Spring Java Configuration: Session Timeout
Join the DZone community and get the full member experience.
Join For FreeWe live in a nice time, when you can develop a Spring application using java based configuration. No redundant XML code any more, just pure java code. In this article I want to discuss a popular topic about session management in Spring applications. If to be more precise I’m going to talk about a session timeout in java configuration style.
So in one of my previous blog posts I’ve already said how to manage a lifetime of session. But that solution implies usage of web.xml file, which is not required for java based configs. Because its role plays a class which extendsAbstractAnnotationConfigDispatcherServletInitializer class. Frequently it looks something like this:
import javax.servlet.Filter; import org.springframework.web.filter.HiddenHttpMethodFilter; import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer; public class Initializer extends AbstractAnnotationConfigDispatcherServletInitializer { @Override protected Class<?>[] getRootConfigClasses() { return null; } @Override protected Class<?>[] getServletConfigClasses() { return new Class<?>[] { WebAppConfig.class }; } @Override protected String[] getServletMappings() { return new String[] { "/" }; } @Override protected Filter[] getServletFilters() { return new Filter[] { new HiddenHttpMethodFilter() }; } }
I’ve written a lot about usage of such configurations, but here we should pay extra attention to classes which AbstractAnnotationConfigDispatcherServletInitializerextends. I talk about the AbstractDispatcherServletInitializer class. In its turn it hasonStartup(ServletContext servletContext) method. Its purpose is to configure aServletContext with any servlets, filters, listeners context-params and attributes necessary for initializing this web application.
Directly in this place it’s a good time to recall about the HttpSessionListenerinterface. As you have already guessed in an implementation of this interface we are able to manage each just created session a an application. For example we can set a maximum inactive interval equal to 5 minutes:
import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionListener; public class SessionListener implements HttpSessionListener { @Override public void sessionCreated(HttpSessionEvent event) { System.out.println("==== Session is created ===="); event.getSession().setMaxInactiveInterval(5*60); } @Override public void sessionDestroyed(HttpSessionEvent event) { System.out.println("==== Session is destroyed ===="); } }
In order to apply this session management changes into our java based configurations, we have to add a following code snippet to Initializer class:
... @Override public void onStartup(ServletContext servletContext) throws ServletException { super.onStartup(servletContext); servletContext.addListener(new SessionListener()); } ...
That’s all java geeks, enjoy coding.
Published at DZone with permission of Alexey Zvolinskiy, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments