diff --git a/docs/src/docs/asciidoc/index.adoc b/docs/src/docs/asciidoc/index.adoc deleted file mode 100644 index 7f78125..0000000 --- a/docs/src/docs/asciidoc/index.adoc +++ /dev/null @@ -1,1038 +0,0 @@ - -= Spring Session -Rob Winch, Vedran Pavić, Jakub Kubrynski -:doctype: book -:indexdoc-tests: {docs-test-dir}docs/IndexDocTests.java -:websocketdoc-test-dir: {docs-test-dir}docs/websocket/ -:toc: left - -[[abstract]] - -Spring Session provides an API and implementations for managing a user's session information. - -[[introduction]] -== Introduction - -Spring Session provides an API and implementations for managing a user's session information. It also provides transparent integration with: - -* <> - allows replacing the HttpSession in an application container (i.e. Tomcat) neutral way. -Additional features include: -** **Clustered Sessions** - Spring Session makes it trivial to support <> without being tied to an application container specific solution. -** **Multiple Browser Sessions** - Spring Session supports <> in a single browser instance (i.e. multiple authenticated accounts similar to Google). -** **RESTful APIs** - Spring Session allows providing session ids in headers to work with <> - -* <> - provides the ability to keep the `HttpSession` alive when receiving WebSocket messages - -== What's New in 1.3 - -Below are the highlights of what is new in Spring Session 1.3. You can find a complete list of what's new by referring to the changelogs of -https://github.com/spring-projects/spring-session/milestone/6?closed=1[1.3.0.M1], -https://github.com/spring-projects/spring-session/milestone/18?closed=1[1.3.0.M2], -https://github.com/spring-projects/spring-session/milestone/16?closed=1[1.3.0.RC1], and -https://github.com/spring-projects/spring-session/milestone/19?closed=1[1.3.0.RELEASE]. - -* First class support for http://docs.spring.io/spring-session/docs/1.3.0.RELEASE/reference/html5/#httpsession-hazelcast[Hazelcast] -* First class support for http://docs.spring.io/spring-session/docs/1.3.0.RELEASE/reference/html5/#spring-security-concurrent-sessions-how[Spring Security's concurrent session management] -* Added https://github.com/maseev/spring-session-orientdb[OrientDB Community Extension] -* https://github.com/spring-projects/spring-session/tree/1.3.0.RELEASE/samples/httpsession-redis-json[GenericJackson2JsonRedisSerializer sample] with Spring Security's new Jackson Support -* Guides now https://github.com/spring-projects/spring-session/pull/652[use Lettuce] -* `spring.session.cleanup.cron.expression` can be used to override the cleanup task’s cron expression -* Lots of performance improvements and bug fixes - -[[samples]] -== Samples and Guides (Start Here) - -If you are looking to get started with Spring Session, the best place to start is our Sample Applications. - -.Sample Applications using Spring Boot -|=== -| Source | Description | Guide - -| {gh-samples-url}boot/redis[HttpSession with Redis] -| Demonstrates how to use Spring Session to replace the `HttpSession` with Redis. -| link:guides/boot.html[HttpSession with Redis Guide] - -| {gh-samples-url}boot/mongo[HttpSession with Mongo] -| Demonstrates how to use Spring Session to replace the `HttpSession` with Mongo. -| link:guides/boot-mongo.html[HttpSession with Mongo Guide] - -| {gh-samples-url}boot/jdbc[HttpSession with JDBC] -| Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store. -| link:guides/boot-jdbc.html[HttpSession with JDBC Guide] - -| {gh-samples-url}boot/findbyusername[Find by Username] -| Demonstrates how to use Spring Session to find sessions by username. -| link:guides/boot-findbyusername.html[Find by Username Guide] - -| {gh-samples-url}boot/websocket[WebSockets] -| Demonstrates how to use Spring Session with WebSockets. -| link:guides/boot-websocket.html[WebSockets Guide] - -| {gh-samples-url}boot/redis-json[HttpSession with Redis JSON serialization] -| Demonstrates how to use Spring Session to replace the `HttpSession` with Redis using JSON serialization. -| TBD - -|=== - -.Sample Applications using Spring Java based configuration -|=== -| Source | Description | Guide - -| {gh-samples-url}javaconfig/redis[HttpSession with Redis] -| Demonstrates how to use Spring Session to replace the `HttpSession` with Redis. -| link:guides/java-redis.html[HttpSession with Redis Guide] - -| {gh-samples-url}javaconfig/jdbc[HttpSession with JDBC] -| Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store. -| link:guides/java-jdbc.html[HttpSession with JDBC Guide] - -| {gh-samples-url}javaconfig/hazelcast[HttpSession with Hazelcast] -| Demonstrates how to use Spring Session to replace the `HttpSession` with Hazelcast. -| link:guides/java-hazelcast.html[HttpSession with Hazelcast Guide] - -| {gh-samples-url}javaconfig/custom-cookie[Custom Cookie] -| Demonstrates how to use Spring Session and customize the cookie. -| link:guides/custom-cookie.html[Custom Cookie Guide] - -| {gh-samples-url}javaconfig/security[Spring Security] -| Demonstrates how to use Spring Session with an existing Spring Security application. -| link:guides/java-security.html[Spring Security Guide] - -| {gh-samples-url}javaconfig/rest[REST] -| Demonstrates how to use Spring Session in a REST application to support authenticating with a header. -| link:guides/java-rest.html[REST Guide] - -| {gh-samples-url}javaconfig/users[Multiple Users] -| Demonstrates how to use Spring Session to manage multiple simultaneous browser sessions (i.e Google Accounts). -| link:guides/java-users.html[Multiple Users Guide] - -|=== - -.Sample Applications using Spring XML based configuration -|=== -| Source | Description | Guide - -| {gh-samples-url}xml/redis[HttpSession with Redis] -| Demonstrates how to use Spring Session to replace the `HttpSession` with a Redis store. -| link:guides/xml-redis.html[HttpSession with Redis Guide] - -| {gh-samples-url}xml/jdbc[HttpSession with JDBC] -| Demonstrates how to use Spring Session to replace the `HttpSession` with a relational database store. -| link:guides/xml-jdbc.html[HttpSession with JDBC Guide] - -|=== - -.Misc sample Applications -|=== -| Source | Description | Guide - -| {gh-samples-url}misc/grails3[Grails 3] -| Demonstrates how to use Spring Session with Grails 3. -| link:guides/grails3.html[Grails 3 Guide] - -| {gh-samples-url}misc/hazelcast[Hazelcast] -| Demonstrates how to use Spring Session with Hazelcast in a Java EE application. -| TBD - -|=== - -[[httpsession]] -== HttpSession Integration - -Spring Session provides transparent integration with `HttpSession`. -This means that developers can switch the `HttpSession` implementation out with an implementation that is backed by Spring Session. - -[[httpsession-why]] -=== Why Spring Session & HttpSession? - -We have already mentioned that Spring Session provides transparent integration with `HttpSession`, but what benefits do we get out of this? - -* **Clustered Sessions** - Spring Session makes it trivial to support <> without being tied to an application container specific solution. -* **Multiple Browser Sessions** - Spring Session supports <> in a single browser instance (i.e. multiple authenticated accounts similar to Google). -* **RESTful APIs** - Spring Session allows providing session ids in headers to work with <> - -[[httpsession-redis]] -=== HttpSession with Redis - -Using Spring Session with `HttpSession` is enabled by adding a Servlet Filter before anything that uses the `HttpSession`. -You can choose from enabling this using either: - -* <> -* <> - -[[httpsession-redis-jc]] -==== Redis Java Based Configuration - -This section describes how to use Redis to back `HttpSession` using Java based configuration. - -NOTE: The <> provides a working sample on how to integrate Spring Session and `HttpSession` using Java configuration. -You can read the basic steps for integration below, but you are encouraged to follow along with the detailed HttpSession Guide when integrating with your own application. - -include::guides/java-redis.adoc[tags=config,leveloffset=+3] - -[[httpsession-redis-xml]] -==== Redis XML Based Configuration - -This section describes how to use Redis to back `HttpSession` using XML based configuration. - -NOTE: The <> provides a working sample on how to integrate Spring Session and `HttpSession` using XML configuration. -You can read the basic steps for integration below, but you are encouraged to follow along with the detailed HttpSession XML Guide when integrating with your own application. - -include::guides/xml-redis.adoc[tags=config,leveloffset=+3] - -[[httpsession-jdbc]] -=== HttpSession with JDBC - -Using Spring Session with `HttpSession` is enabled by adding a Servlet Filter before anything that uses the `HttpSession`. -You can choose from enabling this using either: - -* <> -* <> -* <> - -[[httpsession-jdbc-jc]] -==== JDBC Java Based Configuration - -This section describes how to use a relational database to back `HttpSession` using Java based configuration. - -NOTE: The <> provides a working sample on how to integrate Spring Session and `HttpSession` using Java configuration. -You can read the basic steps for integration below, but you are encouraged to follow along with the detailed HttpSession JDBC Guide when integrating with your own application. - -include::guides/java-jdbc.adoc[tags=config,leveloffset=+3] - -[[httpsession-jdbc-xml]] -==== JDBC XML Based Configuration - -This section describes how to use a relational database to back `HttpSession` using XML based configuration. - -NOTE: The <> provides a working sample on how to integrate Spring Session and `HttpSession` using XML configuration. -You can read the basic steps for integration below, but you are encouraged to follow along with the detailed HttpSession JDBC XML Guide when integrating with your own application. - -include::guides/xml-jdbc.adoc[tags=config,leveloffset=+3] - -[[httpsession-jdbc-boot]] -==== JDBC Spring Boot Based Configuration - -This section describes how to use a relational database to back `HttpSession` when using Spring Boot. - -NOTE: The <> provides a working sample on how to integrate Spring Session and `HttpSession` using Spring Boot. -You can read the basic steps for integration below, but you are encouraged to follow along with the detailed HttpSession JDBC Spring Boot Guide when integrating with your own application. - -include::guides/boot-jdbc.adoc[tags=config,leveloffset=+3] - -[[httpsession-mongo]] -=== HttpSession with Mongo - -Using Spring Session with `HttpSession` is enabled by adding a Servlet Filter before anything that uses the `HttpSession`. - -This section describes how to use Mongo to back `HttpSession` using Java based configuration. - -NOTE: The <> provides a working sample on how to integrate Spring Session and `HttpSession` using Java configuration. -You can read the basic steps for integration below, but you are encouraged to follow along with the detailed HttpSession Guide when integrating with your own application. - -include::guides/boot-mongo.adoc[tags=config,leveloffset=+3] - -==== Session serialization mechanisms - -To be able to persist session objects in MongoDB we need to provide the serialization/deserialization mechanism. -Depending on your classpath Spring Session will choose one of two build-in converters: - -* `JacksonMongoSessionConverter` when `ObjectMapper` class is available, or -* `JdkMongoSessionConverter` otherwise. - -===== JacksonMongoSessionConverter - -This mechanism uses Jackson to serialize session objects to/from JSON. -`JacksonMongoSessionConverter` will be the default when Jackson is detected on the classpath and the user has not explicitly registered a `AbstractMongoSessionConverter` Bean. - -If you would like to provide custom Jackson modules you can do it by explicitly registering `JacksonMongoSessionConverter`: - -[source,java,indent=0] ----- -include::{docs-test-dir}docs/http/MongoJacksonSessionConfiguration.java[tags=config] ----- - -==== JdkMongoSessionConverter - -`JdkMongoSessionConverter` uses standard Java serialization to persist session attributes map to MongoDB in a binary form. -However, standard session elements like id, access time, etc are still written as a plain Mongo objects and can be read and queried without additional effort. -`JdkMongoSessionConverter` is used if Jackson is not on the classpath and no explicit `AbstractMongoSessionConverter` Bean has been defined. -You can explicitly register `JdkMongoSessionConverter` by defining it as a Bean. - -[source,java,indent=0] ----- -include::{docs-test-dir}docs/http/MongoJdkSessionConfiguration.java[tags=config] ----- - -There is also a constructor taking `Serializer` and `Deserializer` objects, allowing you to pass custom implementations, which is especially important when you want to use non-default classloader. - -==== Using custom converters - -You can create your own session converter by extending `AbstractMongoSessionConverter` class. -The implementation will be used for serializing, deserializing your objects and for providing queries to access the session. - -[[httpsession-hazelcast]] -=== HttpSession with Hazelcast - -Using Spring Session with `HttpSession` is enabled by adding a Servlet Filter before anything that uses the `HttpSession`. - -This section describes how to use Hazelcast to back `HttpSession` using Java based configuration. - -NOTE: The <> provides a working sample on how to integrate Spring Session and `HttpSession` using Java configuration. -You can read the basic steps for integration below, but you are encouraged to follow along with the detailed Hazelcast Spring Guide when integrating with your own application. - -include::guides/java-hazelcast.adoc[tags=config,leveloffset=+2] - -[[httpsession-how]] -=== How HttpSession Integration Works - -Fortunately both `HttpSession` and `HttpServletRequest` (the API for obtaining an `HttpSession`) are both interfaces. -This means that we can provide our own implementations for each of these APIs. - -NOTE: This section describes how Spring Session provides transparent integration with `HttpSession`. The intent is so that user's can understand what is happening under the covers. This functionality is already integrated and you do NOT need to implement this logic yourself. - -First we create a custom `HttpServletRequest` that returns a custom implementation of `HttpSession`. -It looks something like the following: - -[source, java] ----- -public class SessionRepositoryRequestWrapper extends HttpServletRequestWrapper { - - public SessionRepositoryRequestWrapper(HttpServletRequest original) { - super(original); - } - - public HttpSession getSession() { - return getSession(true); - } - - public HttpSession getSession(boolean createNew) { - // create an HttpSession implementation from Spring Session - } - - // ... other methods delegate to the original HttpServletRequest ... -} ----- - -Any method that returns an `HttpSession` is overridden. -All other methods are implemented by `HttpServletRequestWrapper` and simply delegate to the original `HttpServletRequest` implementation. - -We replace the `HttpServletRequest` implementation using a servlet `Filter` called `SessionRepositoryFilter`. -The pseudocode can be found below: - -[source, java] ----- -public class SessionRepositoryFilter implements Filter { - - public doFilter(ServletRequest request, ServletResponse response, FilterChain chain) { - HttpServletRequest httpRequest = (HttpServletRequest) request; - SessionRepositoryRequestWrapper customRequest = - new SessionRepositoryRequestWrapper(httpRequest); - - chain.doFilter(customRequest, response, chain); - } - - // ... -} ----- - -By passing in a custom `HttpServletRequest` implementation into the `FilterChain` we ensure that anything invoked after our `Filter` uses the custom `HttpSession` implementation. -This highlights why it is important that Spring Session's `SessionRepositoryFilter` must be placed before anything that interacts with the `HttpSession`. - -[[httpsession-multi]] -=== Multiple HttpSessions in Single Browser - -Spring Session has the ability to support multiple sessions in a single browser instance. -This provides the ability to support authenticating with multiple users in the same browser instance (i.e. Google Accounts). - -NOTE: The <> provides a complete working example of managing multiple users in the same browser instance. -You can follow the basic steps for integration below, but you are encouraged to follow along with the detailed Manage Multiple Users Guide when integrating with your own application. - -include::guides/java-users.adoc[tags=how-does-it-work,leveloffset=+1] - -[[httpsession-rest]] -=== HttpSession & RESTful APIs - -Spring Session can work with RESTful APIs by allowing the session to be provided in a header. - - -NOTE: The <> provides a working sample on how to use Spring Session in a REST application to support authenticating with a header. -You can follow the basic steps for integration below, but you are encouraged to follow along with the detailed REST Guide when integrating with your own application. - -include::guides/java-rest.adoc[tags=config,leveloffset=+2] - -[[httpsession-httpsessionlistener]] -=== HttpSessionListener - -Spring Session supports `HttpSessionListener` by translating `SessionDestroyedEvent` and `SessionCreatedEvent` into `HttpSessionEvent` by declaring `SessionEventHttpSessionListenerAdapter`. -To use this support, you need to: - -* Ensure your `SessionRepository` implementation supports and is configured to fire `SessionDestroyedEvent` and `SessionCreatedEvent`. -* Configure `SessionEventHttpSessionListenerAdapter` as a Spring bean. -* Inject every `HttpSessionListener` into the `SessionEventHttpSessionListenerAdapter` - -If you are using the configuration support documented in <>, then all you need to do is register every `HttpSessionListener` as a bean. -For example, assume you want to support Spring Security's concurrency control and need to use `HttpSessionEventPublisher` you can simply add `HttpSessionEventPublisher` as a bean. -In Java configuration, this might look like: - -[source,java,indent=0] ----- -include::{docs-test-dir}docs/http/RedisHttpSessionConfig.java[tags=config] ----- - -In XML configuration, this might look like: - -[source,xml,indent=0] ----- -include::{docs-test-resources-dir}docs/http/HttpSessionListenerXmlTests-context.xml[tags=config] ----- - -[[websocket]] -== WebSocket Integration - -Spring Session provides transparent integration with Spring's WebSocket support. - -include::guides/boot-websocket.adoc[tags=disclaimer,leveloffset=+1] - -[[websocket-why]] -=== Why Spring Session & WebSockets? - -So why do we need Spring Session when using WebSockets? - -Consider an email application that does much of its work through HTTP requests. -However, there is also a chat application embedded within it that works over WebSocket APIs. -If a user is actively chatting with someone, we should not timeout the `HttpSession` since this would be pretty poor user experience. -However, this is exactly what https://java.net/jira/browse/WEBSOCKET_SPEC-175[JSR-356] does. - -Another issue is that according to JSR-356 if the `HttpSession` times out any WebSocket that was created with that HttpSession and an authenticated user should be forcibly closed. -This means that if we are actively chatting in our application and are not using the HttpSession, then we will also disconnect from our conversation! - -[[websocket-usage]] -=== WebSocket Usage - -The <> provides a working sample on how to integrate Spring Session with WebSockets. -You can follow the basic steps for integration below, but you are encouraged to follow along with the detailed WebSocket Guide when integrating with your own application: - -[[websocket-httpsession]] -==== HttpSession Integration - -Before using WebSocket integration, you should be sure that you have <> working first. - -include::guides/boot-websocket.adoc[tags=config,leveloffset=+2] - -[[spring-security]] -== Spring Security Integration - -Spring Session provides integration with Spring Security. - -[[spring-security-rememberme]] -=== Spring Security Remember-Me Support - -Spring Session provides integration with http://docs.spring.io/spring-security/site/docs/4.2.x/reference/htmlsingle/#remember-me[Spring Security's Remember-Me Authentication]. -The support will: - -* Change the session expiration length -* Ensure the session cookie expires at `Integer.MAX_VALUE`. -The cookie expiration is set to the largest possible value because the cookie is only set when the session is created. -If it were set to the same value as the session expiration, then the session would get renewed when the user used it but the cookie expiration would not be updated causing the expiration to be fixed. - -To configure Spring Session with Spring Security in Java Configuration use the following as a guide: - -[source,java,indent=0] ----- -include::{docs-test-dir}docs/security/RememberMeSecurityConfiguration.java[tags=http-rememberme] - } - -include::{docs-test-dir}docs/security/RememberMeSecurityConfiguration.java[tags=rememberme-bean] ----- - -An XML based configuration would look something like this: - -[source,xml,indent=0] ----- -include::{docs-test-resources-dir}docs/security/RememberMeSecurityConfigurationXmlTests-context.xml[tags=config] ----- - - -[[spring-security-concurrent-sessions]] -=== Spring Security Concurrent Session Control - - -Spring Session provides integration with Spring Security to support its concurrent session control. -This allows limiting the number of active sessions that a single user can have concurrently, but unlike the default -Spring Security support this will also work in a clustered environment. This is done by providing a custom -implementation of Spring Security's `SessionRegistry` interface. - -When using Spring Security's Java config DSL, you can configure the custom `SessionRegistry` through the -`SessionManagementConfigurer` like this: -[source,java,indent=0] ----- -include::{docs-test-dir}docs/security/SecurityConfiguration.java[tags=class] ----- - -This assumes that you've also configured Spring Session to provide a `FindByIndexNameSessionRepository` that -returns `ExpiringSession` instances. - -When using XML configuration, it would look something like this: -[source,xml,indent=0] ----- -include::{docs-test-resources-dir}docs/security/security-config.xml[tags=config] ----- - -This assumes that your Spring Session `SessionRegistry` bean is called `sessionRegistry`, which is the name used by all -`SpringHttpSessionConfiguration` subclasses except for the one for MongoDB: there it's called `mongoSessionRepository`. - -[[spring-security-concurrent-sessions-limitations]] -=== Limitations - -Spring Session's implementation of Spring Security's `SessionRegistry` interface does not support the `getAllPrincipals` -method, as this information cannot be retrieved using Spring Session. This method is never called by Spring Security, -so this only affects applications that access the `SessionRegistry` themselves. - -[[api]] -== API Documentation - -You can browse the complete link:../../api/[Javadoc] online. The key APIs are described below: - -[[api-session]] -=== Session - -A `Session` is a simplified `Map` of name value pairs. - -Typical usage might look like the following: - -[source,java,indent=0] ----- -include::{indexdoc-tests}[tags=repository-demo] ----- - -<1> We create a `SessionRepository` instance with a generic type, `S`, that extends `Session`. The generic type is defined in our class. -<2> We create a new `Session` using our `SessionRepository` and assign it to a variable of type `S`. -<3> We interact with the `Session`. In our example, we demonstrate saving a `User` to the `Session`. -<4> We now save the `Session`. This is why we needed the generic type `S`. The `SessionRepository` only allows saving `Session` instances that were created or retrieved using the same `SessionRepository`. This allows for the `SessionRepository` to make implementation specific optimizations (i.e. only writing attributes that have changed). -<5> We retrieve the `Session` from the `SessionRepository`. -<6> We obtain the persisted `User` from our `Session` without the need for explicitly casting our attribute. - -[[api-expiringsession]] -=== ExpiringSession - -An `ExpiringSession` extends a `Session` by providing attributes related to the `Session` instance's expiration. -If there is no need to interact with the expiration information, prefer using the more simple `Session` API. - -Typical usage might look like the following: - -[source,java,indent=0] ----- -include::{indexdoc-tests}[tags=expire-repository-demo] ----- - -<1> We create a `SessionRepository` instance with a generic type, `S`, that extends `ExpiringSession`. The generic type is defined in our class. -<2> We create a new `ExpiringSession` using our `SessionRepository` and assign it to a variable of type `S`. -<3> We interact with the `ExpiringSession`. -In our example, we demonstrate updating the amount of time the `ExpiringSession` can be inactive before it expires. -<4> We now save the `ExpiringSession`. -This is why we needed the generic type `S`. -The `SessionRepository` only allows saving `ExpiringSession` instances that were created or retrieved using the same `SessionRepository`. -This allows for the `SessionRepository` to make implementation specific optimizations (i.e. only writing attributes that have changed). -The last accessed time is automatically updated when the `ExpiringSession` is saved. -<5> We retrieve the `ExpiringSession` from the `SessionRepository`. -If the `ExpiringSession` were expired, the result would be null. - -[[api-sessionrepository]] -=== SessionRepository - -A `SessionRepository` is in charge of creating, retrieving, and persisting `Session` instances. - -If possible, developers should not interact directly with a `SessionRepository` or a `Session`. -Instead, developers should prefer interacting with `SessionRepository` and `Session` indirectly through the <> and <> integration. - -[[api-findbyindexnamesessionrepository]] -=== FindByIndexNameSessionRepository - -Spring Session's most basic API for using a `Session` is the `SessionRepository`. -This API is intentionally very simple, so that it is easy to provide additional implementations with basic functionality. - -Some `SessionRepository` implementations may choose to implement `FindByIndexNameSessionRepository` also. -For example, Spring's Redis support implements `FindByIndexNameSessionRepository`. - -The `FindByIndexNameSessionRepository` adds a single method to look up all the sessions for a particular user. -This is done by ensuring that the session attribute with the name `FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME` is populated with the username. -It is the responsibility of the developer to ensure the attribute is populated since Spring Session is not aware of the authentication mechanism being used. -An example of how this might be used can be seen below: - -[source,java,indent=0] ----- -include::{docs-test-dir}docs/FindByIndexNameSessionRepositoryTests.java[tags=set-username] ----- - -[NOTE] -==== -Some implementations of `FindByIndexNameSessionRepository` will provide hooks to automatically index other session attributes. -For example, many implementations will automatically ensure the current Spring Security user name is indexed with the index name `FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME`. -==== - -Once the session is indexed, it can be found using the following: - -[source,java,indent=0] ----- -include::{docs-test-dir}docs/FindByIndexNameSessionRepositoryTests.java[tags=findby-username] ----- - -[[api-enablespringhttpsession]] -=== EnableSpringHttpSession - -The `@EnableSpringHttpSession` annotation can be added to an `@Configuration` class to expose the `SessionRepositoryFilter` as a bean named "springSessionRepositoryFilter". -In order to leverage the annotation, a single `SessionRepository` bean must be provided. -For example: - -[source,java,indent=0] ----- -include::{docs-test-dir}docs/SpringHttpSessionConfig.java[tags=class] ----- - -It is important to note that no infrastructure for session expirations is configured for you out of the box. -This is because things like session expiration are highly implementation dependent. -This means if you require cleaning up expired sessions, you are responsible for cleaning up the expired sessions. - -[[api-redisoperationssessionrepository]] -=== RedisOperationsSessionRepository - -`RedisOperationsSessionRepository` is a `SessionRepository` that is implemented using Spring Data's `RedisOperations`. -In a web environment, this is typically used in combination with `SessionRepositoryFilter`. -The implementation supports `SessionDestroyedEvent` and `SessionCreatedEvent` through `SessionMessageListener`. - -[[api-redisoperationssessionrepository-new]] -==== Instantiating a RedisOperationsSessionRepository - -A typical example of how to create a new instance can be seen below: - -[source,java,indent=0] ----- -include::{indexdoc-tests}[tags=new-redisoperationssessionrepository] ----- - -For additional information on how to create a `RedisConnectionFactory`, refer to the Spring Data Redis Reference. - -[[api-redisoperationssessionrepository-config]] -==== EnableRedisHttpSession - -In a web environment, the simplest way to create a new `RedisOperationsSessionRepository` is to use `@EnableRedisHttpSession`. -Complete example usage can be found in the <> -You can use the following attributes to customize the configuration: - -* **maxInactiveIntervalInSeconds** - the amount of time before the session will expire in seconds -* **redisNamespace** - allows configuring an application specific namespace for the sessions. Redis keys and channel ids will start with the prefix of `spring:session::`. -* **redisFlushMode** - allows specifying when data will be written to Redis. The default is only when `save` is invoked on `SessionRepository`. -A value of `RedisFlushMode.IMMEDIATE` will write to Redis as soon as possible. - -===== Custom RedisSerializer - -You can customize the serialization by creating a Bean named `springSessionDefaultRedisSerializer` that implements `RedisSerializer`. - -==== Redis TaskExecutor - -`RedisOperationsSessionRepository` is subscribed to receive events from redis using a `RedisMessageListenerContainer`. -You can customize the way those events are dispatched, by creating a Bean named `springSessionRedisTaskExecutor` and/or a Bean `springSessionRedisSubscriptionExecutor`. -More details on configuring redis task executors can be found http://docs.spring.io/spring-data-redis/docs/current/reference/html/#redis:pubsub:subscribe:containers[here]. - -[[api-redisoperationssessionrepository-storage]] -==== Storage Details - -The sections below outline how Redis is updated for each operation. -An example of creating a new session can be found below. -The subsequent sections describe the details. - ----- -HMSET spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe creationTime 1404360000000 \ - maxInactiveInterval 1800 \ - lastAccessedTime 1404360000000 \ - sessionAttr:attrName someAttrValue \ - sessionAttr2:attrName someAttrValue2 -EXPIRE spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe 2100 -APPEND spring:session:sessions:expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe "" -EXPIRE spring:session:sessions:expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe 1800 -SADD spring:session:expirations:1439245080000 expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe -EXPIRE spring:session:expirations1439245080000 2100 ----- - -===== Saving a Session - -Each session is stored in Redis as a Hash. -Each session is set and updated using the HMSET command. -An example of how each session is stored can be seen below. - - ----- -HMSET spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe creationTime 1404360000000 \ - maxInactiveInterval 1800 \ - lastAccessedTime 1404360000000 \ - sessionAttr:attrName someAttrValue \ - sessionAttr2:attrName someAttrValue2 ----- - -In this example, the session following statements are true about the session: - -* The session id is 33fdd1b6-b496-4b33-9f7d-df96679d32fe -* The session was created at 1404360000000 in milliseconds since midnight of 1/1/1970 GMT. -* The session expires in 1800 seconds (30 minutes). -* The session was last accessed at 1404360000000 in milliseconds since midnight of 1/1/1970 GMT. -* The session has two attributes. -The first is "attrName" with the value of "someAttrValue". -The second session attribute is named "attrName2" with the value of "someAttrValue2". - -[[api-redisoperationssessionrepository-writes]] -===== Optimized Writes - -The `Session` instances managed by `RedisOperationsSessionRepository` keeps track of the properties that have changed and only updates those. -This means if an attribute is written once and read many times we only need to write that attribute once. -For example, assume the session attribute "sessionAttr2" from earlier was updated. -The following would be executed upon saving: - ----- -HMSET spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe sessionAttr:attrName2 newValue ----- - -[[api-redisoperationssessionrepository-expiration]] -===== Session Expiration - -An expiration is associated to each session using the EXPIRE command based upon the `ExpiringSession.getMaxInactiveInterval()`. -For example: - ----- -EXPIRE spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe 2100 ----- - -You will note that the expiration that is set is 5 minutes after the session actually expires. -This is necessary so that the value of the session can be accessed when the session expires. -An expiration is set on the session itself five minutes after it actually expires to ensure it is cleaned up, but only after we perform any necessary processing. - -[NOTE] -==== -The `SessionRepository.getSession(String)` method ensures that no expired sessions will be returned. -This means there is no need to check the expiration before using a session. -==== - -Spring Session relies on the delete and expired http://redis.io/topics/notifications[keyspace notifications] from Redis to fire a <> and <> respectively. -It is the `SessionDeletedEvent` or `SessionExpiredEvent` that ensures resources associated with the Session are cleaned up. -For example, when using Spring Session's WebSocket support the Redis expired or delete event is what triggers any WebSocket connections associated with the session to be closed. - -Expiration is not tracked directly on the session key itself since this would mean the session data would no longer be available. Instead a special session expires key is used. In our example the expires key is: - ----- -APPEND spring:session:sessions:expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe "" -EXPIRE spring:session:sessions:expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe 1800 ----- - -When a session expires key is deleted or expires, the keyspace notification triggers a lookup of the actual session and a SessionDestroyedEvent is fired. - -One problem with relying on Redis expiration exclusively is that Redis makes no guarantee of when the expired event will be fired if they key has not been accessed. -Specifically the background task that Redis uses to clean up expired keys is a low priority task and may not trigger the key expiration. -For additional details see http://redis.io/topics/notifications[Timing of expired events] section in the Redis documentation. - -To circumvent the fact that expired events are not guaranteed to happen we can ensure that each key is accessed when it is expected to expire. -This means that if the TTL is expired on the key, Redis will remove the key and fire the expired event when we try to access they key. - -For this reason, each session expiration is also tracked to the nearest minute. -This allows a background task to access the potentially expired sessions to ensure that Redis expired events are fired in a more deterministic fashion. -For example: - ----- -SADD spring:session:expirations:1439245080000 expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe -EXPIRE spring:session:expirations1439245080000 2100 ----- - -The background task will then use these mappings to explicitly request each key. -By accessing they key, rather than deleting it, we ensure that Redis deletes the key for us only if the TTL is expired. - -[NOTE] -==== -We do not explicitly delete the keys since in some instances there may be a race condition that incorrectly identifies a key as expired when it is not. -Short of using distributed locks (which would kill our performance) there is no way to ensure the consistency of the expiration mapping. -By simply accessing the key, we ensure that the key is only removed if the TTL on that key is expired. -==== - - -[[api-redisoperationssessionrepository-sessiondestroyedevent]] -==== SessionDeletedEvent and SessionExpiredEvent - -`SessionDeletedEvent` and `SessionExpiredEvent` are both types of `SessionDestroyedEvent`. - -`RedisOperationsSessionRepository` supports firing a `SessionDeletedEvent` whenever a `Session` is deleted or a `SessionExpiredEvent` when it expires. -This is necessary to ensure resources associated with the `Session` are properly cleaned up. - -For example, when integrating with WebSockets the `SessionDestroyedEvent` is in charge of closing any active WebSocket connections. - -Firing `SessionDeletedEvent` or `SessionExpiredEvent` is made available through the `SessionMessageListener` which listens to http://redis.io/topics/notifications[Redis Keyspace events]. -In order for this to work, Redis Keyspace events for Generic commands and Expired events needs to be enabled. -For example: - -[source,bash] ----- -redis-cli config set notify-keyspace-events Egx ----- - -If you are using `@EnableRedisHttpSession` the `SessionMessageListener` and enabling the necessary Redis Keyspace events is done automatically. -However, in a secured Redis enviornment the config command is disabled. -This means that Spring Session cannot configure Redis Keyspace events for you. -To disable the automatic configuration add `ConfigureRedisAction.NO_OP` as a bean. - -For example, Java Configuration can use the following: - -[source,java,indent=0] ----- -include::{docs-test-dir}docs/RedisHttpSessionConfigurationNoOpConfigureRedisActionTests.java[tags=configure-redis-action] ----- - -XML Configuration can use the following: - -[source,xml,indent=0] ----- -include::{docs-test-resources-dir}docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests-context.xml[tags=configure-redis-action] ----- - -[[api-redisoperationssessionrepository-sessioncreatedevent]] -==== SessionCreatedEvent - -When a session is created an event is sent to Redis with the channel of `spring:session:channel:created:33fdd1b6-b496-4b33-9f7d-df96679d32fe` -such that `33fdd1b6-b496-4b33-9f7d-df96679d32fe` is the session id. The body of the event will be the session that was created. - -If registered as a MessageListener (default), then `RedisOperationsSessionRepository` will then translate the Redis message into a `SessionCreatedEvent`. - -[[api-redisoperationssessionrepository-cli]] -==== Viewing the Session in Redis - -After http://redis.io/topics/quickstart[installing redis-cli], you can inspect the values in Redis http://redis.io/commands#hash[using the redis-cli]. -For example, enter the following into a terminal: - -[source,bash] ----- -$ redis-cli -redis 127.0.0.1:6379> keys * -1) "spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021" <1> -2) "spring:session:expirations:1418772300000" <2> ----- - -<1> The suffix of this key is the session identifier of the Spring Session. -<2> This key contains all the session ids that should be deleted at the time `1418772300000`. - -You can also view the attributes of each session. - -[source,bash] ----- -redis 127.0.0.1:6379> hkeys spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021 -1) "lastAccessedTime" -2) "creationTime" -3) "maxInactiveInterval" -4) "sessionAttr:username" -redis 127.0.0.1:6379> hget spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021 sessionAttr:username -"\xac\xed\x00\x05t\x00\x03rob" ----- - -[[api-mapsessionrepository]] -=== MapSessionRepository - -The `MapSessionRepository` allows for persisting `ExpiringSession` in a `Map` with the key being the `ExpiringSession` id and the value being the `ExpiringSession`. -The implementation can be used with a `ConcurrentHashMap` as a testing or convenience mechanism. -Alternatively, it can be used with distributed `Map` implementations. For example, it can be used with Hazelcast. - -[[api-mapsessionrepository-new]] -==== Instantiating MapSessionRepository - -Creating a new instance is as simple as: - -[source,java,indent=0] ----- -include::{indexdoc-tests}[tags=new-mapsessionrepository] ----- - -[[api-mapsessionrepository-hazelcast]] -==== Using Spring Session and Hazlecast - -The <> is a complete application demonstrating using Spring Session with Hazelcast. - -To run it use the following: - - ./gradlew :samples:hazelcast:tomcatRun - -The <> is a complete application demonstrating using Spring Session with Hazelcast and Spring Security. - -It includes example Hazelcast `MapListener` implementations that support firing `SessionCreatedEvent`, `SessionDeletedEvent` and `SessionExpiredEvent`. - -To run it use the following: - - ./gradlew :samples:hazelcast-spring:tomcatRun - -[[api-jdbcoperationssessionrepository]] -=== JdbcOperationsSessionRepository - -`JdbcOperationsSessionRepository` is a `SessionRepository` implementation that uses Spring's `JdbcOperations` to store sessions in a relational database. -In a web environment, this is typically used in combination with `SessionRepositoryFilter`. -Please note that this implementation does not support publishing of session events. - -[[api-jdbcoperationssessionrepository-new]] -==== Instantiating a JdbcOperationsSessionRepository - -A typical example of how to create a new instance can be seen below: - -[source,java,indent=0] ----- -include::{indexdoc-tests}[tags=new-jdbcoperationssessionrepository] ----- - -For additional information on how to create and configure `JdbcTemplate` and `PlatformTransactionManager`, refer to the http://docs.spring.io/spring/docs/current/spring-framework-reference/html/spring-data-tier.html[Spring Framework Reference Documentation]. - -[[api-jdbcoperationssessionrepository-config]] -==== EnableJdbcHttpSession - -In a web environment, the simplest way to create a new `JdbcOperationsSessionRepository` is to use `@EnableJdbcHttpSession`. -Complete example usage can be found in the <> -You can use the following attributes to customize the configuration: - -* **tableName** - the name of database table used by Spring Session to store sessions -* **maxInactiveIntervalInSeconds** - the amount of time before the session will expire in seconds - -===== Custom LobHandler - -You can customize the BLOB handling by creating a Bean named `springSessionLobHandler` that implements `LobHandler`. - -===== Custom ConversionService - -You can customize the default serialization and deserialization of the session by providing a `ConversionService` instance. -When working in a typical Spring environment, the default `ConversionService` Bean (named `conversionService`) will be automatically picked up and used for serialization and deserialization. -However, you can override the default `ConversionService` by providing a Bean named `springSessionConversionService`. - -[[api-jdbcoperationssessionrepository-storage]] -==== Storage Details - -By default, this implementation uses `SPRING_SESSION` and `SPRING_SESSION_ATTRIBUTES` tables to store sessions. -Note that the table name can be easily customized as already described. In that case the table used to store attributes will be named using the provided table name, suffixed with `_ATTRIBUTES`. -If further customizations are needed, SQL queries used by the repository can be customized using `set*Query` setter methods. In this case you need to manually configure the `sessionRepository` bean. - -Due to the differences between the various database vendors, especially when it comes to storing binary data, make sure to use SQL script specific to your database. -Scripts for most major database vendors are packaged as `org/springframework/session/jdbc/schema-\*.sql`, where `*` is the target database type. - -For example, with PostgreSQL database you would use the following schema script: - -[source,sql,indent=0] ----- -include::{session-main-resources-dir}org/springframework/session/jdbc/schema-postgresql.sql[] ----- - -And with MySQL database: - -[source,sql,indent=0] ----- -include::{session-main-resources-dir}org/springframework/session/jdbc/schema-mysql.sql[] ----- - -==== Transaction management - -All JDBC operations in `JdbcOperationsSessionRepository` are executed in a transactional manner. -Transactions are executed with propagation set to `REQUIRES_NEW` in order to avoid unexpected behavior due to interference with existing transactions (for example, executing `save` operation in a thread that already participates in a read-only transaction). - -[[api-hazelcastsessionrepository]] -=== HazelcastSessionRepository - -`HazelcastSessionRepository` is a `SessionRepository` implementation that stores sessions in Hazelcast's distributed `IMap`. -In a web environment, this is typically used in combination with `SessionRepositoryFilter`. - -[[api-hazelcastsessionrepository-new]] -==== Instantiating a HazelcastSessionRepository - -A typical example of how to create a new instance can be seen below: - -[source,java,indent=0] ----- -include::{indexdoc-tests}[tags=new-hazelcastsessionrepository] ----- - -For additional information on how to create and configure Hazelcast instance, refer to the http://docs.hazelcast.org/docs/latest/manual/html-single/index.html#hazelcast-configuration[Hazelcast documentation]. - -[[api-enablehazelcasthttpsession]] -==== EnableHazelcastHttpSession - -If you wish to use http://hazelcast.org/[Hazelcast] as your backing source for the `SessionRepository`, then the `@EnableHazelcastHttpSession` annotation -can be added to an `@Configuration` class. This extends the functionality provided by the `@EnableSpringHttpSession` annotation but makes the `SessionRepository` for you in Hazelcast. -You must provide a single `HazelcastInstance` bean for the configuration to work. -Complete configuration example can be found in the <> - -[[api-enablehazelcasthttpsession-customize]] -==== Basic Customization -You can use the following attributes on `@EnableHazelcastHttpSession` to customize the configuration: - -* **maxInactiveIntervalInSeconds** - the amount of time before the session will expire in seconds. Default is 1800 seconds (30 minutes) -* **sessionMapName** - the name of the distributed `Map` that will be used in Hazelcast to store the session data. - -[[api-enablehazelcasthttpsession-events]] -==== Session Events -Using a `MapListener` to respond to entries being added, evicted, and removed from the distributed `Map`, these events will trigger -publishing `SessionCreatedEvent`, `SessionExpiredEvent`, and `SessionDeletedEvent` events respectively using the `ApplicationEventPublisher`. - -[[api-enablehazelcasthttpsession-storage]] -==== Storage Details - -Sessions will be stored in a distributed `IMap` in Hazelcast. -The `IMap` interface methods will be used to `get()` and `put()` Sessions. -Additionally, `values()` method is used to support `FindByIndexNameSessionRepository#findByIndexNameAndIndexValue` operation, together with appropriate `ValueExtractor` that needs to be registered with Hazelcast. Refer to <> for more details on this configuration. -The expiration of a session in the `IMap` is handled by Hazelcast's support for setting the time to live on an entry when it is `put()` into the `IMap`. Entries (sessions) that have been idle longer than the time to live will be automatically removed from the `IMap`. - -You shouldn't need to configure any settings such as `max-idle-seconds` or `time-to-live-seconds` for the `IMap` within the Hazelcast configuration. - -Note that if you use Hazelcast's `MapStore` to persist your sessions `IMap` there are some limitations when reloading the sessions from `MapStore`: - -* reload triggers `EntryAddedListener` which results in `SessionCreatedEvent` being re-published -* reload uses default TTL for a given `IMap` which results in sessions losing their original TTL - -[[community]] -== Spring Session Community - -We are glad to consider you a part of our community. -Please find additional information below. - -[[community-support]] -=== Support - -You can get help by asking questions on http://stackoverflow.com/questions/tagged/spring-session[StackOverflow with the tag spring-session]. -Similarly we encourage helping others by answering questions on StackOverflow. - -[[community-source]] -=== Source Code - -Our source code can be found on github at https://github.com/spring-projects/spring-session/ - -[[community-issues]] -=== Issue Tracking - -We track issues in github issues at https://github.com/spring-projects/spring-session/issues - -[[community-contributing]] -=== Contributing - -We appreciate https://help.github.com/articles/using-pull-requests/[Pull Requests]. - -[[community-license]] -=== License - -Spring Session is Open Source software released under the http://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license]. - -[[community-extensions]] -=== Community Extensions -https://github.com/maseev/spring-session-orientdb[Spring Session OrientDB] -http://infinispan.org/docs/dev/user_guide/user_guide.html#externalizing_session_using_spring_session[Spring Session Infinispan] - -[[minimum-requirements]] -== Minimum Requirements - -The minimum requirements for Spring Session are: - -* Java 5+ -* If you are running in a Servlet Container (not required), Servlet 2.5+ -* If you are using other Spring libraries (not required), the minimum required version is Spring 3.2.14. -While we re-run all unit tests against Spring 3.2.x, we recommend using the latest Spring 4.x version when possible. -* `@EnableRedisHttpSession` requires Redis 2.8+. This is necessary to support <> - -[NOTE] -==== -At its core Spring Session only has a required dependency on commons-logging. -For an example of using Spring Session without any other Spring dependencies, refer to the <> application. -==== diff --git a/docs/src/main/java/docs/Docs.java b/docs/src/main/java/docs/Docs.java deleted file mode 100644 index cadc954..0000000 --- a/docs/src/main/java/docs/Docs.java +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package docs; - -public class Docs { -} diff --git a/docs/src/test/resources/docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests-context.xml b/docs/src/test/resources/docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests-context.xml deleted file mode 100644 index 8b4410b..0000000 --- a/docs/src/test/resources/docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests-context.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - - - - - - - diff --git a/docs/src/test/resources/docs/http/HttpSessionListenerXmlTests-context.xml b/docs/src/test/resources/docs/http/HttpSessionListenerXmlTests-context.xml deleted file mode 100644 index 404d424..0000000 --- a/docs/src/test/resources/docs/http/HttpSessionListenerXmlTests-context.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - - - - - - - - diff --git a/docs/src/test/resources/docs/security/RememberMeSecurityConfigurationXmlTests-context.xml b/docs/src/test/resources/docs/security/RememberMeSecurityConfigurationXmlTests-context.xml deleted file mode 100644 index 580f280..0000000 --- a/docs/src/test/resources/docs/security/RememberMeSecurityConfigurationXmlTests-context.xml +++ /dev/null @@ -1,28 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/src/test/resources/docs/security/security-config.xml b/docs/src/test/resources/docs/security/security-config.xml deleted file mode 100644 index 4db1171..0000000 --- a/docs/src/test/resources/docs/security/security-config.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - - - - - - - - - - - diff --git a/pom.xml b/pom.xml index 731fd5a..e6a6c3c 100644 --- a/pom.xml +++ b/pom.xml @@ -299,14 +299,15 @@ ${basedir}/src/main/asciidoc - index.adoc ${project.build.directory}/content/reference/htmlsingle html book true - css/manual-singlepage.css v${project.version} + ${basedir}/src/main/asciidoc + ${basedir}/src/main/asciidoc/java + ${spring-session.version} diff --git a/settings.xml b/settings.xml new file mode 100644 index 0000000..cf86357 --- /dev/null +++ b/settings.xml @@ -0,0 +1,19 @@ + + + + + sonatype-nexus-snapshots + ${env.USERNAME} + ${env.PASSWORD} + + + sonatype-nexus-staging + ${env.USERNAME} + ${env.PASSWORD} + + + + \ No newline at end of file diff --git a/docs/src/docs/asciidoc/guides/boot-mongo.adoc b/src/main/asciidoc/guides/boot-mongo.adoc similarity index 100% rename from docs/src/docs/asciidoc/guides/boot-mongo.adoc rename to src/main/asciidoc/guides/boot-mongo.adoc diff --git a/src/main/asciidoc/index.adoc b/src/main/asciidoc/index.adoc new file mode 100644 index 0000000..f1dba5b --- /dev/null +++ b/src/main/asciidoc/index.adoc @@ -0,0 +1,120 @@ + += Spring Session MongoDB +Rob Winch, Vedran Pavić, Jakub Kubrynski, Greg Turnquist +:doctype: book +:toc: left + +[[abstract]] + +Spring Session MongoDB provides an API and implementations for managing a user's session information on MongoDB. + +[[introduction]] +== Introduction + +For an introduction to Spring Session as a whole, visit http://docs.spring.io/spring-session/docs/{spring-session-version}/reference/html5/[Spring Session] itself. + +[[samples]] +== Samples and Guides (Start Here) + +If you are looking to get started with Spring Session, the best place to start is our Sample Applications. + +.Sample Applications using Spring Boot +|=== +| Description | Guide + +| Demonstrates how to use Spring Session to replace the `HttpSession` with Mongo. +| link:boot-mongo.html[HttpSession with Mongo Guide] + +|=== + +[[httpsession-mongo]] +=== HttpSession with Mongo + +Using Spring Session with `HttpSession` is enabled by adding a Servlet Filter before anything that uses the `HttpSession`. + +This section describes how to use Mongo to back `HttpSession` using Java based configuration. + +NOTE: The <> provides a working sample on how to integrate Spring Session and `HttpSession` using Java configuration. +You can read the basic steps for integration below, but you are encouraged to follow along with the detailed HttpSession Guide when integrating with your own application. + +include::guides/boot-mongo.adoc[tags=config,leveloffset=+3] + +==== Session serialization mechanisms + +To be able to persist session objects in MongoDB we need to provide the serialization/deserialization mechanism. +Depending on your classpath Spring Session will choose one of two build-in converters: + +* `JacksonMongoSessionConverter` when `ObjectMapper` class is available, or +* `JdkMongoSessionConverter` otherwise. + +===== JacksonMongoSessionConverter + +This mechanism uses Jackson to serialize session objects to/from JSON. +`JacksonMongoSessionConverter` will be the default when Jackson is detected on the classpath and the user has not explicitly registered a `AbstractMongoSessionConverter` Bean. + +If you would like to provide custom Jackson modules you can do it by explicitly registering `JacksonMongoSessionConverter`: + +[source,java,indent=0] +---- +include::{docs-test-dir}/docs/http/MongoJacksonSessionConfiguration.java[tags=config] +---- + +==== JdkMongoSessionConverter + +`JdkMongoSessionConverter` uses standard Java serialization to persist session attributes map to MongoDB in a binary form. +However, standard session elements like id, access time, etc are still written as a plain Mongo objects and can be read and queried without additional effort. +`JdkMongoSessionConverter` is used if Jackson is not on the classpath and no explicit `AbstractMongoSessionConverter` Bean has been defined. +You can explicitly register `JdkMongoSessionConverter` by defining it as a Bean. + +[source,java,indent=0] +---- +include::{docs-test-dir}/docs/http/MongoJdkSessionConfiguration.java[tags=config] +---- + +There is also a constructor taking `Serializer` and `Deserializer` objects, allowing you to pass custom implementations, which is especially important when you want to use non-default classloader. + +[[api]] +== API Documentation + +You can browse the complete link:../../api/[Javadoc] online. The key APIs are described below: + +[[community]] +== Spring Session Community + +We are glad to consider you a part of our community. +Please find additional information below. + +[[community-support]] +=== Support + +You can get help by asking questions on http://stackoverflow.com/questions/tagged/spring-session[StackOverflow with the tag spring-session]. +Similarly we encourage helping others by answering questions on StackOverflow. + +[[community-source]] +=== Source Code + +Our source code can be found on github at https://github.com/spring-projects/spring-session-data-mongodb/ + +[[community-issues]] +=== Issue Tracking + +We track issues in github issues at https://github.com/spring-projects/spring-session-data-mongodb/issues + +[[community-contributing]] +=== Contributing + +We appreciate https://help.github.com/articles/using-pull-requests/[Pull Requests]. + +[[community-license]] +=== License + +Spring Session is Open Source software released under the http://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license]. + +[[minimum-requirements]] +== Minimum Requirements + +The minimum requirements for Spring Session MongoDB are: + +* Java 8 +* If you are running in a Servlet Container (not required), Servlet 2.5+ +* If you are using other Spring libraries (not required), the minimum required version is Spring 5.0 diff --git a/docs/src/test/java/docs/FindByIndexNameSessionRepositoryTests.java b/src/main/asciidoc/java/docs/FindByIndexNameSessionRepositoryTests.java similarity index 100% rename from docs/src/test/java/docs/FindByIndexNameSessionRepositoryTests.java rename to src/main/asciidoc/java/docs/FindByIndexNameSessionRepositoryTests.java diff --git a/docs/src/test/java/docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests.java b/src/main/asciidoc/java/docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests.java similarity index 100% rename from docs/src/test/java/docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests.java rename to src/main/asciidoc/java/docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests.java diff --git a/docs/src/test/java/docs/IndexDocTests.java b/src/main/asciidoc/java/docs/IndexDocTests.java similarity index 100% rename from docs/src/test/java/docs/IndexDocTests.java rename to src/main/asciidoc/java/docs/IndexDocTests.java diff --git a/docs/src/test/java/docs/RedisHttpSessionConfigurationNoOpConfigureRedisActionTests.java b/src/main/asciidoc/java/docs/RedisHttpSessionConfigurationNoOpConfigureRedisActionTests.java similarity index 100% rename from docs/src/test/java/docs/RedisHttpSessionConfigurationNoOpConfigureRedisActionTests.java rename to src/main/asciidoc/java/docs/RedisHttpSessionConfigurationNoOpConfigureRedisActionTests.java diff --git a/docs/src/test/java/docs/SpringHttpSessionConfig.java b/src/main/asciidoc/java/docs/SpringHttpSessionConfig.java similarity index 100% rename from docs/src/test/java/docs/SpringHttpSessionConfig.java rename to src/main/asciidoc/java/docs/SpringHttpSessionConfig.java diff --git a/docs/src/test/java/docs/http/AbstractHttpSessionListenerTests.java b/src/main/asciidoc/java/docs/http/AbstractHttpSessionListenerTests.java similarity index 100% rename from docs/src/test/java/docs/http/AbstractHttpSessionListenerTests.java rename to src/main/asciidoc/java/docs/http/AbstractHttpSessionListenerTests.java diff --git a/docs/src/test/java/docs/http/HazelcastHttpSessionConfig.java b/src/main/asciidoc/java/docs/http/HazelcastHttpSessionConfig.java similarity index 100% rename from docs/src/test/java/docs/http/HazelcastHttpSessionConfig.java rename to src/main/asciidoc/java/docs/http/HazelcastHttpSessionConfig.java diff --git a/docs/src/test/java/docs/http/HttpSessionListenerJavaConfigTests.java b/src/main/asciidoc/java/docs/http/HttpSessionListenerJavaConfigTests.java similarity index 100% rename from docs/src/test/java/docs/http/HttpSessionListenerJavaConfigTests.java rename to src/main/asciidoc/java/docs/http/HttpSessionListenerJavaConfigTests.java diff --git a/docs/src/test/java/docs/http/HttpSessionListenerXmlTests.java b/src/main/asciidoc/java/docs/http/HttpSessionListenerXmlTests.java similarity index 100% rename from docs/src/test/java/docs/http/HttpSessionListenerXmlTests.java rename to src/main/asciidoc/java/docs/http/HttpSessionListenerXmlTests.java diff --git a/docs/src/test/java/docs/http/MongoJacksonSessionConfiguration.java b/src/main/asciidoc/java/docs/http/MongoJacksonSessionConfiguration.java similarity index 100% rename from docs/src/test/java/docs/http/MongoJacksonSessionConfiguration.java rename to src/main/asciidoc/java/docs/http/MongoJacksonSessionConfiguration.java diff --git a/docs/src/test/java/docs/http/MongoJdkSessionConfiguration.java b/src/main/asciidoc/java/docs/http/MongoJdkSessionConfiguration.java similarity index 100% rename from docs/src/test/java/docs/http/MongoJdkSessionConfiguration.java rename to src/main/asciidoc/java/docs/http/MongoJdkSessionConfiguration.java diff --git a/docs/src/test/java/docs/http/MyJacksonModule.java b/src/main/asciidoc/java/docs/http/MyJacksonModule.java similarity index 100% rename from docs/src/test/java/docs/http/MyJacksonModule.java rename to src/main/asciidoc/java/docs/http/MyJacksonModule.java diff --git a/docs/src/test/java/docs/http/RedisHttpSessionConfig.java b/src/main/asciidoc/java/docs/http/RedisHttpSessionConfig.java similarity index 100% rename from docs/src/test/java/docs/http/RedisHttpSessionConfig.java rename to src/main/asciidoc/java/docs/http/RedisHttpSessionConfig.java diff --git a/docs/src/test/java/docs/security/RememberMeSecurityConfiguration.java b/src/main/asciidoc/java/docs/security/RememberMeSecurityConfiguration.java similarity index 100% rename from docs/src/test/java/docs/security/RememberMeSecurityConfiguration.java rename to src/main/asciidoc/java/docs/security/RememberMeSecurityConfiguration.java diff --git a/docs/src/test/java/docs/security/RememberMeSecurityConfigurationTests.java b/src/main/asciidoc/java/docs/security/RememberMeSecurityConfigurationTests.java similarity index 100% rename from docs/src/test/java/docs/security/RememberMeSecurityConfigurationTests.java rename to src/main/asciidoc/java/docs/security/RememberMeSecurityConfigurationTests.java diff --git a/docs/src/test/java/docs/security/RememberMeSecurityConfigurationXmlTests.java b/src/main/asciidoc/java/docs/security/RememberMeSecurityConfigurationXmlTests.java similarity index 100% rename from docs/src/test/java/docs/security/RememberMeSecurityConfigurationXmlTests.java rename to src/main/asciidoc/java/docs/security/RememberMeSecurityConfigurationXmlTests.java diff --git a/docs/src/test/java/docs/security/SecurityConfiguration.java b/src/main/asciidoc/java/docs/security/SecurityConfiguration.java similarity index 100% rename from docs/src/test/java/docs/security/SecurityConfiguration.java rename to src/main/asciidoc/java/docs/security/SecurityConfiguration.java diff --git a/docs/src/test/java/docs/websocket/WebSocketConfig.java b/src/main/asciidoc/java/docs/websocket/WebSocketConfig.java similarity index 100% rename from docs/src/test/java/docs/websocket/WebSocketConfig.java rename to src/main/asciidoc/java/docs/websocket/WebSocketConfig.java