Session在存儲(chǔ)安全性要求較高的會(huì)話信息方面是必不可少的，對于分布式Web應(yīng)用自定義Session支持獨(dú)立的狀態(tài)服務(wù)器或集群是必須的。本文就來教大家如何在Java Web開發(fā)中自定義Session。

ASP.NET通過SessionStateModule通過配置文件配置實(shí)際的Session提供程序，Session提供程序?qū)崿F(xiàn)了SessionStateStoreProviderBase，因此在ASP.NET中實(shí)現(xiàn)自定義Session是通過繼承SessionStateStoreProviderBase實(shí)現(xiàn)，配置Session是通過Web.config。ASP.NET自定義session的代碼參考github上的開源項(xiàng)目SQLiteSessionStateStore。

同理，Java Servlet中使用自定義Session通過Filter可以實(shí)現(xiàn)。由于不同的servlet容器對Session的實(shí)現(xiàn)不同，所以通用性最好的方式是繼承HttpServletRequestWrapper重寫getSession方法返回自定義的Session對象。Filter采用了職責(zé)鏈模式(chain of responsibility)，HttpServletRequestWrapper采用了裝飾模式(Decorator)，可以通過《Head First 設(shè)計(jì)模式》閱讀模式的相關(guān)內(nèi)容。

1.首先自定義繼承HttpSession的MySession(為了便于演示，僅包裝了容器的session并轉(zhuǎn)發(fā)調(diào)用)。

import java.util.Enumeration;

import javax.servlet.ServletContext;

import javax.servlet.http.HttpSession;

public class MySession implements HttpSession {

private HttpSession _containerSession;

public MySession(HttpSession session) {

this._containerSession = session;

}

@Override

public long getCreationTime() {

return this._containerSession.getCreationTime();

}

@Override

public String getId() {

return this._containerSession.getId();

}

@Override

public long getLastAccessedTime() {

return this._containerSession.getLastAccessedTime();

}

@Override

public ServletContext getServletContext() {

return this._containerSession.getServletContext();

}

@Override

public void setMaxInactiveInterval(int interval) {

this._containerSession.setMaxInactiveInterval(interval);

}

@Override

public int getMaxInactiveInterval() {

return this._containerSession.getMaxInactiveInterval();

}

@SuppressWarnings("deprecation")

@Override

public HttpSessionContext getSessionContext() {

return this._containerSession.getSessionContext();

}

@Override

public Object getAttribute(String name) {

return this._containerSession.getAttribute(name);

}

@SuppressWarnings("deprecation")

@Override

public Object getValue(String name) {

return this._containerSession.getValue(name);

}

@Override

public EnumerationgetAttributeNames() {

return this._containerSession.getAttributeNames();

}

@SuppressWarnings("deprecation")

@Override

public String[] getValueNames() {

return this._containerSession.getValueNames();

}

@Override

public void setAttribute(String name, Object value) {

this._containerSession.setAttribute(name, value);

}

@SuppressWarnings("deprecation")

@Override

public void putValue(String name, Object value) {

this._containerSession.putValue(name, value);

}

@Override

public void removeAttribute(String name) {

this._containerSession.removeAttribute(name);

}

@SuppressWarnings("deprecation")

@Override

public void removeValue(String name) {

this._containerSession.removeValue(name);

}

@Override

public void invalidate() {

this._containerSession.invalidate();

}

@Override

public boolean isNew() {

return this._containerSession.isNew();

}

}

2.自定義繼承HttpServletRequestWrapper的MyRequest

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletRequestWrapper;

import javax.servlet.http.HttpSession;

public class MyRequest extends HttpServletRequestWrapper {

public MyRequest() {

super(null);

}

public MyRequest(HttpServletRequest request) {

super(request);

// TODO 自動(dòng)生成的構(gòu)造函數(shù)存根

}

@Override

public HttpSession getSession(boolean create) {

return new MySession(super.getSession(create));

}

@Override

public HttpSession getSession() {

return new MySession(super.getSession());

}

}

3.自定義Filter將Request包裝為MyRequest

import java.io.IOException;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.annotation.WebFilter;

import javax.servlet.http.HttpServletRequest;

@WebFilter("/*")

public class MyFilter implements Filter {

@Override

public void init(FilterConfig filterConfig) throws ServletException {

// TODO 自動(dòng)生成的方法存根

}

@Override

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

throws IOException, ServletException {

chain.doFilter(new MyRequest((HttpServletRequest) request), response);

}

@Override

public void destroy() {

// TODO 自動(dòng)生成的方法存根

}

}通過注解配置了Filter，也可以通過原始的web.xml方式配置。

隨著人們網(wǎng)絡(luò)安全的提高，session機(jī)制開始在Java Web前端開發(fā)的服務(wù)端和客戶端的交互模式中得到廣泛運(yùn)用。在本站的Java Web教程中，會(huì)對Session和Cookie機(jī)制進(jìn)行超詳細(xì)的解讀，讓你對前端開發(fā)的最新前沿技術(shù)了如指掌!