HST - Spring Framework Support

Introduction

Spring Session project provides an API and implementations for managing a user’s session information. With the project, you can easily integrate with Spring Session Data Redis, Spring Session JDBC, Spring Session Hazelcast, etc.

However, in (local) development environment, you might not want to use the backends such as Redis, JDBC or Hazelcast, but you can simply want to use container-provided HttpSession storage internally without changing much Spring Session specific configuration.

This project provides org.onehippo.forge.hst.spring.support.session.map.MapHttpSessionConfiguration and org.onehippo.forge.hst.spring.support.session.servlet.HttpSessionDelegatingHttpSessionConfiguration for easy development and transition to the enterprise-level backend system afterward.

Dependencies

As Spring Session project depends on Spring Framework and optionally on Spring Security Framework, you should make sure all of the compatible dependencies are included in your project, depending on which backend you want to use.

For example, the following dependency will not include anything from Spring Framework or Spring Security Framework transitively because it has optional dependencies on those:

      <dependency>
        <groupId>org.springframework.session</groupId>
        <artifactId>spring-session</artifactId>
        <version>${spring-session.version}</version>
      </dependency>
        

Note: Find compatible versions of any dependencies with spring-session and make sure everything included properly.

MapHttpSessionConfiguration

This is a simple Java-based configuration class to use org.springframework.session.MapSessionRepository as SessionRepository.

To enable this option, you should add the following in Spring Web Application context configuration file (e.g, /WEB-INF/applicationContext.xml) like the following:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:context="http://www.springframework.org/schema/context"
  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd">

  <context:annotation-config />

  <bean class="org.onehippo.forge.hst.spring.support.session.map.MapHttpSessionConfiguration" />

</beans>
        

And you should add the following servlet filter configuration in web.xml:

  <!-- SNIP -->

  <filter>
    <filter-name>springSessionRepositoryFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>

  <!-- SNIP -->

  <filter-mapping>
    <filter-name>springSessionRepositoryFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <!-- SNIP -->

        

Note: The springSessionRepositoryFilter filter mapping should be put before HstFilter or any other servlet filters which could involve HttpSession usages.

HttpSessionDelegatingHttpSessionConfiguration

This is a simple Java-based configuration class to use org.onehippo.forge.hst.spring.support.session.servlet.HttpSessionDelegatingRepository as SessionRepository.

HttpSessionDelegatingRepository is mostly for (local) development purpose. By using almost the same configuration even in the development mode, you can easily switch the spring-session configuration easily, without having to change your web.xml in (local) development to disable spring-session filters for instance.

To enable this option, you should add the following in Spring Web Application context configuration file (e.g, /WEB-INF/applicationContext.xml) like the following:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:context="http://www.springframework.org/schema/context"
  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd">

  <context:annotation-config />

  <bean class="org.onehippo.forge.hst.spring.support.session.servlet.HttpSessionDelegatingHttpSessionConfiguration" />

</beans>
        

And you should add the following servlet filter configuration in web.xml:

  <!-- SNIP -->

  <filter>
    <filter-name>servletRequestAwareFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>

  <filter>
    <filter-name>springSessionRepositoryFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>

  <!-- SNIP -->

  <filter-mapping>
    <filter-name>servletRequestAwareFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <filter-mapping>
    <filter-name>springSessionRepositoryFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <!-- SNIP -->

        

Note: Both servletRequestAwareFilter and springSessionRepositoryFilter filter mappings should be put before HstFilter or any other servlet filters which could involve HttpSession usages. servletRequestAwareFilter allows the next filter chain invocation to access the current HttpServletRequest object from which HttpSessionDelegatingRepository may access the current request's HttpSession object.