonstrates how to use Spring Session with WebSockets. | [WebSockets Guide](guides/boot-websocket.html) |
| [WebFlux](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-webflux) | Demonstrates how to use Spring Session to replace the Spring WebFlux’s `WebSession` with Redis. | |
| [WebFlux with Custom Cookie](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-webflux-custom-cookie) | Demonstrates how to use Spring Session to customize the Session cookie in a WebFlux based application. |[WebFlux with Custom Cookie Guide](guides/boot-webflux-custom-cookie.html)|
| [HttpSession with Redis JSON serialization](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-redis-json) | Demonstrates how to use Spring Session to replace the `HttpSession` with Redis using JSON serialization. | |
| [HttpSession with simple Redis `SessionRepository`](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-redis-simple) |Demonstrates how to use Spring Session to replace the `HttpSession` with Redis using `RedisSessionRepository`.| |
|[Spring Session with MongoDB Repositories (servlet-based)](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-mongodb-traditional)| Demonstrates how to back Spring Session with traditional MongoDB repositories. | [Spring Session with MongoDB Repositories](guides/boot-mongo.html) |
| [Spring Session with MongoDB Repositories (reactive)](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-mongodb-reactive) | Demonstrates how to back Spring Session with reactive MongoDB repositories. | [Spring Session with MongoDB Repositories](guides/boot-mongo.html) |
| Source | Description | Guide |
|-----------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|--------------------------------------------------------------|
| [HttpSession with Redis](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-redis) | Demonstrates how to use Spring Session to replace the `HttpSession` with Redis. | [HttpSession with Redis Guide](guides/java-redis.html) |
| [HttpSession with JDBC](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-jdbc) |Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store.| [HttpSession with JDBC Guide](guides/java-jdbc.html) |
|[HttpSession with Hazelcast](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-hazelcast)| Demonstrates how to use Spring Session to replace the `HttpSession` with Hazelcast. |[HttpSession with Hazelcast Guide](guides/java-hazelcast.html)|
| [Custom Cookie](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-custom-cookie) | Demonstrates how to use Spring Session and customize the cookie. | [Custom Cookie Guide](guides/java-custom-cookie.html) |
| [Spring Security](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-security) | Demonstrates how to use Spring Session with an existing Spring Security application. | [Spring Security Guide](guides/java-security.html) |
| [REST](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-javaconfig-rest) |Demonstrates how to use Spring Session in a REST application to support authenticating with a header.| [REST Guide](guides/java-rest.html) |
| Source | Description | Guide |
|--------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|-----------------------------------------------------|
|[HttpSession with Redis](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-xml-redis)| Demonstrates how to use Spring Session to replace the `HttpSession` with a Redis store. |[HttpSession with Redis Guide](guides/xml-redis.html)|
| [HttpSession with JDBC](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-xml-jdbc) |Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store.| [HttpSession with JDBC Guide](guides/xml-jdbc.html) |
| Source | Description |Guide|
|------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------|-----|
|[Hazelcast](https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-misc-hazelcast)|Demonstrates how to use Spring Session with Hazelcast in a Java EE application.| |
\ No newline at end of file
docs/spring-session/en/spring-security.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
# Spring Security Integration
Spring Session provides integration with Spring Security.
## [](#spring-security-rememberme)Spring Security Remember-me Support
Spring Session provides integration with [Spring Security’s Remember-me Authentication](https://docs.spring.io/spring-security/site/docs/5.6.2/reference/html5/#servlet-rememberme).
The support:
* Changes the session expiration length
* Ensures that the session cookie expires at `Integer.MAX_VALUE`.
The cookie expiration is set to the largest possible value, because the cookie is set only when the session is created.
If it were set to the same value as the session expiration, the session would get renewed when the user used it but the cookie expiration would not be updated (causing the expiration to be fixed).
To configure Spring Session with Spring Security in Java Configuration, you can use the following listing as a guide:
```
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// ... additional configuration ...
.rememberMe((rememberMe) -> rememberMe
.rememberMeServices(rememberMeServices())
);
}
@Bean
public SpringSessionRememberMeServices rememberMeServices() {
SpringSessionRememberMeServices rememberMeServices =
new SpringSessionRememberMeServices();
// optionally customize
rememberMeServices.setAlwaysRemember(true);
return rememberMeServices;
}
```
An XML-based configuration would look something like the following:
```
<security:http>
<!-- ... -->
<security:form-login />
<security:remember-me services-ref="rememberMeServices"/>
</security:http>
<bean id="rememberMeServices"
class="org.springframework.session.security.web.authentication.SpringSessionRememberMeServices"
p:alwaysRemember="true"/>
```
## [](#spring-security-concurrent-sessions)Spring Security Concurrent Session Control
Spring Session provides integration with Spring Security to support its concurrent session control.
This allows limiting the number of active sessions that a single user can have concurrently, but, unlike the default
Spring Security support, this also works in a clustered environment. This is done by providing a custom
implementation of Spring Security’s `SessionRegistry` interface.
When using Spring Security’s Java config DSL, you can configure the custom `SessionRegistry` through the`SessionManagementConfigurer`, as the following listing shows:
```
@Configuration
public class SecurityConfiguration<S extends Session> extends WebSecurityConfigurerAdapter {
@Autowired
private FindByIndexNameSessionRepository<S> sessionRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
// other config goes here...
.sessionManagement((sessionManagement) -> sessionManagement
.maximumSessions(2)
.sessionRegistry(sessionRegistry())
);
// @formatter:on
}
@Bean
public SpringSessionBackedSessionRegistry<S> sessionRegistry() {
return new SpringSessionBackedSessionRegistry<>(this.sessionRepository);
}
}
```
This assumes that you have also configured Spring Session to provide a `FindByIndexNameSessionRepository` that
returns `Session` instances.
When using XML configuration, it would look something like the following listing:
```
<security:http>
<!-- other config goes here... -->
<security:session-management>
<security:concurrency-control max-sessions="2" session-registry-ref="sessionRegistry"/>
</security:session-management>
</security:http>
<bean id="sessionRegistry"
class="org.springframework.session.security.SpringSessionBackedSessionRegistry">
<constructor-arg ref="sessionRepository"/>
</bean>
```
This assumes that your Spring Session `SessionRegistry` bean is called `sessionRegistry`, which is the name used by all`SpringHttpSessionConfiguration` subclasses.
## [](#spring-security-concurrent-sessions-limitations)Limitations
Spring Session’s implementation of Spring Security’s `SessionRegistry` interface does not support the `getAllPrincipals`method, as this information cannot be retrieved by using Spring Session. This method is never called by Spring Security,
so this affects only applications that access the `SessionRegistry` themselves.
\ No newline at end of file
docs/spring-session/en/upgrading.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
# Upgrading to 2.x
With the new major release version, the Spring Session team took the opportunity to make some non-passive changes.
The focus of these changes is to improve and harmonize Spring Session’s APIs as well as remove the deprecated components.
## [](#_baseline_update)Baseline Update
Spring Session 2.0 requires Java 8 and Spring Framework 5.0 as a baseline, since its entire codebase is now based on Java 8 source code.
See [Upgrading to Spring Framework 5.x](https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-5.x) for more on upgrading Spring Framework.
## [](#_replaced_and_removed_modules)Replaced and Removed Modules
As a part of the project’s splitting of the modules, the existing `spring-session` has been replaced with the `spring-session-core` module.
The `spring-session-core` module holds only the common set of APIs and components, while other modules contain the implementation of the appropriate `SessionRepository` and functionality related to that data store.
This applies to several existing modules that were previously a simple dependency aggregator helper module.
With new module arrangement, the following modules actually carry the implementation:
* Spring Session for MongoDB
* Spring Session for Redis
* Spring Session JDBC
* Spring Session Hazelcast
Also, the following were removed from the main project repository:
* Spring Session Data GemFire
* [`spring-session-data-geode`](https://github.com/spring-projects/spring-session-data-geode)
## [](#_replaced_and_removed_packages_classes_and_methods)Replaced and Removed Packages, Classes, and Methods
The following changes were made to packages, classes, and methods:
* `ExpiringSession` API has been merged into the `Session` API.
* The `Session` API has been enhanced to make full use of Java 8.
* The `Session` API has been extended with `changeSessionId` support.
* The `SessionRepository` API has been updated to better align with Spring Data method naming conventions.
* `AbstractSessionEvent` and its subclasses are no longer constructable without an underlying `Session` object.
* The Redis namespace used by `RedisOperationsSessionRepository` is now fully configurable, instead of being partially configurable.
* Redis configuration support has been updated to avoid registering a Spring Session-specific `RedisTemplate` bean.
* JDBC configuration support has been updated to avoid registering a Spring Session-specific `JdbcTemplate` bean.
* Previously deprecated classes and methods have been removed across the codebase
## [](#_dropped_support)Dropped Support
As a part of the changes to `HttpSessionStrategy` and its alignment to the counterpart from the reactive world, the support for managing multiple users' sessions in a single browser instance has been removed.
The introduction of a new API to replace this functionality is under consideration for future releases.
\ No newline at end of file
docs/spring-session/en/web-session.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
# WebSession Integration
Spring Session provides transparent integration with Spring WebFlux’s `WebSession`.
This means that you can switch the `WebSession` implementation out with an implementation that is backed by Spring Session.
## [](#websession-why)Why Spring Session and WebSession?
We have already mentioned that Spring Session provides transparent integration with Spring WebFlux’s `WebSession`, but what benefits do we get out of this?
As with `HttpSession`, Spring Session makes it trivial to support [clustered sessions](#websession-redis) without being tied to an application container specific solution.
## [](#websession-redis)WebSession with Redis
Using Spring Session with `WebSession` is enabled by registering a `WebSessionManager` implementation backed by Spring Session’s `ReactiveSessionRepository`.
The Spring configuration is responsible for creating a `WebSessionManager` that replaces the `WebSession` implementation with an implementation backed by Spring Session.
To do so, add the following Spring Configuration:
```
@EnableRedisWebSession (1)
public class SessionConfiguration {
@Bean
public LettuceConnectionFactory redisConnectionFactory() {
return new LettuceConnectionFactory(); (2)
}
}
```
|**1**| The `@EnableRedisWebSession` annotation creates a Spring bean with the name of `webSessionManager`. That bean implements the `WebSessionManager`.<br/>This is what is in charge of replacing the `WebSession` implementation to be backed by Spring Session.<br/>In this instance, Spring Session is backed by Redis. |
|-----|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|**2**|We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.<br/>We configure the connection to connect to localhost on the default port (6379)<br/>For more information on configuring Spring Data Redis, see the [reference documentation](https://docs.spring.io/spring-data/data-redis/docs/2.6.2/reference/html/).|
## [](#websession-how)How WebSession Integration Works
It is considerably easier for Spring Session to integrate with Spring WebFlux and its `WebSession`, compared to Servlet API and its `HttpSession`.
Spring WebFlux provides the `WebSessionStore` API, which presents a strategy for persisting `WebSession`.
| |This section describes how Spring Session provides transparent integration with `WebSession`. We offer this content so that you can understand what is happening under the covers. This functionality is already integrated and you do NOT need to implement this logic yourself.|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
First, we create a custom `SpringSessionWebSession` that delegates to Spring Session’s `Session`.
It looks something like the following:
```
public class SpringSessionWebSession implements WebSession {
enum State {
NEW, STARTED
}
private final S session;
private AtomicReference<State> state = new AtomicReference<>();
SpringSessionWebSession(S session, State state) {
this.session = session;
this.state.set(state);
}
@Override
public void start() {
this.state.compareAndSet(State.NEW, State.STARTED);
}
@Override
public boolean isStarted() {
State value = this.state.get();
return (State.STARTED.equals(value)
|| (State.NEW.equals(value) && !this.session.getAttributes().isEmpty()));
}
@Override
public Mono<Void> changeSessionId() {
return Mono.defer(() -> {
this.session.changeSessionId();
return save();
});
}
// ... other methods delegate to the original Session
}
```
Next, we create a custom `WebSessionStore` that delegates to the `ReactiveSessionRepository` and wraps `Session` into custom `WebSession` implementation, as the following listing shows:
```
public class SpringSessionWebSessionStore<S extends Session> implements WebSessionStore {
private final ReactiveSessionRepository<S> sessions;
public SpringSessionWebSessionStore(ReactiveSessionRepository<S> reactiveSessionRepository) {
this.sessions = reactiveSessionRepository;
}
// ...
}
```
To be detected by Spring WebFlux, this custom `WebSessionStore` needs to be registered with `ApplicationContext` as a bean named `webSessionManager`.
For additional information on Spring WebFlux, see the [Spring Framework Reference Documentation](https://docs.spring.io/spring-framework/docs/5.3.16/reference/html/web-reactive.html).
\ No newline at end of file
docs/spring-session/en/web-socket.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
# WebSocket Integration
Spring Session provides transparent integration with Spring’s WebSocket support.
| |Spring Session’s WebSocket support works only with Spring’s WebSocket support.<br/>Specifically,it does not work with using [JSR-356](https://www.jcp.org/en/jsr/detail?id=356) directly, because JSR-356 does not have a mechanism for intercepting incoming WebSocket messages.|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
## [](#websocket-why)Why Spring Session and WebSockets?
So why do we need Spring Session when we use WebSockets?
Consider an email application that does much of its work through HTTP requests.
However, there is also a chat application embedded within it that works over WebSocket APIs.
If a user is actively chatting with someone, we should not timeout the `HttpSession`, since this would be a pretty poor user experience.
However, this is exactly what [JSR-356](https://java.net/jira/browse/WEBSOCKET_SPEC-175) does.
Another issue is that, according to JSR-356, if the `HttpSession` times out, any WebSocket that was created with that `HttpSession` and an authenticated user should be forcibly closed.
This means that, if we are actively chatting in our application and are not using the HttpSession, we also do disconnect from our conversation.
## [](#websocket-usage)WebSocket Usage
The [ WebSocket Sample](samples.html#samples) provides a working sample of how to integrate Spring Session with WebSockets.
You can follow the basic steps for integration described in the next few headings, but we encourage you to follow along with the detailed WebSocket Guide when integrating with your own application.
### [](#websocket-httpsession)`HttpSession` Integration
Before using WebSocket integration, you should be sure that you have [`HttpSession` Integration](http-session.html#httpsession) working first.
#### [](#websocket-spring-configuration)Spring Configuration
In a typical Spring WebSocket application, you would implement `WebSocketMessageBrokerConfigurer`.
For example, the configuration might look something like the following:
```
@Configuration
@EnableScheduling
@EnableWebSocketMessageBroker
public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/messages").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry registry) {
registry.enableSimpleBroker("/queue/", "/topic/");
registry.setApplicationDestinationPrefixes("/app");
}
}
```
We can update our configuration to use Spring Session’s WebSocket support.
The following example shows how to do so:
src/main/java/samples/config/WebSocketConfig.java
```
@Configuration
@EnableScheduling
@EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractSessionWebSocketMessageBrokerConfigurer<Session> { (1)
@Override
protected void configureStompEndpoints(StompEndpointRegistry registry) { (2)
registry.addEndpoint("/messages").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry registry) {
registry.enableSimpleBroker("/queue/", "/topic/");
registry.setApplicationDestinationPrefixes("/app");
}
}
```
To hook in the Spring Session support we only need to change two things:
|**1**|Instead of implementing `WebSocketMessageBrokerConfigurer`, we extend `AbstractSessionWebSocketMessageBrokerConfigurer`|
|-----|-----------------------------------------------------------------------------------------------------------------------|
|**2**| We rename the `registerStompEndpoints` method to `configureStompEndpoints` |
What does `AbstractSessionWebSocketMessageBrokerConfigurer` do behind the scenes?
* `WebSocketConnectHandlerDecoratorFactory` is added as a `WebSocketHandlerDecoratorFactory` to `WebSocketTransportRegistration`.
This ensures a custom `SessionConnectEvent` is fired that contains the `WebSocketSession`.
The `WebSocketSession` is necessary to end any WebSocket connections that are still open when a Spring Session is ended.
* `SessionRepositoryMessageInterceptor` is added as a `HandshakeInterceptor` to every `StompWebSocketEndpointRegistration`.
This ensures that the `Session` is added to the WebSocket properties to enable updating the last accessed time.
* `SessionRepositoryMessageInterceptor` is added as a `ChannelInterceptor` to our inbound `ChannelRegistration`.
This ensures that every time an inbound message is received, that the last accessed time of our Spring Session is updated.
* `WebSocketRegistryListener` is created as a Spring bean.
This ensures that we have a mapping of all of the `Session` IDs to the corresponding WebSocket connections.
By maintaining this mapping, we can close all the WebSocket connections when a Spring Session (HttpSession) is ended.
\ No newline at end of file
docs/spring-session/en/whats-new.md 已删除 100644 → 0
浏览文件 @ a3ae08b0
# What’s New
Check also the Spring Session BOM [release notes](https://github.com/spring-projects/spring-session-bom/wiki#release-notes)for a list of new and noteworthy features, as well as upgrade instructions for each release.
\ No newline at end of file
docs/spring-session/http-session.md
浏览文件 @ c076dca0
此差异已折叠。
docs/spring-session/index.md
浏览文件 @ c076dca0
# Spring 会议
Spring 会话提供了用于管理用户的会话信息的 API 和实现。
Spring Session 提供了用于管理用户的会话信息的 API 和实现。
Spring 会话提供了用于管理用户会话信息的 API 和实现,同时也使得在不绑定到特定于应用程序容器的解决方案的情况下支持群集会话变得非常简单。它还提供了以下方面的透明整合:
Spring Session 提供了用于管理用户会话信息的 API 和实现,同时也使得在不绑定到特定于应用程序容器的解决方案的情况下支持群集会话变得非常简单。它还提供了以下方面的透明整合:
* [HttpSession ](http-session.html#httpsession):允许以与应用程序容器无关的方式替换`HttpSession`,并支持在头文件中提供会话 ID,以便与 RESTful API 一起工作。
......@@ -10,9 +10,9 @@ Spring 会话提供了用于管理用户会话信息的 API 和实现,同时
* [WebSession](web-session.html#websession):允许以与应用程序容器无关的方式替换 Spring WebFlux 的`WebSession`
## [](#community) Spring 会话社区
## [](#community) Spring Session 社区
我们 GLAD 将你视为我们社区的一部分。以下各节提供了有关如何与 Spring 会话社区交互的更多信息。
我们 GLAD 将你视为我们社区的一部分。以下各节提供了有关如何与 Spring Session 社区交互的更多信息。
### [](#community-support)支持
......@@ -32,7 +32,7 @@ Spring 会话提供了用于管理用户会话信息的 API 和实现,同时
### [](#community-license)许可证
Spring 会话是在[Apache2.0 许可证](https://www.apache.org/licenses/LICENSE-2.0)下发布的开源软件。
Spring Session 是在[Apache2.0 许可证](https://www.apache.org/licenses/LICENSE-2.0)下发布的开源软件。
### [](#community-extensions)社区扩展
......@@ -54,5 +54,5 @@ Spring 场会议的最低要求是:
* `@EnableHazelcastHttpSession`需要 HazelCast3.6+。这是支持[`FindByIndexNameSessionRepository`]所必需的(api.html#api-enablehazelcasthtpsession-storage)
| |在其核心, Spring 会话仅对`spring-jcl`具有所需的依赖关系。<br/>关于使用 Spring 会话而不使用任何其他 Spring 依赖关系的示例,请参见[Hazelcast 样品](samples.html#samples)应用程序。|
| |在其核心, Spring Session 仅对`spring-jcl`具有所需的依赖关系。<br/>关于使用 Spring Session 而不使用任何其他 Spring 依赖关系的示例,请参见[Hazelcast 样品](samples.html#samples)应用程序。|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
\ No newline at end of file
docs/spring-session/modules.md
浏览文件 @ c076dca0
# Spring 会话模块
# Spring Session 模块
在 Spring session1.x 中, Spring session 的所有`SessionRepository`实现都在`spring-session`工件中可用。虽然方便,但这种方法不能长期持续,因为项目中增加了更多的特性和`SessionRepository`实现。
在 Spring Session2.0 中,将几个模块拆分成独立的模块和托管存储库。 Spring MongoDB 的会话已退役,但后来作为一个单独的模块重新激活。从 Spring 会话 2.6 开始,MongoDB 的 Spring 会话被合并回 Spring 会话
在 Spring Session2.0 中,将几个模块拆分成独立的模块和托管存储库。 Spring MongoDB 的会话已退役,但后来作为一个单独的模块重新激活。从 Spring Session 2.6 开始,MongoDB 的 Spring Session 被合并回 Spring Session
现在,各种存储库和模块的情况如下:
* [`spring-session`Repository](https://github.com/ Spring-projects/ Spring-session)
* 主持 Spring 会话核心、 Spring MongoDB 会话、 Spring Redis 会话、 Spring 会话 JDBC 和 Spring 会话 Hazelcast 模块。
* 主持 Spring Session 核心、 Spring MongoDB 会话、 Spring Redis 会话、 Spring Session JDBC 和 Spring Session Hazelcast 模块。
* [`spring-session-data-geode`Repository](https://github.com/ Spring-projects/ Spring-session-data-geode)
* 托管 Spring 会话数据 Geode 模块。 Spring 会话数据 Geode 有其自己的用户指南,你可以在[[https://spring.io/projects/spring-session-data-geode#learn](https://spring.io/projects/spring-session-data-geode#learn)站点]上找到它。
* 托管 Spring Session 数据 Geode 模块。 Spring Session 数据 Geode 有其自己的用户指南,你可以在[[https://spring.io/projects/spring-session-data-geode#learn](https://spring.io/projects/spring-session-data-geode#learn)站点]上找到它。
最后, Spring Session 还提供了一个 Maven BOM(“物料清单”)模块,以帮助用户处理版本管理问题:
* [`spring-session-bom`Repository](https://github.com/ Spring-projects/ Spring-session-bom)
* 主持 Spring 会话 BOM 模块
\ No newline at end of file
* 主持 Spring Session BOM 模块
\ No newline at end of file
docs/spring-session/samples.md
浏览文件 @ c076dca0
# 示例和指南(从这里开始)
要开始使用 Spring 会话,最好的起点是我们的示例应用程序。
要开始使用 Spring Session ,最好的起点是我们的示例应用程序。
|来源| Description | Guide |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|
......
docs/spring-session/spring-security.md
浏览文件 @ c076dca0
# Spring 安全集成
Spring 会话提供了具有 Spring 安全性的集成。
Spring Session 提供了具有 Spring 安全性的集成。
## [](#spring-security-rememberme) Spring 安全 Remember-Me 支持
Spring 会话提供了与[Spring Security’s Remember-me Authentication](https://docs.spring.io/spring-security/site/docs/5.6.2/reference/html5/#servlet-rememberme)的集成。支持:
Spring Session 提供了与[Spring Security’s Remember-me Authentication](https://docs.spring.io/spring-security/site/docs/5.6.2/reference/html5/#servlet-rememberme)的集成。支持:
* 更改会话过期长度
* 确保会话 cookie 在`Integer.MAX_VALUE`处过期。cookie 过期时间被设置为可能的最大值,因为只有在创建会话时才设置 cookie 过期时间。如果将其设置为与会话到期日相同的值,则会话将在用户使用会话时获得更新,但不会更新 cookie 到期日(导致过期时间固定)。
要在 Java 配置中配置具有 Spring 安全性的 Spring 会话,可以使用以下清单作为指导:
要在 Java 配置中配置具有 Spring 安全性的 Spring Session ,可以使用以下清单作为指导:
```
@Override
......@@ -48,7 +48,7 @@ public SpringSessionRememberMeServices rememberMeServices() {
## [](#spring-security-concurrent-sessions) Spring 安全并发会话控制
Spring 会话提供与 Spring 安全性的集成,以支持其并发的会话控制。这允许限制单个用户可以并发的活动会话的数量,但是,与默认的 Spring 安全支持不同,这也适用于集群环境。这是通过提供 Spring Security 的`SessionRegistry`接口的自定义实现来完成的。
Spring Session 提供与 Spring 安全性的集成,以支持其并发的会话控制。这允许限制单个用户可以并发的活动会话的数量,但是,与默认的 Spring 安全支持不同,这也适用于集群环境。这是通过提供 Spring Security 的`SessionRegistry`接口的自定义实现来完成的。
当使用 Spring Security 的 Java Config DSL 时,你可以通过`SessionManagementConfigurer`配置自定义`SessionRegistry`,如下所示:
......@@ -79,7 +79,7 @@ public class SecurityConfiguration<S extends Session> extends WebSecurityConfigu
}
```
这假定你还配置了 Spring 会话,以提供一个`FindByIndexNameSessionRepository`,返回`Session`实例。
这假定你还配置了 Spring Session ,以提供一个`FindByIndexNameSessionRepository`,返回`Session`实例。
当使用 XML 配置时,它看起来类似于以下清单:
......@@ -97,7 +97,7 @@ public class SecurityConfiguration<S extends Session> extends WebSecurityConfigu
</bean>
```
这假定你的 Spring 会话`SessionRegistry` Bean 被称为`sessionRegistry`,这是所有`SpringHttpSessionConfiguration`子类使用的名称。
这假定你的 Spring Session `SessionRegistry` Bean 被称为`sessionRegistry`,这是所有`SpringHttpSessionConfiguration`子类使用的名称。
## [](#spring-security-concurrent-sessions-limitations)限制
......
docs/spring-session/upgrading.md
浏览文件 @ c076dca0
# 升级到 2.x
有了新的主要版本, Spring 会话团队利用这个机会进行了一些非被动的更改。这些更改的重点是改进和协调 Spring Session 的 API,以及删除不受欢迎的组件。
有了新的主要版本, Spring Session 团队利用这个机会进行了一些非被动的更改。这些更改的重点是改进和协调 Spring Session 的 API,以及删除不受欢迎的组件。
## [](#_baseline_update)基线更新
Spring 会话 2.0 需要 Java8 和 Spring Framework5.0 作为基线,因为其整个代码库现在基于 Java8 源代码。有关升级 Spring 框架的更多信息,请参见[Upgrading to Spring Framework 5.x](https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-5.x)
Spring Session 2.0 需要 Java8 和 Spring Framework5.0 作为基线,因为其整个代码库现在基于 Java8 源代码。有关升级 Spring 框架的更多信息,请参见[Upgrading to Spring Framework 5.x](https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-5.x)
## [](#_replaced_and_removed_modules)替换和移除模块
......@@ -14,13 +14,13 @@ Spring 会话 2.0 需要 Java8 和 Spring Framework5.0 作为基线,因为其
* Spring Redis 会议
* Spring 会话 JDBC
* Spring Session JDBC
* Spring 会议 Hazelcast
此外,从主项目存储库中删除了以下内容:
* Spring 会话数据 Gemfire
* Spring Session 数据 Gemfire
* [`spring-session-data-geode`](https://github.com/ Spring-projects/ Spring-session-data-geode)
......@@ -40,9 +40,9 @@ Spring 会话 2.0 需要 Java8 和 Spring Framework5.0 作为基线,因为其
* `RedisOperationsSessionRepository`使用的 Redis 命名空间现在是完全可配置的,而不是部分可配置的。
* 已更新了 Redis 配置支持,以避免注册 Spring 会话特定的`RedisTemplate` Bean。
* 已更新了 Redis 配置支持,以避免注册 Spring Session 特定的`RedisTemplate` Bean。
* 已更新了 JDBC 配置支持,以避免注册 Spring 会话特定的`JdbcTemplate` Bean。
* 已更新了 JDBC 配置支持,以避免注册 Spring Session 特定的`JdbcTemplate` Bean。
* 以前不推荐的类和方法已在整个代码库中被删除。
......
docs/spring-session/web-session.md
浏览文件 @ c076dca0
# WebSession 集成
Spring 会话提供了与 Spring WebFlux 的`WebSession`的透明集成。这意味着你可以使用 Spring 会话支持的实现来切换`WebSession`实现。
Spring Session 提供了与 Spring WebFlux 的`WebSession`的透明集成。这意味着你可以使用 Spring Session 支持的实现来切换`WebSession`实现。
## [](#websession-why)为什么要进行会话和 WebSession?
我们已经提到, Spring 会话提供了与 Spring WebFlux 的`WebSession`的透明集成,但是我们从中得到了什么好处呢?与`HttpSession`一样, Spring 会话使得在不绑定到特定于应用程序容器的解决方案的情况下支持[群集会话](#websession-redis)变得非常简单。
我们已经提到, Spring Session 提供了与 Spring WebFlux 的`WebSession`的透明集成,但是我们从中得到了什么好处呢?与`HttpSession`一样, Spring Session 使得在不绑定到特定于应用程序容器的解决方案的情况下支持[群集会话](#websession-redis)变得非常简单。
## [](#websession-redis)与 Redis 的 WebSession
使用 Spring session with`WebSession`是通过注册一个`WebSessionManager`实现来启用的,该实现由 Spring session 的`ReactiveSessionRepository`支持。 Spring 配置负责创建一个`WebSessionManager`,该实现用 Spring 会话支持的实现替换`WebSession`实现。要做到这一点,请添加以下 Spring 配置:
使用 Spring session with`WebSession`是通过注册一个`WebSessionManager`实现来启用的,该实现由 Spring session 的`ReactiveSessionRepository`支持。 Spring 配置负责创建一个`WebSessionManager`,该实现用 Spring Session 支持的实现替换`WebSession`实现。要做到这一点,请添加以下 Spring 配置:
```
@EnableRedisWebSession (1)
......@@ -22,18 +22,18 @@ public class SessionConfiguration {
}
```
|**1**|`@EnableRedisWebSession`注释创建了一个名为`webSessionManager`的 Spring Bean。这个 Bean 实现了`WebSessionManager`<br/>这就是负责替换要由 Spring 会话支持的`WebSession`实现的内容。<br/>在这个实例中, Spring 会话是由 Redis 支持的。|
|**1**|`@EnableRedisWebSession`注释创建了一个名为`webSessionManager`的 Spring Bean。这个 Bean 实现了`WebSessionManager`<br/>这就是负责替换要由 Spring Session 支持的`WebSession`实现的内容。<br/>在这个实例中, Spring Session 是由 Redis 支持的。|
|-----|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|**2**|我们创建一个`RedisConnectionFactory`将 Spring 会话连接到 Redis 服务器。<br/>我们将连接配置为在默认端口(6379)<br/>上连接到 localhost。有关配置 Spring 数据 Redis 的更多信息,请参见[参考文献](https://docs.spring.io/spring-data/data-redis/docs/2.6.2/reference/html/)。|
|**2**|我们创建一个`RedisConnectionFactory`将 Spring Session 连接到 Redis 服务器。<br/>我们将连接配置为在默认端口(6379)<br/>上连接到 localhost。有关配置 Spring 数据 Redis 的更多信息,请参见[参考文献](https://docs.spring.io/spring-data/data-redis/docs/2.6.2/reference/html/)。|
## [](#websession-how)WebSession 集成如何工作
与 Servlet API 及其`HttpSession`相比, Spring 会话与 Spring WebFlux 及其`WebSession`集成要容易得多。 Spring WebFlux 提供了`WebSessionStore`API,该 API 提供了用于持久化`WebSession`的策略。
与 Servlet API 及其`HttpSession`相比, Spring Session 与 Spring WebFlux 及其`WebSession`集成要容易得多。 Spring WebFlux 提供了`WebSessionStore`API,该 API 提供了用于持久化`WebSession`的策略。
| |本节描述 Spring 会话如何使用`WebSession`提供透明的集成。我们提供这些内容,这样你就可以了解幕后发生了什么。这个功能已经集成了,你不需要自己实现这个逻辑。|
| |本节描述 Spring Session 如何使用`WebSession`提供透明的集成。我们提供这些内容,这样你就可以了解幕后发生了什么。这个功能已经集成了,你不需要自己实现这个逻辑。|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
首先,我们创建一个自定义的`SpringSessionWebSession`,它将委托给 Spring 会话`Session`。它看起来是这样的:
首先,我们创建一个自定义的`SpringSessionWebSession`,它将委托给 Spring Session `Session`。它看起来是这样的:
```
public class SpringSessionWebSession implements WebSession {
......
docs/spring-session/web-socket.md
浏览文件 @ c076dca0
# WebSocket 整合
Spring 会话提供了 Spring 的 WebSocket 支持的透明集成。
Spring Session 提供了 Spring 的 WebSocket 支持的透明集成。
| |Spring Session 的 WebSocket 支持仅对 Spring 的 WebSocket 支持有效。<br/>具体来说,它不能直接使用[JSR-356](https://www.jcp.org/en/jsr/detail?id=356),因为 JSR-356 没有拦截传入 WebSocket 消息的机制。|
|---|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
## [](#websocket-why)为什么要使用会话和 WebSockets?
那么,当我们使用 WebSockets 时,为什么需要 Spring 会话呢?
那么,当我们使用 WebSockets 时,为什么需要 Spring Session 呢?
考虑一个电子邮件应用程序,它的大部分工作都是通过 HTTP 请求完成的。然而,其中还嵌入了一个聊天应用程序,该应用程序可以在 WebSocket API 上工作。如果用户正在积极地与某人聊天,我们不应该超时`HttpSession`,因为这将是一个非常糟糕的用户体验。然而,这正是[JSR-356](https://java.net/jira/browse/WEBSOCKET_SPEC-175)所做的。
......@@ -15,7 +15,7 @@ Spring 会话提供了 Spring 的 WebSocket 支持的透明集成。
## [](#websocket-usage) WebSocket 用法
[ WebSocket Sample](samples.html#samples)提供了如何将 Spring 会话与 WebSockets 集成的工作示例。你可以遵循下面几个标题中描述的集成的基本步骤,但我们鼓励你在与自己的应用程序集成时遵循详细的 WebSocket 指南。
[ WebSocket Sample](samples.html#samples)提供了如何将 Spring Session 与 WebSockets 集成的工作示例。你可以遵循下面几个标题中描述的集成的基本步骤,但我们鼓励你在与自己的应用程序集成时遵循详细的 WebSocket 指南。
### [](#websocket-httpsession)`HttpSession`积分
......@@ -45,7 +45,7 @@ public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
}
```
我们可以更新配置以使用 Spring 会话的 WebSocket 支持。下面的示例展示了如何做到这一点:
我们可以更新配置以使用 Spring Session 的 WebSocket 支持。下面的示例展示了如何做到这一点:
SRC/main/java/samples/config/websocketconfig.java
......@@ -69,7 +69,7 @@ public class WebSocketConfig extends AbstractSessionWebSocketMessageBrokerConfig
}
```
要连接 Spring 会话支持,我们只需要更改两件事:
要连接 Spring Session 支持,我们只需要更改两件事:
|**1**|而不是实现`WebSocketMessageBrokerConfigurer`,我们扩展`AbstractSessionWebSocketMessageBrokerConfigurer`|
|-----|-----------------------------------------------------------------------------------------------------------------------|
......@@ -77,10 +77,10 @@ public class WebSocketConfig extends AbstractSessionWebSocketMessageBrokerConfig
`AbstractSessionWebSocketMessageBrokerConfigurer`在幕后做什么?
* `WebSocketConnectHandlerDecoratorFactory`作为`WebSocketHandlerDecoratorFactory`添加到`WebSocketTransportRegistration`。这确保了一个包含`WebSocketSession`的自定义`SessionConnectEvent`被触发。当 Spring 会话结束时,要结束任何 WebSocket 仍处于打开状态的连接,`WebSocketSession`是必需的。
* `WebSocketConnectHandlerDecoratorFactory`作为`WebSocketHandlerDecoratorFactory`添加到`WebSocketTransportRegistration`。这确保了一个包含`WebSocketSession`的自定义`SessionConnectEvent`被触发。当 Spring Session 结束时,要结束任何 WebSocket 仍处于打开状态的连接,`WebSocketSession`是必需的。
* `SessionRepositoryMessageInterceptor`作为`HandshakeInterceptor`添加到每个`StompWebSocketEndpointRegistration`。这确保将`Session`添加到 WebSocket 属性中,以允许更新上次访问的时间。
* `SessionRepositoryMessageInterceptor`作为`ChannelInterceptor`添加到我们的入站`ChannelRegistration`中。这确保了每次接收入站消息时,都会更新 Spring 会话的最后一次访问时间。
* `SessionRepositoryMessageInterceptor`作为`ChannelInterceptor`添加到我们的入站`ChannelRegistration`中。这确保了每次接收入站消息时,都会更新 Spring Session 的最后一次访问时间。
* `WebSocketRegistryListener`被创建为 Spring Bean。这确保了我们将所有`Session`ID 映射到相应的 WebSocket 连接。通过维护此映射,我们可以在 Spring 会话结束时关闭所有 WebSocket 连接。
\ No newline at end of file
* `WebSocketRegistryListener`被创建为 Spring Bean。这确保了我们将所有`Session`ID 映射到相应的 WebSocket 连接。通过维护此映射,我们可以在 Spring Session 结束时关闭所有 WebSocket 连接。
\ No newline at end of file
docs/spring-session/whats-new.md
浏览文件 @ c076dca0
# 有什么新鲜事吗?
# 最新更新
还请检查 Spring 会话 BOM[发行说明](https://github.com/spring-projects/spring-session-bom/wiki#release-notes),以获取新的和值得注意的功能的列表,以及每个版本的升级说明。
\ No newline at end of file
还请检查 Spring Session BOM[发行说明](https://github.com/spring-projects/spring-session-bom/wiki#release-notes),以获取新的和值得注意的功能的列表,以及每个版本的升级说明。
\ No newline at end of file
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册