We have a lot of pages which are already running in PHP (core) and require very frequent (and sudden) changes. Therefore we would not like to migrate our code base entirely to Java. I was trying to create an architecture where we could have some part of the business logic processing (which requires a stronger foundation) in Spring Boot and the rest (especially the reporting part) to remain in PHP.
Now for this, I want to be able to share the Session between the already existing PHP applications and the application I am currently writing in Spring Boot. I have configured this application to run with Spring Session using Redis. I cannot and do not want to use a table based implementation for session management owing to a limited amount of resources in our database server.
My configuration for using Redis with Spring Spring Boot is as follows:
spring.session.store-type=redis
spring.redis.host=localhost
spring.redis.password=#somepasswordhere
spring.redis.port=6379
server.servlet.session.timeout=20m
spring.session.redis.flush-mode=on_save
spring.session.redis.namespace=SPRING_SESSION
spring.redis.jedis.pool.max-active=8
spring.redis.jedis.pool.max-idle=8
spring.redis.jedis.pool.max-wait=-1
spring.redis.jedis.pool.min-idle=16
spring.redis.timeout=1s
I have also been able to configure PHP to use the Redis server as it's data store for session management.
I would like to know if there is any way where I can have a common session for the two, i.e. where one application in PHP can access values (and its other properties such as expiry/validity) set to the session by the other application in Spring Boot and vice versa?
Also, I know that it would be off topic, but any suggestions for a more efficient Redis configuration would also be appreciated here for the Spring Session part.
Related
Stateless is the way to go for services running in pods however i have been trying to move a stateful app which needs to perform session persistence if one pod goes does for resiliency reasons.
In websphere world IHS can be used to keep track of the session and if a node goes down it can be recreated on the live clone.
Is there an industry standard way to handle this issue without having to refactor the applications code by persisting the session using some sidecar pod ?
Cookie-based sessions are just that, based on cookies. Which are stored by the user's browser, not your app. If you mean a DB-based session with a cookie session ID or similar, then you would need to store things in some kind of central database. I would recommend using an actual database like postgres, but I suppose there is nothing stopping you from using a shared volume :)
Yes. Store the session somewhere. Spring boot supports out of the box MongoDB, Redis, Hazelcast or any JDBC database.
Spring Boot provides Spring Session auto-configuration for a wide
range of data stores. When building a Servlet web application, the
following stores can be auto-configured:
JDBC Redis Hazelcast MongoDB When building a reactive web application,
the following stores can be auto-configured:
Redis MongoDB If a single Spring Session module is present on the
classpath, Spring Boot uses that store implementation automatically.
If you have more than one implementation, you must choose the
StoreType that you wish to use to store the sessions. For instance, to
use JDBC as the back-end store, you can configure your application as
follows:
spring.session.store-type=jdbc
[Tip] You can disable Spring Session by
setting the store-type to none. Each store has specific additional
settings. For instance, it is possible to customize the name of the
table for the JDBC store, as shown in the following example:
spring.session.jdbc.table-name=SESSIONS
For setting the timeout of the
session you can use the spring.session.timeout property. If that
property is not set, the auto-configuration falls back to the value of
server.servlet.session.timeout.
I have set up two web applications. they both using spring boot and spring security. these two applications connected to the same redis server.
The first application is used for login with google OAuth. The second application is used for business operation.
These two applications have the same domains but different sub domain.
My purpose is login through the application 1 and store the session in redis then across application 2 by check the session in redis is exist or not.
Is Redis support to share the session between two different we b application? If not, any other methods so that i can achieve my goal?
thanks.
You can use multi web applications connect to Redis server, and write or read data.
So yo can share the session between two different web application.
But I recommended, each Redis should only connected by one Application, and the application can offer many apis for other apps who want to get data.
You can do it easily with help of "spring session". The idea is to configure web application to store session outside server and share it with other application. It supports redis out of the box. Read here for more information,
https://docs.spring.io/spring-session/docs/current/reference/html5/guides/boot-redis.html#boot-how
I have a spring boot application which uses embedded tomcat. The app is hosted on multiple EC2 instances, which auto scale if required and some of which may be killed/restarted. So, effectively there are 3 instances of the app running , and requests are routed from the load balancer to any of these instances.
I am trying to track user sessions on my app. I started with implementing container level session management using tomcat HttpSession. But it is not able to track sessions across instances. On researching a bit, I got to know that i need something like session replication.
My app is not running a tomcat cluster, it has 3 independent instances of the API which do not talk to each other in anyway. I am not planning to change that and not sure if it is possible with AWS as it does not encourage multicast communication for this purpose.
Also, I do not want to setup/manage a separate DB (like redis with spring session) just for this purpose, because I only need session Ids for logging, and I need to do that in a lightweight manner.
Is there any other way to manage sessions across instances ? or for my purpose, would it be better to just implement some custom code which can check for session id/token passed to and fro between the frontend and backend.
The goal is to externalize the sessions from your application server so that you can autoscale, restart, load balance etc. without worrying about breaking a User's session.
Honestly on AWS using the Spring stack, I would recommend Spring Session + Redis. I've used it countless times and it is very easy to implement. You can leverage AWS Elasticache which manages the Redis cluster for you (like RDS does for relational DBs).
You could write your own custom implementation of Spring Session with a backing store of S3, Dynamo, etc. But is that really any better than the Redis implementation? I'd recommend the path of least resistance.
I want to build a server for my android application.
My application lets users register and allows each user to request a list of all users registered to my application, so my server will be mainly in charge of receiving data from a user, updating the database, and sending data back to user on request.
Since I've never built a server I looked into what would be the ideal way to achieve my goals and after some reading I've found that Spring would be the right way to go, But I also found that there are all kinds of springs.
Eventually I've narrowed my options down to Spring MVC and spring Boot,
I've read that spring boot is a good start but I also read that spring boot does all the configurations for you and I want to really know how stuff works so I fear that spring boot will do all the work for me , So I thought of maybe using spring MVC but I couldn't completely figure out if Spring MVC would be good to achieve my goals or if it's mainly used for building web pages
So what would be the best suitable spring to use ?
I would prefer Spring boot. It's not just about it doing all the configuration for you. It's about Spring saving you from writing a lot of boilerplate code (you still have to do a fair bit of configuration though). Plus, it will be easy to spin up the app and test it locally (you can even test it with local file based h2 database, meaning you don't need to install any database into your machine).
Adding Spring Data JPA dependency with Spring boot will take care of persistent layer as well. And if you want to write jsp or html pages then I would recommend having a look at this thymeleaf example.
Here's the sample CRUD application I have developed with Spring boot and here's my own blog about it.
Spring MVC stands for model,view,controller. View, in general is something which is returned after your business logic has been executed and mainly suggests webpages. Spring Boot would be the easiest way to set up your server for the application. However, if you want to know how things work you can go with the basic spring. Spring, too provided classes like JdbcTemplate to reduce your boilerplate code, however it forces you to configure things yourself.
You do not have the comfort of annotating a resource and watching as the magic happens. If you want to speed up setting up a server and make things less complex go for Spring Boot.
I have several multi module spring web application each application like below, each of them differently develop no inter - connection.
war
|...webModule
|...coreModule
I want to integrate them with one admin module with security settings.
How can i do that?? is their any frameworks for that??
I go through the OSGI approach but it has lot migration work. What about component based (I never do that)... Can any one suggest some way to create my integration application which can handle common login & security for other sub application ? (need single sign on multiple war solution)
I strongly advise reading up on the Angular JS and Spring Security series, especially related is the https://spring.io/blog/2015/01/20/the-resource-server-angular-js-and-spring-security-part-iii
The approach that they describe seems completly viable for you. Key points
Spring Security uses the HttpSession to store authentication data by
default. It doesn’t interact directly with the session though: there’s
an abstraction layer (SecurityContextRepository) in between that you
can use to change the storage backend.
After authenticating through your admin module you should store your authentication data into a storage accessible to all your other modules, and using a session id as a key for the data. You can easily achieve this with a help of Spring Session where you can use an out-of-the-box supported Redis as your shared storage for authentication data.
Finally, the key will be set inside a custom header of the requests that target other modules, which will use this custom header and a changed session strategy to pull the authentication data from the storage and authenticated the user
There are quite a few details behind the approach, but the series come with the sample implementation so you should be able to find your way