/ Java Zone
Over a million developers have joined DZone.

Spring Java Configuration: Session Timeout

by
Alexey Zvolinskiy
·
May. 13, 14 · Java Zone

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Easily build powerful user management, authentication, and authorization into your web and mobile applications. Download this Forrester report on the new landscape of Customer Identity and Access Management, brought to you in partnership with Stormpath.

We live in a nice time, when you can develop a Spring application using java based configuration. No redundant XML code any more, just pure java code. In this article I want to discuss a popular topic about session management in Spring applications. If to be more precise I’m going to talk about a session timeout in java configuration style.

So in one of my previous blog posts I’ve already said how to manage a lifetime of session. But that solution implies usage of web.xml file, which is not required for java based configs. Because its role plays a class which extendsAbstractAnnotationConfigDispatcherServletInitializer class. Frequently it looks something like this:

import javax.servlet.Filter;
import org.springframework.web.filter.HiddenHttpMethodFilter;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
public class Initializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return null;
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class<?>[] { WebAppConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
@Override
protected Filter[] getServletFilters() {
return new Filter[] { new HiddenHttpMethodFilter() };
}
}

I’ve written a lot about usage of such configurations, but here we should pay extra attention to classes which AbstractAnnotationConfigDispatcherServletInitializerextends. I talk about the AbstractDispatcherServletInitializer class. In its turn it hasonStartup(ServletContext servletContext) method. Its purpose is to configure aServletContext with any servlets, filters, listeners context-params and attributes necessary for initializing this web application.

Directly in this place it’s a good time to recall about the HttpSessionListenerinterface. As you have already guessed in an implementation of this interface we are able to manage each just created session a an application. For example we can set a maximum inactive interval equal to 5 minutes:

import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
public class SessionListener implements HttpSessionListener {
@Override
public void sessionCreated(HttpSessionEvent event) {
System.out.println("==== Session is created ====");
event.getSession().setMaxInactiveInterval(5*60);
}
@Override
public void sessionDestroyed(HttpSessionEvent event) {
System.out.println("==== Session is destroyed ====");
}
}

In order to apply this session management changes into our java based configurations, we have to add a following code snippet to Initializer class:

...
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
super.onStartup(servletContext);
servletContext.addListener(new SessionListener());
}
...

That’s all java geeks, enjoy coding.

The Java Zone is brought to you by Stormpath—a complete, pre-built User Management API. Want to learn how to use JWTs to protect microservices from CSRF and more? Check out this on-demand webinar with our Java Developer Evangelist, Micah Silverman.

Topics:

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of Alexey Zvolinskiy, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Java Partner Resources

Delivering Value with BizDevOps
Instant Security and Scalable User Management in Spring Boot
All the Java EE Goodness Without the Wait
How to Write Java code 17% faster by eliminating app server restarts
Java JSON Web Tokens for CSRF & Microservices
Using Hazelcast for Microservices: Get the Whitepaper
10 Things Your CIO Should Know About DevOps
Is Java Dead? No! Here's Why…
Programming language matters. Boost your productivity with Kotlin!
Top 5 Java Performance Metrics, Tips & Tricks
REST APIs with Java Using a Library Based on Scala
A Smart IDE for a Creative You
8 Steps to Rocket-Powered Java Development
A High Level Open Source Java Framework for Enterprise Applications
Ultimate Code Review Tool for Java Teams
Elevate the Customer Experience in the Mobile World by leveraging real insight into app performance
How Do You Become A Salesforce Developer?
The A to Z of OOP
Java Best Practices - Tools, Performance, and Deployment
Modern Monitoring across Omnichannel, Microservices and Cloud
Estimate Your ROI Using the ValueStory for CA APM

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

 Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone