在Spring框架内,使用spring session进行session管理非常方便,可以按业务需要把session保存在jdbc、redis、Hazelcast、MongoDB等存储介质里,spring session屏蔽了底层存储的逻辑,开发人员不需要写太多额外的代码,就可以方便使用spring session进行session管理。我们选择的存储介质是redis,下面以redis为例,在spring boot中集成spring session。
1、首先在POM文件添加依赖:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
2、配置redis环境,在application.properties中加入相关配置:
spring.redis.cluster.max-redirects=8
spring.redis.cluster.nodes=172.23.25.142:6379,172.23.25.142:6380
spring.redis.password=
spring.redis.ssl=false
spring.redis.pool.max-active=8
spring.redis.pool.max-idle=8
spring.redis.pool.max-wait=-1
spring.redis.pool.min-idle=0
spring.redis.timeout=30000
3、在代码中注入RedisTemplate:
@Configuration
public class RedisClustersConfiguration {
@Autowired
RedisConnectionFactory redisConnectionFactory;
@Bean
public RedisTemplate<String, Object> functionDomainRedisTemplate() {
RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>();
redisTemplate.setKeySerializer(new StringRedisSerializer());
redisTemplate.setHashKeySerializer(new StringRedisSerializer());
redisTemplate.setHashValueSerializer(new JdkSerializationRedisSerializer());
redisTemplate.setValueSerializer(new JdkSerializationRedisSerializer());
redisTemplate.setConnectionFactory(redisConnectionFactory);
return redisTemplate;
}
}
4、在代码中设置HTTP中session的保存策略以及定义session的操作方法:
@Configuration
public class SessionConfiguration {
@Autowired
RedisConnectionFactory redisConnectionFactory;
@Bean
public HttpSessionStrategy httpSessionStrategy() {
return new CookieHttpSessionStrategy();
}
@Bean
public RedisOperationsSessionRepository sessionRepository() {
return new RedisOperationsSessionRepository(redisConnectionFactory);
}
}
※HTTP的session策略,常用的有两种,一种是HeaderHttpSessionStrategy,一种是CookieHttpSessionStrategy。在使用图片验证码时,由于前端使用img标签加载图片无法获取到HTTP响应头,因此需要使用CookieHttpSessionStrategy,在响应时将session设置到cookie中。HeaderHttpSessionStrategy会将session放到响应头的x-auth-token属性里,请求的时候也需要放到请求头的x-auth-token属性里。