Stateless is priceless
-
Upload
thomas-recloux -
Category
Documents
-
view
905 -
download
9
Transcript of Stateless is priceless
![Page 1: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/1.jpg)
Stateless is priceless
mercredi 7 mars 12
![Page 2: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/2.jpg)
Thomas Recloux
Développeur / Architecte indépendant
@thomasrecloux
https://github.com/trecloux/
Ch’ti JUG (co) leader
mercredi 7 mars 12
![Page 3: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/3.jpg)
Stateless SessionLess is priceless
mercredi 7 mars 12
![Page 4: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/4.jpg)
mercredi 7 mars 12
![Page 5: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/5.jpg)
Session Http ?
mercredi 7 mars 12
![Page 6: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/6.jpg)
JSESSIONID=1337AZERTYUIOP
Serveur
mercredi 7 mars 12
![Page 7: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/7.jpg)
JSESSIONID=1337AZERTYUIOP
JSESSIONID=1337AZERTYUIOP
Serveur
mercredi 7 mars 12
![Page 8: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/8.jpg)
JSESSIONID=1337AZERTYUIOP
JSESSIONID=1337AZERTYUIOP
1337AZERTYUIOP
user com.myapp.User@45567
roles [CONFIGURATION, DICTATOR]
Serveur
mercredi 7 mars 12
![Page 9: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/9.jpg)
JSESSIONID=1337AZERTYUIOP
JSESSIONID=1337AZERTYUIOP
1337AZERTYUIOP
user com.myapp.User@45567
roles [CONFIGURATION, DICTATOR]
DFGHH76434455
user com.myapp.User@24098
roles []
Serveur
mercredi 7 mars 12
![Page 10: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/10.jpg)
Pour quoi faire ?
mercredi 7 mars 12
![Page 11: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/11.jpg)
1 - Authentification
En cas d’authentification par formulaire
Placer un objet marqueur en session pour mémoriser l’authentification
mercredi 7 mars 12
![Page 12: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/12.jpg)
2 - Etat conversationnel
Utiliser la session pour stocker l’état de la conversation entre le client et le serveur
Exemples :
Panier
Entité en cours de modification
....
mercredi 7 mars 12
![Page 13: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/13.jpg)
1337AZERTYUIOP
Serveur
GET /petsearch?query=dog
mercredi 7 mars 12
![Page 14: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/14.jpg)
1337AZERTYUIOP
search [Pet, Pet, Pet, Pet, Pet, Pet]
Serveur
GET /petsearch?query=dog
mercredi 7 mars 12
![Page 15: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/15.jpg)
1337AZERTYUIOP
search [Pet, Pet, Pet, Pet, Pet, Pet]
Serveur
GET /pet?idx=2
GET /petsearch?query=dog
mercredi 7 mars 12
![Page 16: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/16.jpg)
1337AZERTYUIOP
search [Pet, Pet, Pet, Pet, Pet, Pet]
pet com.myapp.Pet@566577
Serveur
GET /pet?idx=2
GET /petsearch?query=dog
mercredi 7 mars 12
![Page 17: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/17.jpg)
1337AZERTYUIOP
search [Pet, Pet, Pet, Pet, Pet, Pet]
pet com.myapp.Pet@566577
Serveur
GET /pet?idx=2
POST /pet
GET /petsearch?query=dog
mercredi 7 mars 12
![Page 18: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/18.jpg)
3 - Cache
Eviter de recharger des objets depuis leur système de stockage
Exemples :
Utilisateur, Roles
Objets fréquemment utilisés : Client, Articles, .....
mercredi 7 mars 12
![Page 19: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/19.jpg)
Il est ou le problème ?
mercredi 7 mars 12
![Page 20: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/20.jpg)
1 - Répartition de charge
mercredi 7 mars 12
![Page 21: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/21.jpg)
Asession
mercredi 7 mars 12
![Page 22: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/22.jpg)
Asession
B
?
mercredi 7 mars 12
![Page 23: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/23.jpg)
Asession
B
Load Balancer
1337AZERTYUIOP
A
mercredi 7 mars 12
![Page 24: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/24.jpg)
Asession
B
Load Balancer
1337AZERTYUIOP
A
Load Balancer
1337AZERTYUIOP
A
mercredi 7 mars 12
![Page 25: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/25.jpg)
2 - Tolérance aux pannes
mercredi 7 mars 12
![Page 26: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/26.jpg)
Asession
B
Load Balancer
1337AZERTYUIOP
A
Load Balancer
1337AZERTYUIOP
A
mercredi 7 mars 12
![Page 27: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/27.jpg)
Asession
B
Load Balancer
1337AZERTYUIOP
A
Load Balancer
1337AZERTYUIOP
A
mercredi 7 mars 12
![Page 28: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/28.jpg)
Asession
B
?
Load Balancer
1337AZERTYUIOP
A
Load Balancer
mercredi 7 mars 12
![Page 29: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/29.jpg)
Asession
BLoad
BalancerLoad
Balancer
session
Load Balancer
A
Load Balancer
mercredi 7 mars 12
![Page 30: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/30.jpg)
3 - Fourre tout
Difficile de gérer le cycle de vie des objets en session
Syndrome de la session obèse, refactoring complexe
Typage faible
mercredi 7 mars 12
![Page 31: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/31.jpg)
4 - Scalabilité
En cas de forte charge, les sessions existantes ne peuvent pas profiter de l’ajout de nouveaux serveurs
Quelle taille mémoire provisionner pour ma session ?
mercredi 7 mars 12
![Page 32: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/32.jpg)
5 - Quelle durée de vie
Réglage du timeout de session : durée de survie de la session après la dernière requête de l’utilisateur
Trop court : la session ne survie pas à une pause dans l’utilisation de l’application
Trop long : utilisation de ressources inutiles
mercredi 7 mars 12
![Page 33: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/33.jpg)
6 - Mise à jour de l’application
La session contient des objets complexes de l’application, elle est donc liée à une version de l’application
Procédures complexe de migration
mercredi 7 mars 12
![Page 34: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/34.jpg)
7 - Onglets
mercredi 7 mars 12
![Page 35: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/35.jpg)
Alors, on fait comment ?
mercredi 7 mars 12
![Page 36: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/36.jpg)
Stocker l’état ailleurs
mercredi 7 mars 12
![Page 37: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/37.jpg)
URL
mercredi 7 mars 12
![Page 38: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/38.jpg)
1337AZERTYUIOP
Serveur
GET /petsearch?query=dog
mercredi 7 mars 12
![Page 39: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/39.jpg)
1337AZERTYUIOP
Serveur
GET /petsearch?query=dog
mercredi 7 mars 12
![Page 40: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/40.jpg)
1337AZERTYUIOP
Serveur
GET /pet/543/chimpanzee
GET /petsearch?query=dog
mercredi 7 mars 12
![Page 41: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/41.jpg)
1337AZERTYUIOP
Serveur
GET /pet/543/chimpanzee
GET /petsearch?query=dog
POST /pet/543
mercredi 7 mars 12
![Page 42: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/42.jpg)
Cookie
Echangé à chaque requête/réponse
Peut être signé
4Ko Maximum : privilégier l’échange d’identifiants vs objets complexes
Peut être persistant
<!> Partagé entre les onglets
mercredi 7 mars 12
![Page 43: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/43.jpg)
Champs caché
Ex : Mémoriser l’identifiant de l’entité en cours de modification
Onglet friendly
<!> Vérifier les droits lors du GET et du POST
mercredi 7 mars 12
![Page 44: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/44.jpg)
Etat coté client
Arbre DOM
Variables globales JavaScript
Applications «Single Page»
Ex : GWT
Stockage local HTML5
Web Storage, Indexed DB, Web SQL
mercredi 7 mars 12
![Page 45: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/45.jpg)
Etat coté serveur
Base de données
Cache distribué
mercredi 7 mars 12
![Page 46: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/46.jpg)
mercredi 7 mars 12
![Page 47: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/47.jpg)
mercredi 7 mars 12
![Page 48: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/48.jpg)
Spring MVC / Security
mercredi 7 mars 12
![Page 49: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/49.jpg)
Authentification
Spring security 3.1 dispose d’un mode «stateless»
Qui ne fonctionne pas en authentification par formulaire
Solution : utiliser l’authentification «Remember Me»
<!> Uniquement en mode «Token»
mercredi 7 mars 12
![Page 50: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/50.jpg)
<http .... create-session="stateless"> .... <remember-me key="myRememberMeKey" /></http>
<form id='form' action="<c:url value="/j_spring_security_check"/>" method="POST">
<input type="hidden" value="true" name="_spring_security_remember_me" />
...</form>
TexteTexte
spring-security.xml
login.jsp
mercredi 7 mars 12
![Page 51: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/51.jpg)
Entité en cours de modification
Se passer du très utile @SessionAttributes
mercredi 7 mars 12
![Page 52: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/52.jpg)
1337AZERTYUIOP
pet com.myapp.Pet@566577
Serveur
GET /pet/573/chimpanzee
POST /pet
mercredi 7 mars 12
![Page 53: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/53.jpg)
1337AZERTYUIOP
pet com.myapp.Pet@566577
Serveur
GET /pet/573/chimpanzee
POST /pet
1 - Récupérer l’attribut en session2 - «Binding» à partir des données du POST3 - Appel de la méthode du contrôleur
mercredi 7 mars 12
![Page 54: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/54.jpg)
1337AZERTYUIOP
pet com.myapp.Pet@566577
Serveur
GET /pet/573/chimpanzee
POST /pet
1 - Récupérer l’attribut en session1 - Charger l’entité depuis la base de données2 - «Binding» à partir des données du POST3 - Appel de la méthode du contrôleur
mercredi 7 mars 12
![Page 55: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/55.jpg)
Une solution :
Annoter une méthode avec @ModelAttribute permet de l’insérer dans le traitement de la requête avant le «binding»
Cette méthode peut prendre les même paramètres qu’une méthode de Contrôleur
mercredi 7 mars 12
![Page 56: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/56.jpg)
Démo
mercredi 7 mars 12
![Page 57: Stateless is priceless](https://reader035.fdocuments.net/reader035/viewer/2022062405/5575d4d9d8b42a917e8b4c08/html5/thumbnails/57.jpg)
Questions ?
mercredi 7 mars 12