tags:

views:

84

answers:

2
+4  Q: 

Spring session-scoped beans (controllers) and references to services, in terms of serialization

  • a standard case - you have a controller (@Controller) with @Scope("session").
  • classes put in the session usually are expected to implement Serializable so that they can be stored physically in case the server is restarted, for example
  • If the controller implements Serializable, this means all Services (other spring beans) it is referring will also be serialized. They are often proxies, with references to transaction mangers, entity manager factories, etc.
  • It is not unlikely that some service, or even controller, hold a reference to the ApplicationCotnext, by implementing ApplicationContextAware, so this can effectively mean that the whole context is serialized. And given that it holds many connections - i.e. things that are not serializable by idea, it will be restored in corrupt state.

So far I've mostly ignored this issues. Recently I thought of declaring all my spring dependencies transient and getting them back in readResolve() by the static utility classes WebApplicationContextUtils and such that hold the request/ServletContext in a ThreadLocal. This is tedious, but it guarantees that when the object is deserialized, its dependencies will be "up to date" with the current application context.

Is there any accepted practice for this, or any guidelines for serializing parts of the spring context.

Note that in JSF, managed beans (~controllers) are stateful (unlike action-based web frameworks). So perhaps my question stands more for JSF, than for spring-mvc.

+2  A: 

Hi Bozho,

I would expect to scope controllers as 'singleton', i.e. once per application, rather than in the session.

Session-scoping is typically used more for storing per-user information or per-user features.

Normally I just store the 'user' object in the session, and maybe some beans used for authentication or such. That's it.

Take a look at the spring docs for configuring some user data in session scope, using an aop proxy:

http://static.springsource.org/spring/docs/2.5.x/reference/beans.html#beans-factory-scopes-other-injection

Hope that helps

amir75  2010-07-05 16:42:30
Sometimes it makes sense to have scoped controllers also. Not often, but sometimes.
skaffman  2010-07-05 16:53:57
my assumption is that controllers are often of request scope, as you store some per-request information there (i.e. not singleton).
Bozho  2010-07-05 18:23:50
Just curious, I've never used a session-scoped controller - what are some of the cases where it is useful?
matt b  2010-07-05 19:11:30
@Bozho, traditionally controllers/servlets should have no state
matt b  2010-07-05 19:11:54
@matt b - in spring-mvc, and traditional action-based frameworks, yes, I agree. But in JSF it's not that way. I updated my question to include JSF
Bozho  2010-07-05 19:34:54
Hi Bozho. It's nice to store as little as possible in the session, firstly as you mentioned about needing to make all your serializable, but also regarding session persistence. When you release a new version of your servlet, it's a pain to deal with invalidated sessions due to altered classes, such as services, controllers etc. It's nice to stick to a few pojos (such as a User class), which shouldnt change very often.
amir75  2010-07-05 22:53:58
+2  A: 

In this presentation (around 1.14) the speaker says that this issue is resolved in spring 3.0 by providing a proxy of non-serializable beans, which obtains an instance from the current application context (on deserialization)

Hans Westerbeek  2010-07-05 19:42:14
any change for a link? :)
Bozho  2010-07-05 20:00:51
Found it! http://www.infoq.com/presentations/Whats-New-in-Spring-3.0Scroll 1 hour into the movie
Hans Westerbeek  2010-07-05 20:38:15
Great. It explains exactly this issue. and it is resolved. Even without Configurable. I edited your answer to indicate that.
Bozho  2010-07-14 07:46:20
Maybe I'm doing something wrong, but if I try to serialize a SpringBean I get a NotSeralizable exception on the downstream DataSource (or other unserializable class). I watched the video, he claims it "just works". But I'm not seeing magic here in Spring 3.0.3.
David Parks  2010-10-19 05:58:21
serializing a datasource (eg a database connection) doesn't make much sense, I think. Consider what would happen when it is deserialized on 'the other side'. Would that machine still have a connection to the database?
Hans Westerbeek  2010-10-25 12:16:52

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java