130 lines
4.6 KiB
Plaintext
130 lines
4.6 KiB
Plaintext
= Spring Session - Grails
|
|
Eric Helgeson
|
|
:toc:
|
|
|
|
This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when using Grails 3.1
|
|
|
|
NOTE: Grails 3.1 is based off spring boot 1.3 so much of the advanced configuration and options can be found in the boot docs as well.
|
|
|
|
NOTE: The completed guide can be found in the <<grails3-sample, Grails 3 sample application>>.
|
|
|
|
== Updating Dependencies
|
|
Before you use Spring Session, you must ensure to update your dependencies.
|
|
We assume you are working with a working Grails 3.1 web profile.
|
|
Add the following dependencies:
|
|
|
|
.build.gradle
|
|
[source,groovy]
|
|
[subs="verbatim,attributes"]
|
|
----
|
|
dependencies {
|
|
compile 'org.springframework.boot:spring-boot-starter-redis'
|
|
compile 'org.springframework.session:spring-session:{spring-session-version}'
|
|
}
|
|
----
|
|
|
|
ifeval::["{version-snapshot}" == "true"]
|
|
Since We are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
|
|
Ensure you have the following in your pom.xml:
|
|
|
|
.build.gradle
|
|
[source,groovy]
|
|
----
|
|
repositories {
|
|
maven {
|
|
url 'https://repo.spring.io/libs-snapshot'
|
|
}
|
|
}
|
|
----
|
|
endif::[]
|
|
|
|
ifeval::["{version-milestone}" == "true"]
|
|
Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
|
|
Ensure you have the following in your pom.xml:
|
|
|
|
.build.gradle
|
|
[source,groovy]
|
|
----
|
|
repositories {
|
|
maven {
|
|
url 'https://repo.spring.io/libs-milestone'
|
|
}
|
|
}
|
|
----
|
|
endif::[]
|
|
|
|
[[grails3-redis-configuration]]
|
|
== Configuring the Redis Connection
|
|
|
|
Spring Boot automatically creates a `RedisConnectionFactory` that connects Spring Session to a Redis Server on localhost on port 6379 (default port).
|
|
In a production environment you need to ensure to update your configuration to point to your Redis server.
|
|
For example, you can include the following in your *application.yml*
|
|
|
|
.grails-app/conf/application.yml
|
|
[source,yml]
|
|
----
|
|
spring:
|
|
redis:
|
|
host: localhost
|
|
password: secret
|
|
port: 6397
|
|
----
|
|
|
|
For more information, refer to http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.
|
|
|
|
[[grails3-sample]]
|
|
== Grails 3 Sample Application
|
|
|
|
The Grails 3 Sample Application demonstrates how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when using Grails.
|
|
|
|
[[grails3-running]]
|
|
=== Running the Grails 3 Sample Application
|
|
|
|
You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
|
|
|
|
[NOTE]
|
|
====
|
|
For the sample to work, you must http://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
|
|
Alternatively, you can update the `JedisConnectionFactory` to point to a Redis server.
|
|
====
|
|
|
|
----
|
|
$ ./gradlew :samples:grails3:bootRun
|
|
----
|
|
|
|
You should now be able to access the application at http://localhost:8080/test/index
|
|
|
|
[[grails3-explore]]
|
|
=== Exploring the security Sample Application
|
|
|
|
Try using the application. Enter the following to log in:
|
|
|
|
* **Username** _user_
|
|
* **Password** _password_
|
|
|
|
Now click the **Login** button.
|
|
You should now see a message indicating your are logged in with the user entered previously.
|
|
The user's information is stored in Redis rather than Tomcat's `HttpSession` implementation.
|
|
|
|
[[grails3-how]]
|
|
=== How does it work?
|
|
|
|
Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Redis.
|
|
Spring Session replaces the `HttpSession` with an implementation that is backed by Redis.
|
|
When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Redis.
|
|
|
|
When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
|
|
Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
|
|
|
|
If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
|
|
|
|
$ redis-cli keys '*' | xargs redis-cli del
|
|
|
|
TIP: The Redis documentation has instructions for http://redis.io/topics/quickstart[installing redis-cli].
|
|
|
|
Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
|
|
|
|
$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
|
|
|
|
Now visit the application at http://localhost:8080/test/index and observe that we are no longer authenticated.
|