Spring Session在不改变原有使用方式的前提下可以管理session。

从注解@EnableSpringHttpSession入手：

@Retention(java.lang.annotation.RetentionPolicy.RUNTIME)

@Target({ java.lang.annotation.ElementType.TYPE })

@Documented

@Import(SpringHttpSessionConfiguration.class)

@Configuration

public @interface EnableSpringHttpSession {

}

发现导入了配置类

SpringHttpSessionConfiguration

@Configuration

public class SpringHttpSessionConfiguration {

private CookieHttpSessionStrategy defaultHttpSessionStrategy = new CookieHttpSessionStrategy();

private HttpSessionStrategy httpSessionStrategy = this.defaultHttpSessionStrategy;

private List httpSessionListeners = new ArrayList();

private ServletContext servletContext;

@Bean

public SessionEventHttpSessionListenerAdapter sessionEventHttpSessionListenerAdapter() {

return new SessionEventHttpSessionListenerAdapter(this.httpSessionListeners);

}

@Bean

public SessionRepositoryFilter extends ExpiringSession> springSessionRepositoryFilter(

SessionRepository sessionRepository) {

SessionRepositoryFilter sessionRepositoryFilter = new SessionRepositoryFilter(

sessionRepository);

sessionRepositoryFilter.setServletContext(this.servletContext);

if (this.httpSessionStrategy instanceof MultiHttpSessionStrategy) {

sessionRepositoryFilter.setHttpSessionStrategy(

(MultiHttpSessionStrategy) this.httpSessionStrategy);

}

else {

sessionRepositoryFilter.setHttpSessionStrategy(this.httpSessionStrategy);

}

return sessionRepositoryFilter;

}

@Autowired(required = false)

public void setServletContext(ServletContext servletContext) {

this.servletContext = servletContext;

}

@Autowired(required = false)

public void setCookieSerializer(CookieSerializer cookieSerializer) {

this.defaultHttpSessionStrategy.setCookieSerializer(cookieSerializer);

}

@Autowired(required = false)

public void setHttpSessionStrategy(HttpSessionStrategy httpSessionStrategy) {

this.httpSessionStrategy = httpSessionStrategy;

}

@Autowired(required = false)

public void setHttpSessionListeners(List listeners) {

this.httpSessionListeners = listeners;

}

}

最底下有四个可以配置的Spring Session方式。看名字可以看出他们的作用。

这个配置往Spring容器中配置两个bean。

SessionEventHttpSessionListenerAdapter session事件的监听器适配器

SessionRepositoryFilter session 持久化的过滤器，这是Spring Session的核心。

SessionRepositoryFilter 可以支持两种策略，

CookieHttpSessionStrategy是基于Cookie的默认实现。

MultiHttpSessionStrategy可以支持多个用户在一个浏览器上。

SessionRepositoryFilter 过滤核心代码

@Override

protected void doFilterInternal(HttpServletRequest request,

HttpServletResponse response, FilterChain filterChain)

throws ServletException, IOException {

request.setAttribute(SESSION_REPOSITORY_ATTR, this.sessionRepository);

SessionRepositoryRequestWrapper wrappedRequest = new SessionRepositoryRequestWrapper(

request, response, this.servletContext);

SessionRepositoryResponseWrapper wrappedResponse = new SessionRepositoryResponseWrapper(

wrappedRequest, response);

HttpServletRequest strategyRequest = this.httpSessionStrategy

.wrapRequest(wrappedRequest, wrappedResponse);

HttpServletResponse strategyResponse = this.httpSessionStrategy

.wrapResponse(wrappedRequest, wrappedResponse);

try {

filterChain.doFilter(strategyRequest, strategyResponse);

}

finally {

wrappedRequest.commitSession();

}

HttpServletRequest strategyRequest = this.httpSessionStrategy

.wrapRequest(wrappedRequest, wrappedResponse);

HttpServletResponse strategyResponse = this.httpSessionStrategy

.wrapResponse(wrappedRequest, wrappedResponse);

}

SessionRepositoryRequestWrapper及

SessionRepositoryResponseWrapper是将

HttpServletRequest、HttpServletResponse包装成的可以提供session持久化功能的类。

HttpServletRequest strategyRequest = this.httpSessionStrategy

.wrapRequest(wrappedRequest, wrappedResponse);

HttpServletResponse strategyResponse = this.httpSessionStrategy

.wrapResponse(wrappedRequest, wrappedResponse);

利用多态完成request及response的实现转换。

来源：[]()