Java:跟踪用户登录会话 - 会话EJB与HTTPSession [英] Java: Tracking a user login session - Session EJBs vs HTTPSession
问题描述
如果我想跟踪每个客户端使用我的Web应用程序的会话状态,哪个更好的选择 - 会话Bean或HTTP会话 - 使用?
使用HTTP会话:
//请求是javax.servlet.http.HttpServletRequest类的变量
// UserState是一个POJO
HttpSession session = request.getSession(true);
UserState state =(UserState)(session.getAttribute(UserState));
if(state == null){//创建默认值..}
String uid = state.getUID();
//现在使用用户ID
使用会话EJB:
在 WEB-INF / web.xml 中注册为Web应用程序侦听器的ServletContextListener实现:
// UserState这次不是一个POJO,这是
// UserStateBean状态会话的接口EJB
@EJB
private UserState userStateBean;
public void contextInitialized(ServletContextEvent sce){
ServletContext servletContext = sce.getServletContext();
servletContext.setAttribute(UserState,userStateBean);
...
在JSP中:
public void jspInit(){
UserState state =(UserState)(getServletContext()。getAttribute(UserState));
...
}
在同一个JSP的正文中的其他地方:
String uid = state.getUID();
//现在可以使用用户ID
在我看来,他们几乎是一样的,主要区别在于前者的
HttpRequest.HttpSession 中传送的UserState实例,在 ServletContext 中,在后者的情况下。 这两种方法中哪一种更强大,为什么?
正如@BalusC指出的,在你的例子中,所有客户端的EJB都是一样的 - 不是你想要的。
如果您在用户登录并将其存储在会话中或类似的情况下创建EJB,那么您仍然可以更改每个客户机的一个EJB。但是在使用 HttpSession 和有状态会话bean(SFSB)之间还有其他更微妙的区别。特别是这两个:
- 异常处理。如果EJB中的事务失败,则该bean无效,不能再使用。这可能使Web应用程序中的错误处理策略复杂化。
- 并发。同一个SFSB不能同时访问,所以您需要在Web层中进行同步。再次,这可能使设计复杂化。
有关详细信息,请参阅此答案:使用Servlet正确使用SFSB
总结:我建议你去处理 HttpSession 的方法,反对SFSB;只有当它提供了你不能用 HttpSession 的东西时才使用SFSB,情况并非如此。
If I want to keep track of a conversational state with each client using my web application, which is the better alternative - a Session Bean or a HTTP Session - to use?
Using HTTP Session:
//request is a variable of the class javax.servlet.http.HttpServletRequest
//UserState is a POJO
HttpSession session = request.getSession(true);
UserState state = (UserState)(session.getAttribute("UserState"));
if (state == null) { //create default value .. }
String uid = state.getUID();
//now do things with the user id
Using Session EJB:
In the implementation of ServletContextListener registered as a Web Application Listener in WEB-INF/web.xml:
//UserState NOT a POJO this this time, it is
//the interface of the UserStateBean Stateful Session EJB
@EJB
private UserState userStateBean;
public void contextInitialized(ServletContextEvent sce) {
ServletContext servletContext = sce.getServletContext();
servletContext.setAttribute("UserState", userStateBean);
...
In a JSP:
public void jspInit() {
UserState state = (UserState)(getServletContext().getAttribute("UserState"));
...
}
Elsewhere in the body of the same JSP:
String uid = state.getUID();
//now do things with the user id
It seems to me that the they are almost the same, with the main difference being that the UserState instance is being transported in the HttpRequest.HttpSession in the former, and in a ServletContext in the case of the latter.
Which of the two methods is more robust, and why?
As @BalusC pointed out, in your example the EJB would be the same for all clients -- not what you want.
You can still change that and have one EJB per client, if for instance you create the EJB when the user logs in and store it in the session, or something similar.
But there are other more subtle differences between using the HttpSession and a stateful session bean (SFSB). Especially these two ones:
- Exception handling. If a transaction fails in the EJB, the bean is invalidated and can not be used any longer. This can complicate the error handling strategy in the web application.
- Concurrency. The same SFSB can not be accessed concurrently, so you will need to synchronize that in the web layer. Again, this can complicate the design.
See this answer for more details: Correct usage of SFSB with Servlets
In summary: I would advise going for the HttpSession approach and against the SFSB in your case; use SFSB only if it provides something you can't do with HttpSession, which isn't the case.
这篇关于Java:跟踪用户登录会话 - 会话EJB与HTTPSession的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
