Spring Java Configuration: Session timeout
We live in a nice time, when you can develop a Spring application using java based configuration. No redundant XML code any more, just pure java code. In this article I want to discuss a popular topic about session management in Spring applications. If to be more precise I’m going to talk about a session timeout in java configuration style.
So in one of my previous blog posts I’ve already said how to manage a lifetime of session. But that solution implies usage of web.xml file, which is not required for java based configs. Because its role plays a class which extends AbstractAnnotationConfigDispatcherServletInitializer class. Frequently it looks something like this:
import javax.servlet.Filter; import org.springframework.web.filter.HiddenHttpMethodFilter; import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer; public class Initializer extends AbstractAnnotationConfigDispatcherServletInitializer { @Override protected Class<?>[] getRootConfigClasses() { return null; } @Override protected Class<?>[] getServletConfigClasses() { return new Class<?>[] { WebAppConfig.class }; } @Override protected String[] getServletMappings() { return new String[] { "/" }; } @Override protected Filter[] getServletFilters() { return new Filter[] { new HiddenHttpMethodFilter() }; } }
I’ve written a lot about usage of such configurations, but here we should pay extra attention to classes which AbstractAnnotationConfigDispatcherServletInitializer extends. I talk about the AbstractDispatcherServletInitializer class. In its turn it has onStartup(ServletContext servletContext) method. Its purpose is to configure a ServletContext with any servlets, filters, listeners context-params and attributes necessary for initializing this web application.
Directly in this place it’s a good time to recall about the HttpSessionListener interface. As you have already guessed in an implementation of this interface we are able to manage each just created session a an application. For example we can set a maximum inactive interval equal to 5 minutes:
import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionListener; public class SessionListener implements HttpSessionListener { @Override public void sessionCreated(HttpSessionEvent event) { System.out.println("==== Session is created ===="); event.getSession().setMaxInactiveInterval(5*60); } @Override public void sessionDestroyed(HttpSessionEvent event) { System.out.println("==== Session is destroyed ===="); } }
In order to apply this session management changes into our java based configurations, we have to add a following code snippet to Initializer class:
... @Override public void onStartup(ServletContext servletContext) throws ServletException { super.onStartup(servletContext); servletContext.addListener(new SessionListener()); } ...
That’s all java geeks, enjoy coding.