您如何使用 Hazelcast 作为带有 Spring Boot 和 Spring Security 的嵌入式 Tomcat 的 http 会话存储?我看到有一个 EmbeddedServletContainerCustomizer 和 SpringAwareWebFilter 但我不明白如何使用它。
2 回答
如Hazelcast 的文档中所述,您需要配置 HazelcastSpringAwareWebFilter
和SessionListener
. 您可以通过分别声明 aFilterRegistrationBean
和 a在 Spring Boot 中执行此操作ServletListenerRegistrationBean
:
@Bean
public FilterRegistrationBean hazelcastFilter() {
FilterRegistrationBean registration = new FilterRegistrationBean(new SpringAwareWebFilter());
registration.addUrlPatterns("/*");
registration.setDispatcherTypes(DispatcherType.REQUEST, DispatcherType.FORWARD, DispatcherType.INCLUDE);
// Configure init parameters as appropriate:
// registration.addInitParameter("foo", "bar");
return registration;
}
@Bean
public ServletListenerRegistrationBean<SessionListener> hazelcastSessionListener() {
return new ServletListenerRegistrationBean<SessionListener>(new SessionListener());
}
SpringAwareWebFilter
并且SessionListener
都在 Hazelcast 的hazelcast-wm
模块中,因此您需要在 or 上添加com.hazelcast:hazelcast-wm
依赖pom.xml
项build.gradle
。hazelcast-wm
还要求 Spring Security 在类路径上。
现在,当您运行应用程序时,您应该会在启动期间看到 Hazelcast 的日志输出,类似于以下内容:
2014-12-17 10:29:32.401 INFO 94332 --- [ost-startStop-1] com.hazelcast.config.XmlConfigLocator : Loading 'hazelcast-default.xml' from classpath.
2014-12-17 10:29:32.435 INFO 94332 --- [ost-startStop-1] c.hazelcast.web.HazelcastInstanceLoader : Creating a new HazelcastInstance for session replication
2014-12-17 10:29:32.582 INFO 94332 --- [ost-startStop-1] c.h.instance.DefaultAddressPicker : [LOCAL] [dev] [3.3.3] Prefer IPv4 stack is true.
2014-12-17 10:29:32.590 INFO 94332 --- [ost-startStop-1] c.h.instance.DefaultAddressPicker : [LOCAL] [dev] [3.3.3] Picked Address[169.254.144.237]:5701, using socket ServerSocket[addr=/0:0:0:0:0:0:0:0,localport=5701], bind any local is true
2014-12-17 10:29:32.612 INFO 94332 --- [ost-startStop-1] c.h.spi.impl.BasicOperationScheduler : [169.254.144.237]:5701 [dev] [3.3.3] Starting with 16 generic operation threads and 16 partition operation threads.
2014-12-17 10:29:32.657 INFO 94332 --- [ost-startStop-1] com.hazelcast.system : [169.254.144.237]:5701 [dev] [3.3.3] Hazelcast 3.3.3 (20141112 - eadb69c) starting at Address[169.254.144.237]:5701
2014-12-17 10:29:32.657 INFO 94332 --- [ost-startStop-1] com.hazelcast.system : [169.254.144.237]:5701 [dev] [3.3.3] Copyright (C) 2008-2014 Hazelcast.com
2014-12-17 10:29:32.661 INFO 94332 --- [ost-startStop-1] com.hazelcast.instance.Node : [169.254.144.237]:5701 [dev] [3.3.3] Creating MulticastJoiner
2014-12-17 10:29:32.664 INFO 94332 --- [ost-startStop-1] com.hazelcast.core.LifecycleService : [169.254.144.237]:5701 [dev] [3.3.3] Address[169.254.144.237]:5701 is STARTING
2014-12-17 10:29:38.482 INFO 94332 --- [ost-startStop-1] com.hazelcast.cluster.MulticastJoiner : [169.254.144.237]:5701 [dev] [3.3.3]
Members [1] {
Member [169.254.144.237]:5701 this
}
2014-12-17 10:29:38.503 INFO 94332 --- [ost-startStop-1] com.hazelcast.core.LifecycleService : [169.254.144.237]:5701 [dev] [3.3.3] Address[169.254.144.237]:5701 is STARTED
为什么不使用 Spring-session?这很容易。
我们实际上没有使用 Tomcat 的 HttpSession,而是将值持久化在 Redis 中。Spring Session 将 HttpSession 替换为由 Redis 支持的实现。当 Spring Security 的 SecurityContextPersistenceFilter 将 SecurityContext 保存到 HttpSession 时,它会被持久化到 Redis 中。
@EnableRedisHttpSession
public class HttpSessionConfig {
}
#src/main/resources/application.properties
spring.redis.host=localhost
spring.redis.password=secret
spring.redis.port=6379
http://docs.spring.io/spring-session/docs/current/reference/html5/guides/boot.html