如何制作无状态的 Web 应用程序?特别是使用 Spring MVC? [英] How to make stateless web applications? Especially with Spring MVC?
问题描述
无状态 Web 应用程序似乎很有前途.如何制作一个?尤其是 Spring WebMvc?有什么指导方针吗?
The stateless web application seems promising. How to make one? Especially with Spring WebMvc? Any guidelines?
以下是我的一些想法:
- 避免创建会话
- 使用集中存储状态信息并在 Web 应用程序实例之间共享.
加 1
我认为这不是是否保留状态信息的问题.如果你想做一些有用的事情,状态信息总是必要的.这实际上是一个在哪里/如何保留状态信息的问题.这篇文章很有用.它提到了进程内/进程外会话、数据缓存以及为什么不使用会话.
I think it is not a question of whether to keep state info or not. State info is always necessary if you want to do something useful. It is actually a question where/how to keep the state info. This article is useful. It mentioned in-proc/out-of-proc session, data cache, and why not to use session.
相关:
使用 Spring MVC 进行无状态 Web 应用程序开发(还没有回复)
我该怎么做使我的 Web 应用程序无状态但仍然做一些有用的事情?
http://brockallen.com/2012/04/07/think-twice-about-using-session-state/
推荐答案
这里有一些贡献.我不熟悉 Java 和 Spring,但我相信无论您的技术堆栈如何,这些指南都是有效的.
Here are some contributions. I'm not familiar with Java and Spring, but I believe these guidelines are valid regardless of your technology stack.
正如您在问题中所预期的那样,避免使用会话来验证用户.会话是强制性的,很难在分布式、可扩展的基础架构中一致地复制它.
As you anticipated in your question, avoid using a session to authenticate users. Sessions are peremptory and it's very difficult to replicate it consistently in a distributed, scalable infrastructure.
此外,负载均衡器不适用于会话:参见 负载平衡服务器上的会话状态超时问题.
Also, load balancers don't work well with sessions: see Problem with Session State timeing out on Load Balanced Servers.
无状态应用最好使用基于令牌的身份验证系统.Firebase 就是一个很好的例子.将从令牌中提取的不可变用户 ID 映射到您要使用的任何存储机制中持久化的用户数据.由于此用户 ID 不会更改,因此您可以在分布式数据库中使用.
A stateless app will preferably use a token-based authentication system. Firebase is a good example. Map the immutable user ID extracted from the token to the user data persisted in whatever storing mechanism you want to use. Since this user ID won't change, you'll be fine in a distributed database.
有时人们认为,通过将用户 ID 映射到数据库中的用户数据,您正在制作一个有状态的应用程序.这不是真的.让我说清楚:
Sometimes people think that, by mapping a user ID to user data in a database, you are making a stateful app. It's not true. Let me make it clear:
将用户信息保存在数据库中并对经过身份验证的用户进行动态响应的应用程序不需要状态.无状态意味着应用不必在多个服务器之间分发可变身份验证会话,也不会根据会话数据将其内部状态更改为特定客户端.
An application that persists user information in a database and has dynamic responses for authenticated users IS NOT NECESSARILY STATEFUL. Stateless means the app won't have to distribute mutable authentication sessions across multiple servers and won't change its internal state to a particular client depending on session data.
无状态的诀窍是:一旦用户通过登录验证了其令牌,服务器就不必在数据库服务器之间分发任何新的东西,并且不会将其状态更改为该客户端.它可以从令牌中提取用户信息并执行响应请求所需的操作.如果令牌过期,客户端将需要新的身份验证,这将生成一个新令牌,但这与应用服务器隔离,因为用户 ID 将保持不变.
The trick of stateless is: once a user validated its token by logging in, the server don't have to distribute anything new across the database servers and it won't change its state to that client. It can extract user info from the token and carry out what's needed to answer the request. If the token expires, the client will require a new authentication, which will generate a new token, but this is isolated from the app server, since the user ID will remain the same.
如果在 cookie 中缓存一些经常请求的数据会提高性能,那很好,继续缓存.只需确保 cookie 未连接到任何服务器状态,如果客户端丢失 cookie,您的应用不会中断.
If caching in cookies some frequently requested data will improve performance, that's fine, go ahead and cache. Just make sure the cookie isn't connected to any server state and your app will not break if the client loses the cookie.
这篇关于如何制作无状态的 Web 应用程序?特别是使用 Spring MVC?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
