How do you use Hazelcast as a http session store with embedded Tomcat with Spring Boot and Spring Security? I see there is a EmbeddedServletContainerCustomizer and SpringAwareWebFilter but I don't understand how to use it.
问题:
回答1:
As described in Hazelcast's documentation, you need to configure Hazelcast's SpringAwareWebFilter
and SessionListener
. You can do so in Spring Boot by declaring a FilterRegistrationBean
and a ServletListenerRegistrationBean
respectively:
@Bean
public FilterRegistrationBean hazelcastFilter() {
FilterRegistrationBean registration = new FilterRegistrationBean(new SpringAwareWebFilter());
registration.addUrlPatterns("/*");
registration.setDispatcherTypes(DispatcherType.REQUEST, DispatcherType.FORWARD, DispatcherType.INCLUDE);
// Configure init parameters as appropriate:
// registration.addInitParameter("foo", "bar");
return registration;
}
@Bean
public ServletListenerRegistrationBean<SessionListener> hazelcastSessionListener() {
return new ServletListenerRegistrationBean<SessionListener>(new SessionListener());
}
SpringAwareWebFilter
and SessionListener
are both in Hazelcast's hazelcast-wm
module so you'll need to add a dependency on com.hazelcast:hazelcast-wm
to your pom.xml
or build.gradle
. hazelcast-wm
also requires Spring Security to be on the classpath.
Now, when you run your application, you should see log output from Hazelcast during startup that's similar to the following:
2014-12-17 10:29:32.401 INFO 94332 --- [ost-startStop-1] com.hazelcast.config.XmlConfigLocator : Loading 'hazelcast-default.xml' from classpath.
2014-12-17 10:29:32.435 INFO 94332 --- [ost-startStop-1] c.hazelcast.web.HazelcastInstanceLoader : Creating a new HazelcastInstance for session replication
2014-12-17 10:29:32.582 INFO 94332 --- [ost-startStop-1] c.h.instance.DefaultAddressPicker : [LOCAL] [dev] [3.3.3] Prefer IPv4 stack is true.
2014-12-17 10:29:32.590 INFO 94332 --- [ost-startStop-1] c.h.instance.DefaultAddressPicker : [LOCAL] [dev] [3.3.3] Picked Address[169.254.144.237]:5701, using socket ServerSocket[addr=/0:0:0:0:0:0:0:0,localport=5701], bind any local is true
2014-12-17 10:29:32.612 INFO 94332 --- [ost-startStop-1] c.h.spi.impl.BasicOperationScheduler : [169.254.144.237]:5701 [dev] [3.3.3] Starting with 16 generic operation threads and 16 partition operation threads.
2014-12-17 10:29:32.657 INFO 94332 --- [ost-startStop-1] com.hazelcast.system : [169.254.144.237]:5701 [dev] [3.3.3] Hazelcast 3.3.3 (20141112 - eadb69c) starting at Address[169.254.144.237]:5701
2014-12-17 10:29:32.657 INFO 94332 --- [ost-startStop-1] com.hazelcast.system : [169.254.144.237]:5701 [dev] [3.3.3] Copyright (C) 2008-2014 Hazelcast.com
2014-12-17 10:29:32.661 INFO 94332 --- [ost-startStop-1] com.hazelcast.instance.Node : [169.254.144.237]:5701 [dev] [3.3.3] Creating MulticastJoiner
2014-12-17 10:29:32.664 INFO 94332 --- [ost-startStop-1] com.hazelcast.core.LifecycleService : [169.254.144.237]:5701 [dev] [3.3.3] Address[169.254.144.237]:5701 is STARTING
2014-12-17 10:29:38.482 INFO 94332 --- [ost-startStop-1] com.hazelcast.cluster.MulticastJoiner : [169.254.144.237]:5701 [dev] [3.3.3]
Members [1] {
Member [169.254.144.237]:5701 this
}
2014-12-17 10:29:38.503 INFO 94332 --- [ost-startStop-1] com.hazelcast.core.LifecycleService : [169.254.144.237]:5701 [dev] [3.3.3] Address[169.254.144.237]:5701 is STARTED
回答2:
Why not uses Spring-session? It is pretty easy.
Instead of using Tomcat’s HttpSession, we are actually persisting the values in Redis. Spring Session replaces the HttpSession with an implementation that is backed by Redis. When Spring Security’s SecurityContextPersistenceFilter saves the SecurityContext to the HttpSession it is then persisted into Redis.
@EnableRedisHttpSession
public class HttpSessionConfig {
}
#src/main/resources/application.properties
spring.redis.host=localhost
spring.redis.password=secret
spring.redis.port=6379
http://docs.spring.io/spring-session/docs/current/reference/html5/guides/boot.html