3

我们实现了由 Redis 支持的 Spring Session,并拥有一个 Tomcat 服务器集群。当我们通过不设置 jvmRoute 关闭粘性会话时,我们在 jcaptcha 服务中不断收到“文本验证失败”。我认为这是因为 jcaptcha servlet 对 Spring Dispatcher servlet 一无所知,它具有所有 Spring Session 过滤器,因此无法读取 session 变量。我们如何让 jcaptcha 与 Spring Session 一起工作?

这是我们的设置:

Web.xml

<servlet>
    <servlet-name>my-servlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>throwExceptionIfNoHandlerFound</param-name>
        <param-value>true</param-value>
    </init-param>
    <load-on-startup>2</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>my-servlet</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<servlet>
    <servlet-name>jcaptcha</servlet-name>
    <servlet-class>com.octo.captcha.module.servlet.image.SimpleImageCaptchaServlet</servlet-class>
</servlet>

<servlet-mapping>
    <servlet-name>jcaptcha</servlet-name>
    <url-pattern>/jcaptcha/jcaptcha.jpg</url-pattern>
</servlet-mapping>

CustomHttpSessionAppInitializer.java

public class CustomHttpSessionAppInitializer extends AbstractHttpSessionApplicationInitializer {}

RedisSessionConfig.java

@Configuration
@EnableRedisHttpSession
public class RedisSessionConfig {

    @Value("${spring.redis.host}")
    private String redisServerName;

    @Value("${spring.redis.port}")
    private Integer redisServerPort;

    @Value("${spring.redis.database}")
    private Integer redisServerDatabase;

    @Value("${spring.redis.password}")
    private String redisServerPassword;

    @Value("${spring.server.affinity}")
    private Boolean isServerAffinity = Boolean.FALSE;

    @Autowired
    private SessionIdentifierService sessionIdentifierService;

    @Bean
    public JedisConnectionFactory jedisConnectionFactory() {
        RedisStandaloneConfiguration config = new RedisStandaloneConfiguration(redisServerName, redisServerPort);
        config.setDatabase(redisServerDatabase);
        config.setPassword(RedisPassword.of(redisServerPassword));
        return new JedisConnectionFactory(config);
    }

    /*
     * We need to register every HttpSessionListener as a bean to translate SessionDestroyedEvent and SessionCreatedEvent into
     * HttpSessionEvent. Otherwise we will got a lot of warning messages about being Unable to publish Events for the session.
     * See Spring Session Docs at:
     * {@link} https://docs.spring.io/spring-session/docs/current/reference/html5/#httpsession-httpsessionlistener
     */
    @Bean
    public HttpSessionEventPublisher httpSessionEventPublisher() {
        return new HttpSessionEventPublisher();
    }

    @Bean
    public CookieSerializer cookieSerializer() {
        DefaultCookieSerializer serializer = new DefaultCookieSerializer();
        serializer.setCookieName("JSESSIONID");
        serializer.setUseBase64Encoding(false);
        if (isServerAffinity) {
            serializer.setJvmRoute(sessionIdentifierService.getJvmRoute());
        }
        return serializer;
    }

    @Bean
    public RedisTemplate<String, Object> redisTemplate() {
        RedisTemplate<String, Object> template = new RedisTemplate<>();
        template.setConnectionFactory(jedisConnectionFactory());
        return template;
    }
}
4

1 回答 1

0

将 jcaptcha 与 Spring Session 集成应该没有问题。只要有一种从 Redis 加载会话的方法(在这种情况下通过 SESSION cookie)并且会话存在,调用request.getSession()request.getSession(false)将返回 Redis 支持的会话。

这适用于在springSessionRepositoryFilter 之后调用的任何过滤器和 servlet 。如果您查看 的源代码SessionRepositoryFilter,您会发现 与HttpServletRequest交换SessionRepositoryRequestWrapper

因此SimpleImageCaptchaServlet,无论您使用哪个 servlet 来验证用户响应,都将获得一个 SessionRepositoryRequestWrapper,它可以让您无缝访问 Redis 支持的会话。

那么问题可能出在您的配置上;springSessionRepositoryFilter 可能未在容器中注册,特别是因为您同时使用 web.xml 和 Servlet 3.0+ WebApplicationInitializer。如果您的应用程序运行正常,那么您的 web.xml 很可能运行良好。您是否使用 aWebApplicationInitializer来加载您的 web.xml?如果没有,那么可能是您的 Java 配置没有加载。确保您的 web.xml 以某种方式加载您的配置,可能通过在 contextLoaderListener xml 配置文件中启用组件扫描 ( <context:component-scan/>) 来加载您的 Java 配置以及:

<bean class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration"/>

加载将创建过滤器的配置,然后您必须将其添加到 web.xml:

<filter>
    <filter-name>springSessionRepositoryFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSessionRepositoryFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

查看XML 配置上的 Spring Session 参考

于 2019-02-07T23:14:39.660 回答