在Spring Session 源码分析(1)中,梳理了一下Spring Session 接管Tomcat Session的过程,通过配置DelegatingFilterProxy 和指定过滤器名称,spring 接收到请求后,包装HttpServletRequest ,HttpServletResponse ,然后再传递到后续应用,因此没有特殊的需求,需要把DelegatingFilterProxy 放在第一位,这样才能保证后续应用拿到的都是Spring Session包装后的对象。
#重温SessionRepositoryFilter
在SessionRepositoryFilter 中会包装HttpServletRequest ,HttpServletResponse,这里我们再来探究一下:
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
request.setAttribute(SESSION_REPOSITORY_ATTR, this.sessionRepository);
//包装 request,response
SessionRepositoryRequestWrapper wrappedRequest = new SessionRepositoryRequestWrapper(
request, response, this.servletContext);
SessionRepositoryResponseWrapper wrappedResponse = new SessionRepositoryResponseWrapper(
wrappedRequest, response);
//采用的session 策略
HttpServletRequest strategyRequest = this.httpSessionStrategy
.wrapRequest(wrappedRequest, wrappedResponse);
HttpServletResponse strategyResponse = this.httpSessionStrategy
.wrapResponse(wrappedRequest, wrappedResponse);