Very often the following task occuring: saving and distributing session between web applications. In this post, implemented one of the strategies of saving and distributing session for web framework Struts 2.
Used technologies : EJB3, Struts-2, Tomcat, Jboss
So we have task for linking several web applications with Session Manager. One of the restrictions in this implementation is usage of subdomains of domain e.g. *.domain.com. So we can use domain cookies (this restriction can be taken off with URL rewriting, but in this implementation we use cookies ). Because existed system was build on Struts 2 web framework, we decided to use internal capabilities of this framework. As we will see further, Struts 2 has very exciting futures called Interceptors, and they help us to get rid of crosscutting concernes.
Session Manager is a EJB3 component with simple interface, for simplicity only subset of methods will be shown with descriptive methods signature :
@Remote
public interface SessionManagerRemote {
void extendActivity(String sessionId) throws SessionExpiredException;
String registerActivity();
void unregister(String sessionId);
Long getSessionDuration(String sessionId);
Map getSession (String sessionId) throws SessionExpiredException;
void putSession (String sessionId,Map sessionObjects)throws SessionExpiredException;
}
This component will be deployed on J2EE Application Server, e.g. JBOSS. Jboss implementation following:
@org.jboss.annotation.ejb.Service(objectName = "jboss:managementService=SessionManager")
@Remote(SessionManagerRemote.class)
@org.jboss.annotation.ejb.RemoteBinding(jndiBinding = "com/project/management/session/remote")
public class SessionManager implements SessionManagerRemote {
}
Service annotation is used for Singleton implementation in Jboss runtime.
So, back to main task. We need to replace Struts 2 session implementation with our distributed session, controlled by session manager. But for make such serious session replacement we must understand architecture of Struts 2 framework. First we must detect how we use session in Struts 2 application :
- OGNL expressions with #session identifier e.g. <s:property:value="#session.PARAMETER_IN_SESSION"/>
- Actions that implement SessionAware interface :
public class TempAction implements SessionAware {
private Map session;
public void setSession(Map map) {
this.session = map;
}
}
So we must create our interceptor that
- initialize OGNL value stack with our distributed session
- inject our distributed session in Actions that implements SessionAware interface
According to Struts 2 source code, Dispatcher initialize OGNL value stack, and session in particular:
extraContext.put("session", sessionMap);
and ServletConfigInterceptor injects session in Action classes.So we override such behaviour as following :
//initializing session in OGNL value stack
actionInvocation.getInvocationContext().getContextMap().put("session",distributedSession);
//injecting our session
if (action instanceof SessionAware) {
((SessionAware) action).setSession(distributedSession);
}
So final configuration is following. struts.xml :
<struts>
<package name="default" extends="struts-default">
<interceptors>
<interceptor name="distributedSession" class="com.interceptors.SessionCheckerInterceptor"/>
<interceptor-stack name="distributedSessionStack">
<interceptor-ref name="basicStack"/>
<interceptor-ref name="distributedSession"/>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="distributedSessionStack"/>
</package>
<package name="test" extends="default" namespace="/actions">
<action name="logon" class="com.actions.SomeTemporaryAction" method="login">
<result name="success" type="redirectAction">myaccount</result>
<result name="input" type="redirect">/</result>
</action>
</package>
</struts>
We call interceptor distributedSession, and it must be in list after basicStack in order to work consistently.
Final version of our Interceptor :
public class SessionCheckerInterceptor extends AbstractInterceptor {
public String intercept(ActionInvocation actionInvocation) throws Exception {
HttpServletRequest request = ServletActionContext.getRequest();
String distributedSession = processCookie(request);
String result = null;
Map sessionBeforeInvokation = JNDICacheableFactory.getSessionManager().getSession(distributedSession);
Object action = actionInvocation.getAction();
if (action instanceof SessionAware) {
((SessionAware) action).setSession(sessionBeforeInvokation);
}
actionInvocation.getInvocationContext().setSession(sessionBeforeInvokation);
actionInvocation.getInvocationContext().getContextMap().put("session", sessionBeforeInvokation);
int beforeInvHash = sessionBeforeInvokation.hashCode();
result = actionInvocation.invoke();
Map sessionAfterInvocation = actionInvocation.getInvocationContext().getSession();
int afterInvHash = sessionAfterInvocation.hashCode();
if (afterInvHash != beforeInvHash) {
JNDICacheableFactory.getSessionManager().putSession(distributedSession, sessionAfterInvocation);
}
return result;
}
}
Note: method processCookie omited, in this method cookie processing logic implemented, but if we’d want to realize cross-domain logic we might use URL rewriting for example (in our case we use cookies because we use subdomains of similar domain).
Note: for checking updates in session we compare their hashes, but other implementations are possible. If session changed it is updated.