Valve and Filter:
"Valve" is Tomcat specific notion, and they get applied at a higher level than anything in a specific webapp. Also, they work only in Tomcat.

"Filter" is a Servlet Specification notion and should work in any compliant servlet container. They get applied at a lower level than all of Tomcat's
Valves.

However, consider also the division between your application and the application server. Think whether the feature you're planning is part of your application, or is it rather a generic feature of the application server, which could have uses in other applications as well. This would be the correct criteria to decide between Valve and Filter.

Order for filter: The order in which they are defined matters. The container will execute the filters in the order in which they are defined.

posted @ 2010-05-10 10:39 honzeland 閱讀(1541) | 評論 (0) | 編輯收藏

Hibernate Annotations

Use one single table "blank_fields" for both A and B. "blank_fields" has fields: 'ref_id', 'blank_field', 'type'. 'type' is used to identify which entity the record belongs to. Use 'type' + 'ref_id' to specify the collection of elements for one entity.

@Entity
@Table(name = "table_a")
public class A {
    private Set<BlankField> blankFields = new HashSet<BlankField>();

    @CollectionOfElements
    @Fetch(FetchMode.SUBSELECT)
    @Enumerated(EnumType.ORDINAL)
    @JoinTable(name = "blank_fields", joinColumns = { @JoinColumn(name = "ref_id") })
    @Cascade(value = org.hibernate.annotations.CascadeType.DELETE_ORPHAN)
    @Column(name = "blank_field", nullable = false)
    @SQLInsert(sql = "INSERT INTO blank_fields(ref_id, blank_field, type) VALUES(?,?,0)")
    @Where(clause = "type=0")
    public Set<BlankField> getBlankFields() { // BlankField is an enum
        return blankFields;
    }

    @SuppressWarnings("unused")
    private void setBlankFields(Set<BlankField> blankFields) {
        this.blankFields = blankFields;
    }
} // End B

@Entity
@Table(name = "table_b")
public class B {
    private Set<BlankField> blankFields = new HashSet<BlankField>();

    @CollectionOfElements
    @Fetch(FetchMode.SUBSELECT)
    @Enumerated(EnumType.ORDINAL)
    @JoinTable(name = "blank_fields", joinColumns = { @JoinColumn(name = "ref_id") })
    @Cascade(value = org.hibernate.annotations.CascadeType.DELETE_ORPHAN)
    @Column(name = "blank_field", nullable = false)
    @SQLInsert(sql = "INSERT INTO blank_fields(ref_id, blank_field, type) VALUES(?,?,1)") // used for insert
    @Where(clause = "type=1") // used for query, if not @CollectionOfElements, such as @OneToMany, use @WhereJoinTable instead
    public Set<BlankField> getBlankFields() {
        return blankFields;
    }

    @SuppressWarnings("unused")
    private void setBlankFields(Set<BlankField> blankFields) {
        this.blankFields = blankFields;
    }
}

當然還有其他的方式來實現上面的需求，上面采用的單表來記錄不同實體的associations（這兒是CollectionOfElements，并且返回的是Set<Enum>，不是Set<Embeddable>)，然后用'type'來區分不同的實體，這樣做的好處是：數據庫冗余少，易于擴展，對于新的實體，只需加一個type值，而不需更改數據庫表結構。另外一種采用單表的方式是為每個實體增加新的字段，如"blank_fields": 'a_id', 'b_id', 'blank_field', a_id reference table_a (id), b_id reference table_b (id). 這樣在映射的時候更簡單，
對于A，映射為
@JoinTable(name = "blank_fields", joinColumns = { @JoinColumn(name = "a_id") })
對于B，映射為
@JoinTable(name = "blank_fields", joinColumns = { @JoinColumn(name = "b_id") })
這樣作的缺點是：帶來了數據庫冗余，對于blank_fields來講，任一條記錄，a_id和b_id中只有一個不為null。當多個實體共用這個表時，用上面的方法更合理，如果共用實體不多時，這種方法更方便。

posted @ 2010-04-20 17:20 honzeland 閱讀(454) | 評論 (0) | 編輯收藏

One Hibernate Session Multiple Transactions

The case to use One Hibernate Session Multiple Transactions:
each transaction would NOT affect others.
i.e., open multiple transactions on the same session, even though one transaction rolls back, other transactions can be committed. If one action fails, others should fail too, then we should use one transaction for all actions.

Note:
A rollback with a single Session will lead to that Session being cleared (through "Session.clear()").
So do lazy collections still work if the session is cleared? =>Not of any objects that you loaded up until the rollback. Only for new objects loaded afterwards.
We should load necessary objects to session for each transactional action to avoid LazyInitializationException, even if those objects are loaded before other forward transactional actions, since forward action may be rolled back and clear the session.

BTW, Hibernate Session.merge() is different with Session.update() by:

Item item2 = session.merge(item);
item2 == item; // false, item - DETACHED, item2 - PERSIST
session.update(item); // no return value, make item PERSIST

posted @ 2010-03-01 11:47 honzeland 閱讀(409) | 評論 (0) | 編輯收藏

org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only

發生這種異常的case:

    @Transactional
    public void foo() {
        try{
            bar();
        } catch (RuntimeException re) {
            // caught but not throw further

}

    }

    @Transactional
    public void bar() {

}

如果foo在調用bar的時候，bar拋出RuntimeException，Spring在bar return時將Transactional標記為Rollback only，而foo捕獲了bar的RuntimeException，所以Spring將會commit foo的事務，但是foo和bar使用的是同一事務，因此在commit foo事務時，將會拋出UnexpectedRollbackException。注意：如果foo和bar在同一class中，不會出現這種情況，因為：

Since this mechanism is based on proxies, only 'external' method calls coming in through the proxy will be intercepted. This means that 'self-invocation', i.e. a method within the target object calling some other method of the target object, won't lead to an actual transaction at runtime even if the invoked method is marked with @Transactional!

可以通過配置log4j來debug Spring事務獲取情況：
To delve more into it I would turn up your log4j logging to debug and also look at what ExerciseModuleController is doing at line 91, e.g.: add a logger for org.springframework.transaction

posted @ 2010-02-24 18:02 honzeland 閱讀(6983) | 評論 (0) | 編輯收藏

Discussion for Open Session In View Pattern for Hibernate

From: http://www.mail-archive.com/stripes-users@lists.sourceforge.net/msg02908.html

posted @ 2010-01-29 17:20 honzeland 閱讀(212) | 評論 (0) | 編輯收藏

Quartz scheduled executions

這周被Quartz折騰了一番。
我們知道，Quartz采用JobDataMap實現向Job實例傳送配置屬性，正如Quartz官方文檔說的那樣：

How can I provide properties/configuration for a Job instance? The key is the JobDataMap, which is part of the JobDetail object.
The JobDataMap can be used to hold any number of (serializable) objects which you wish to have made available to the job instance when it executes.
JobDataMap map ＝ context.getJobDetail().getJobDataMap();

我們通過map向Job實例傳送多個objects，其中有一個是個bean，一個是基本類型。對于scheduled triggers，我們要求bean對于所有的序列都不變，包括其屬性，而基本類型可以在Job運行過程中改變，并影響下一個序列。實際情況是，對于下個序列，bean的屬性被上次的修改了，而基本類型卻維持第一次put到Map里面的值。正好和我們要求的相反。

受bean的影響，以為map里面包含的都是更新的對象，即每個序列里面的JobDetail是同一個對象，但是基本類型的結果否認了這一點。回頭重新翻閱了下Quartz的文檔：

Now, some additional notes about a job's state data (aka JobDataMap): A Job instance can be defined as "stateful" or "non-stateful". Non-stateful jobs only have their JobDataMap stored at the time they are added to the scheduler. This means that any changes made to the contents of the job data map during execution of the job will be lost, and will not seen by the job the next time it executes.

Job有兩個子接口：StatefulJob and InterruptableJob，我們繼承的是InterruptableJob，或許Quartz應該有個InterruptableStatefulJob。另外StatefulJob不支持并發執行，和我們的需求不匹配，我們有自己的同步控制，Job必須可以并發運行。

然后查看了Quartz的相關源碼：

// RAMJobStore.storeJob
public void storeJob(SchedulingContext ctxt, JobDetail newJob,
            boolean replaceExisting) throws ObjectAlreadyExistsException {
        JobWrapper jw = new JobWrapper((JobDetail)newJob.clone()); // clone a new one

.
jobsByFQN.put(jw.key, jw);

}

也就是說，store里面放的是初始JobDetail的克隆，在序列運行完時，只有StatefulJob才會更新store里面的JobDetail：

// RAMJobStore.triggeredJobComplete
public void triggeredJobComplete(SchedulingContext ctxt, Trigger trigger,
            JobDetail jobDetail, int triggerInstCode) {
    JobWrapper jw = (JobWrapper) jobsByFQN.get(jobKey);

    if (jw != null) {
        JobDetail jd = jw.jobDetail;
        if (jd.isStateful()) {
            JobDataMap newData = jobDetail.getJobDataMap();
            if (newData != null) {
                newData = (JobDataMap)newData.clone();
                newData.clearDirtyFlag();
            }
            jd.setJobDataMap(newData); // set to new one

}

然后，每次序列運行時所用的JobDetail，是存放在Store里面的克隆。

// RAMJobStore.retrieveJob
public JobDetail retrieveJob(SchedulingContext ctxt, String jobName,
        String groupName) {
    JobWrapper jw = (JobWrapper) jobsByFQN.get(JobWrapper.getJobNameKey(
        jobName, groupName));
    return (jw != null) ? (JobDetail)jw.jobDetail.clone() : null; // clone a new
}

問題很清楚了，存放在Store里面的JobDetail是初始對象的克隆，然后每個序列所用的JobDetail，是Store里面的克隆，只有Stateful job，Store里面的JobDetail才更新。
最有Quartz里面使用的clone():

// Shallow copy the jobDataMap. Note that this means that if a user
// modifies a value object in this map from the cloned Trigger
// they will also be modifying this Trigger.
if (jobDataMap != null) {
copy.jobDataMap = (JobDataMap)jobDataMap.clone();
}

所以對于前面所講的，修改bean的屬性，會影響所有clone的對象，因此，我們可以將基本類型封裝到一個bean里面，map里面存放的是bean，然后通過修改bean的屬性，來達到影響下一個序列的目的。

posted @ 2010-01-21 17:38 honzeland 閱讀(409) | 評論 (0) | 編輯收藏

Web application design: the REST of the story

From: Web application design: the REST of the story
Key points:

HTTP is a very general, scalable protocol. While most people only think of HTTP as including the GET and POST methods used by typical interactive browsers, HTTP actually defines several other methods that can be used to manipulate resources in a properly designed application (PUT and DELETE, for instance). The HTTP methods provide the verbs in a web interaction.
Servers are completely stateless. Everything necessary to service a request is included by the client in the request.
All application resources are described by unique URIs. Performing a GET on a given URI returns a representation of that resource's state (typically an HTML page, but possibly something else like XML). The state of a resource is changed by performing a POST or PUT to the resource URI. Thus, URIs name the nouns in a web interaction.

posted @ 2010-01-08 14:50 honzeland 閱讀(254) | 評論 (0) | 編輯收藏

實話實說：應用型和研究性

剛剛看CCTV實話實說，很有感觸，義烏技術職業學院給人眼前一亮，尤其是他們副院長的一番言論。
技術職業學院非得要升本科，本科非要成清華，義烏職業技術學院副院長評價當前高校的現狀，定位嚴重有問題，技術職業學院應該培養應用型人才，而清華就應該培養研究性人才，兩種學校的定位不能一樣，培養方式，評判標準都應該不同，而現在大多數高校的定位都一樣，這是不對的。個人非常贊同這個觀點，其實，這個觀點也可以應用到我們這些剛開始工作的年輕人身上，消除浮躁，找準定位，然后沿著定位踏實做事，并且應該采取相應的評判標準，這個很重要。

posted @ 2009-04-12 19:35 honzeland 閱讀(127) | 評論 (0) | 編輯收藏

SCEP(Simple Certificate Enrollment Protocol)

1. RFC documents

SCEP draft 18

PKCS #10: Certification Request Syntax Specification

PKCS #7: Cryptographic Message Syntax

2. SCEP operations

```
PKIOperation:      
```

Certificate Enrollment - request: PKCSReq, response: PENDING, FAILURE, SUCCESS

Poll for Requester Initial Certificate - request: GetCertInitial, response: same as for PKCSReq

Certificate Access - request: GetCert, response: SUCCESS, FAILURE

CRL Access - request: GetCRL, response: raw DER encoded CRL

Non-PKIOperation: clear HTTP Get

Get Certificate Authority Certificate - GetCACert, GetNextCACert, GetCACaps

Get Certificate Authority Certificate Chain - GetCACertChain

3. Request message formats for PKIOperation

Common fields in all PKIOperation messages:

```
senderNonce
```
```
transactionID
```
the SCEP message being transported(SCEP messages) -> encrypted using the public key of the recipient(Enveloped-data)
-> signed by one of certificates(Signed-data): the requester can generate a self-signed certificate, or the requester can use
a previously issued certificate, if the RA/CA supports the RENEWAL option.

SCEP messages:

```
PKCSReq: PKCS#10
```
GetCertInitial: messages for old versions of scep clients such as Sscep, AutoSscep, and Openscep, are different with draft-18
       issuerAndSubject ::= SEQUENCE {
           issuer Name,
           subject Name
       }

GetCert: an ASN.1 IssuerAndSerialNumber type, as specified in PKCS#7 Section 6.7

GetCRL: an ASN.1 IssuerAndSerialNumber type, as defined in PKCS#7 Section 6.7

posted @ 2009-02-17 14:18 honzeland 閱讀(1709) | 評論 (2) | 編輯收藏

RAM percentage utilised in Linux

--zz: http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1230261484567+28353475&threadId=1213960

Question:
We are planning to calculate the percentage of physical memory utilised as below:

System Page Size: 4Kbytes
Memory: 5343128K (1562428K) real, 13632356K (3504760K) virtual, 66088K free Page# 1/604

Now the formula goes as below:

(free memory / actual active real memory) * 100
(66088/1562428) * 100 = 4.22 %

Please let us know if its the correct formula .

Mainly we are interested in RAM percentage utilised

Reply 1:
Red Hat/Centos v 5 take spare ram and use it for a buffer cache.

100% memory allocation is pretty meaningless because allocation is almost always near 100%. The 2.6.x kernel permits rapid re-allocation of buffer to other purposes eliminating a performance penalty that you see on an OS like HP-UX

I'm not thrilled with your formula because it includes swap(virtual memory). If you start digging too deep into virtual memory, your system start paging processes from memory to disk and back again and slows down badly.

The formula is however essentially correct.

Reply 2:
Here, a quick example from the machine under my desk:
Mem: 3849216k total, 3648280k used, 200936k free, 210960k buffers
Swap: 4194296k total, 64k used, 4194232k free, 2986460k cached

If the value of 'Swap used' is up (i.e. hundreds of megabytes), then you've got an issue, but as you can see, it's only 64k here.
Your formula for how much memory is used is something along the lines of this:

(Used - (Buffers + Cached) / Total) * 100 = Used-by-programs%
(Free + Buffers + Cached / Total) * 100 = Free%

.. Roughly ..

posted @ 2008-12-26 12:08 honzeland 閱讀(271) | 評論 (0) | 編輯收藏

GWT/Tomcat will re-call servlet.

昨天遇到個非常奇怪的bug：更新了一下后臺的代碼，結果每次點擊頁面都會導致servlet方法調用兩次，從而頁面報錯（邏輯上不讓調兩次），我們的前臺采用gwt，servlet engine采用tomcat，debug的時候，斷點放在servlet所調用的method上，結果invoke兩次，由此斷定，前臺代碼的問題（有點武斷哦

），然后負責前臺的同事debugging前臺的代碼，噼里啪啦半天。。。，說是前臺好像沒有調兩次（之所以用好像，是debugging時部分代碼走兩次，部分走一次），而我當時的想法是，后臺怎么操作，也不至于讓servlet調用兩次吧，所以我個人就認定是前臺邏輯導致重復rpc調用（gwt），但是這個bug在這兩天才出現的，從svn的歷史記錄來看，前臺代碼在這兩天基本沒什么改變，同事只好從svn上一個version接一個version的check，最后確定出兩個相鄰的versions，前一個能用，后一個出bug，這時我隱約感覺到是后臺的問題，但是還是想不明白，后臺的邏輯怎么就能讓前臺重復調用，非常不解，沒辦法，在同事的建議下，在servlet的那個method上加上一條debug信息，做了兩次試驗，一次是完整的代碼，一次是把method中調用后臺的接口注釋掉，結果從日志上看出，前一次試驗debug信息打印了兩次，后一次試驗debug只打印了一次，此時，確定是后臺邏輯影響了前臺的調用（此時，覺得走彎路了，為什么不早點做這個試驗，其實確定是前臺還是后臺的問題，只需要做這樣一個簡單的試驗。。。）。接下來，我思考的就是到底是什么在作怪呢，對比svn上的兩個版本，只有兩處可能的改動，一處是將return改成throw exception, 一處是調用了Thread.currentThread.interrupt()，我一個感覺是后者，注掉這句后，一切OK，呵呵，慶幸沒有先嘗試前者，要不改動很大，。。。

剛剛看了gwt的源碼，還沒找到問題的根源，我的觀點是，thread接收到interrupt信號時，會重復發送rpc調用，（呵呵，還沒確定）。。。

posted @ 2008-12-04 10:26 honzeland 閱讀(1213) | 評論 (0) | 編輯收藏

感覺到了責任。。。

    最近心情不是很好，上周三，父親的一次意外，給家里本來平靜的生活帶來了很大的波瀾，我也第一次感受到來自于家庭的壓力，由此帶來的一系列問題，一直縈繞著我，責任，responsibility，是這幾天我告誡自己最多的一個詞，是啊，該到了承受家庭責任的時候了。
    父親的這次意外，揪住了全家人的心，我也更多的為兩位老人思考了，這兩天，老想起一句話：人只有經歷的多了，才能成熟。我很喜歡類比，其實就跟我們做數學題一樣，看的多了，做的多了，考試的時候才能迎刃而解，什么東西，或許只有自己親身經歷，才能體會其中的更多細節，才能激發更多的收獲。
    祝福父親的身體早日康復，bless。。。

posted @ 2008-06-25 21:49 honzeland 閱讀(283) | 評論 (3) | 編輯收藏

命運。。。

   最近，時不時地回想自己這一路的教育經歷，使得我越來越相信——命運！
   總體來說，我自認為我這一路上走的太順利，缺少更多的經歷，缺少一些該有的挫折！
   但是，順利歸順利，在兩次作抉擇的時候，隨機的選擇決定現在的方向！一次當然是過獨木橋——高考，另一次是碩士入學時選擇導師！兩次選擇都很隨意，甚至于無意，尤其是第二次。第一次的隨意更多的是無知，而第二次的無意，卻源于自己的不適應。隨意帶來了大學時代的混亂，無意卻給自己帶來了意外的收獲，人生無常，命運有數。
   高考時，分數超出了自己的預料，志愿填的有些草率，一方面，是因為自己的年輕和無知，另一方面是由于周圍缺少必要的指點，填的很倉促，很隨意，非常的“高效”。正值00年高校擴招猖獗之時，我所填報的學校就是由三個學校合并而成，并且是在高考的前兩個月宣布合并的，其中有兩個合并之前不是一本，但是合并之后，肯定都是一本了。我當時選報了自動化這個專業，當時填的時候就因為高中班主任說了一聲：“現在自動化是一個很好的方向。”然而，此時命運開始現數，其中有兩個學校都有自動化這個專業，一個之前就是一本（合并后，稱之為‘校本部’，不知道這個是什么意思，或許我要去查查字典，好好揣測一下本部的含義。），另一個是三個學校中最差的一個，報道那天才知道有兩個自動化，但是由于剛合校，還沒來得及合并專業，當時就想，我該在哪個校區的自動化呢？最后隨著師長的指引，我被校車拉到了分校區，也就是那個最差的了，一路上，還在思索兩個自動化的分配算法，還是直到開學一個月以后，一次偶然的機會，才得知：兩個自動化是根據當時各省分數的交替順序分配，安徽省生源的第一名在本部，第二名在分校區，第三名本部，第四名分校區。。。。只能怪自己被動的排在了一個偶數的序位上，如果用一個函數來表示這個序位的話，其自變量的個數還是蠻多的，當年安徽省報考該校該專業的人生，你在這些人中的名次，另外還有，我還不太確定的因素，但是我能確定因素的存在。。。
   后來，進一步得知，分校區的自動化之前沒有，我們是第一屆，當時在合校之前就已經確定要新增這個專業，合的時候，各個學校的招生計劃都沒變，只是將三個計劃簡單的數學累加，現在看來，合校是多么的可笑，一個學校從任意層次可以一下成為中國最好的學校，只要清華愿意合并它，而合并后再很長一段時間，那個學校除了學生的層次提高之外，沒有任何的改變，教師還是那些教師，設施還是那些設施，思想還是那些思想，我不知道這可不可以稱之為赤裸裸的搶劫，它無視了那些默默地而踏踏實實前進的高校，助長了一些不公正的風氣，或許正應了中國當時浮躁的社會氛圍。
   就這樣在這度過了自己的三年大學時光，就在最后一個大學暑假之前，學校經過三年的發展和磨合，決定將我們這個專業撤銷，統一合并到本部去，我們被迫搬回了第一天報道的地方，其實兩個自動化的方向是不一樣的，或許我們要慶幸，我們學習了兩個專業，在大學的四年中，但是或許，更多的人可能會埋怨兩個方向影響了自己的學習，其實，我想，大多數的人根本不在于什么方向，什么專業了，一個大框架的混亂，注定了最終的結果，就像當前的中國足球。。。
   我要說的是，其實我在大學中過得很愉快，我認識了一批很好的同學，我經歷了到目前為止最好的一段時光，雖然期間有很多遺憾，比如沒談一次戀愛。。。我想這段時光勢必會在我的記憶集合中占據非常重要的一塊。這里，我只不過是要論述命運有數，這樣的一個過程多少還是影響了我的人生軌跡。
   下面要談論我的第二次抉擇，碩士時選擇導師。大學畢業時，我選擇了繼續就讀，一切都很順利，到了04年9月，我來到了新的學校，在合肥，這兒離家很近，因為我是安徽人，經歷了大學時回家的艱辛，再加上我又是個比較戀家的人。剛入校，就遇到了一個。。。。

明天繼續。。。。

posted @ 2008-06-15 23:08 honzeland 閱讀(174) | 評論 (1) | 編輯收藏

Useful Links: ing...

About Java:
http://www.theserverside.com
http://www.javablogs.com
http://www.java2s.com
Java(TM) Platform Performance: Strategies and Tactics
A Simple Data Access Layer using Hibernate
Discover the secrets of the Java Serialization API
Setting up two-way (mutual) SSL with Tomcat on Java5
Basic Tomcat Tour and Tomcat Security
When Runtime.exec() won't
Asynchronous processing support in Servlet 3.0
About security:
The Types Of Digital Certificates
Cryptography Lecture PPT
MD5 considered harmful today
Cryptography Tutorials - Herong's Tutorial Notes
Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML
Cryptography resources by Bouncycastle
Others:
Colors for the webColors for the web
Test Frameworks
Lightstreamer: a scalable and reliable Server for pushing live data to Rich Internet Applications
工資計算器2009版

posted @ 2008-06-03 15:09 honzeland 閱讀(286) | 評論 (0) | 編輯收藏

Vim使用技巧，長期更新中。。。

1. 多行注釋:
ctrl+v 進入列模式,向下或向上移動光標,把需要注釋的行的開頭標記起來,然后按大寫的I,再插入注釋符,比如#,再按esc,就會全部注釋了.

posted @ 2008-05-31 17:22 honzeland 閱讀(287) | 評論 (0) | 編輯收藏

Managing HttpSession Objects

zz: java.sys-con.com

Java servlet technology provides developers with functionality, scalability, and portability that can't be found in other server-side languages. One feature of the Java servlet specification that's commonly used, and sometimes misused, is the HttpSession interface. This simple interface allows you to maintain a session or state for Web site visitors.

In my previous article ("Introduction to Session Management," [JDJ, Vol. 7, issue 9]), I introduced you to session management and the HttpSession interface. In that article, we walked through using the HttpSession API to create, use, and destroy session objects for Web site visitors. The next step is to better understand how to manage the sessions and those objects in a session. This article will help you achieve this by helping you understand the following concepts:

Code-based session management through listeners
Proper design of the session and the objects it contains
Controlling what is in the session and why it's there
Session persistence
Memory management

The Java APIs discussed in this article are from Sun's Java Servlet 2.3 specification.

Listeners
A listener is an object that's called when a specified event occurs. There are four listener interfaces that allow you to monitor changes to sessions and the objects that are in those sessions:

HttpSessionListener
HttpSessionBindingListener
HttpSessionAttributeListener
HttpSessionActivationListener

Figure 1 provides a method summary for each of the listener interfaces. The implementing class that you write will override these methods to provide the functionality you need.

HttpSessionListener
The HttpSessionListener interface is used to monitor when sessions are created and destroyed on the application server. Its best practical use would be to track session use statistics for a server.

The use of HttpSessionListener requires a configuration entry in the deployment descriptor, or web.xml file, of the application server. This entry points the server to a class that will be called when a session is created or destroyed. The entry required is simple. All you need is a listener and listener-class element in the following format. The listener-class element must be a fully qualified class name.

<listener>
<listener-class>package.Class</listener-class>
</listener>

As you can see in Figure 1, the class that implements this listener can override two methods: sessionCreated() and sessionDestroyed(). These methods will be notified when the server creates or destroys a session.

These methods take an HttpSessionEvent object as a parameter. HttpSessionEvent is simply a class that represents notifications of changes to the Web application's sessions. HttpSessionEvent has one method, getSession(), that returns the HttpSession object that's been modified.

HttpSessionBindingListener
The HttpSessionBindingListener interface is implemented when an object needs to be notified if it's being bound to a session or unbound from a session.

This interface has two methods, valueBound() and valueUnbound(), that are notified when the status of the object has changed (see Figure 1).

These methods have an HttpSessionBindingEvent parameter that can be used to retrieve the session that the object was bound to and the name it was given in the session. In Figure 2, you can see the methods of this object that are used to get the name that's assigned to the object, the session it's bound to, and the actual object.

HttpSessionAttributeListener
The HttpSessionAttributeListener interface is used to monitor changes to attributes in any session on the server. This can be useful when you know the name assigned to a specific object that gets put into the session and you want to track how often it's being used.

As with HttpSessionListener, HttpSessionAttributeListener also requires an entry in the deployment descriptor for the server. This entry tells the server which class to call when an attribute in a session has changed.

The HttpSessionAttributeListener interface has three methods - attributeAdded(), attributeRemoved(), and attributeReplaced(). These methods, shown in Figure 1, are called by the server when attributes of a session are changed.

HttpSessionActivationListener
The final listener, HttpSessionActivationListener, is implemented when an object needs to know if the session that it's bound to is being activated or passivated (moved). You would come across this scenario if your session is being shared across JVMs or your server is persisting the session in a database or file system.

This interface, displayed in Figure 1, has two methods that are overridden by the implementing class: sessionDidActivate() and sessionWillPassivate(). These methods are called when the status of the session in a JVM is changed.

Session Persistence
Today's J2EE-compliant servers allow for fault-tolerance and failover to provide support in the event that a server suddenly becomes unavailable because of hardware, software, or network failure. This support is usually provided by allowing two or more application servers, often called a cluster, to run together and provide backup support for each other. If one server fails, the others pick up the requests and continue on as if nothing happened. This allows your Web site visitors to keep going without interruption.

A proxy server is usually used in front of the application servers. This server is responsible for directing each HTTP request to the appropriate server. The proxy server can be set up to ensure that the server receiving the first request from a user will continue to receive all subsequent requests from that user. This means that a session created for the user on the application server will continue to be available for that user. If the server suddenly fails, there has to be a system in place to allow the session to continue on without it.

Session persistence allows the session contents to be saved outside the application server so that other servers can access it. Figure 3 shows the relationship between the persisted session data and the application servers that access it. In this figure, you see a client accessing a Web site's HTTP server. The HTTP server is forwarding requests for application resources to one of the application servers through the use of a proxy server. The application servers are persisting the session data in an external form.

There are four types of session persistence:

Memory persistence (one server or a cluster of two or more)
File system persistence
Database persistence
Cookie persistence

Every application server will handle session persistence differently and all servers may not support all types of persistence. Objects that are placed in the session must be serializable for persistence to work.

Memory Persistence
In most cases, a single standalone server will store sessions in memory. This allows for fast retrieval and update of the information. It also means that the session information will be lost when the server is shut down. This is usually the default configuration on most application servers. Memory persistence can be used when two or more servers need to share the session information. The application servers can be configured to share any changes made to the session so that the information is available on multiple servers. This redundancy of the session information helps the cluster preserve the session during a failure.

File System Persistence
File system persistence can be used to serialize any objects that are in the session. The object contents are placed in a file on the server. The location of the files created is configurable; however, the files must be accessible by all the servers in the cluster. The speed at which the file system is accessed can be a factor in the performance of your Web site. A slow disk drive, for example, would result in a delay as data is read from or written to the file.

Database Persistence
Database persistence can be used to provide a central data store for the session contents. Each application server in the cluster must be able to access the database. When sessions are modified, the changes are immediately persisted in the database. A data source is usually set up for JDBC persistence and the connections are pooled. This provides a quicker response. There's also the issue of database failover, which would be addressed at the database level of the system.

Cookie Persistence
The fourth type of session persistence, cookie persistence, is so ineffective and insecure that it doesn't deserve consideration when designing a fail-safe system. Cookie persistence, as the name implies, persists session data by storing the session information in browser cookie(s). There's a limitation on data handling because cookies store only text, not objects, and the amount of data that can be transmitted in a cookie is limited. There's also the fact that cookies transmit data back and forth between the client and the server. This prevents you (at least it should) from saving sensitive information, like a social security number. This type of persistence should be used in only the smallest of Web sites, and only if there's a good reason not to store the session in memory.

The most common type of persistence is database persistence. It provides an efficient way of saving session data and it's usually fairly easy to set up on the application server. Memory persistence in a cluster is also easy to use, if your application server supports it. The only drawback is that sessions can sometimes hold large amounts of data. Storing the session in memory reduces the amount of memory available to the other processes on the server. File system persistence can be slow at times and the file system may not always be accessible to multiple servers.

Watching the Session Size
As you and your fellow employees work on a Web application, you may notice that more and more objects are being thrown into the session, often "for convenience" or "just temporarily." The session becomes a quick catch-all for any information you need to get from your servlets to your JSPs. The HttpSession interface makes sessions easy to use, which can lead to the session being overused. This is a concern because the session takes up space. In most cases that would be memory space. In other cases, it could be database or file system space. In all cases, it means more work for the server and more work for the programmers to manage what is there.

Although the session is convenient because it's accessible from every servlet or JSP, it's not always the best place to put information. Most of the data that's retrieved for display in a Web application will only be used on one page. Instead of putting the information into the session scope, use the request scope and then forward the request from the servlet to the JSP. This causes the objects to be destroyed after the request has ended, which is after the data is displayed by the JSP. If you put the objects into the session, you would either have to remove them in your code or leave them there. Leaving objects in the session is not a good idea because you're using up valuable resources for no reason. This becomes even more of an issue when your Web site has hundreds or thousands of visitors, all of whom have a session that's loaded with objects.

Some objects should be stored in the session. Objects that may be needed over and over again as a user moves through a Web site are those that should be put into the session. Anything that needs to exist longer than one request can be stored in the session, as long as these objects are removed as soon as they're no longer needed.

Considerations for Managing Sessions
When working with sessions, there are a few things to consider before designing or redesigning a Web application:

Are sessions needed in the application?
How long should the session be inactive before timing out?
Are all the objects in the session serializable?
Are the objects being bound to the session too large?
Do the objects that are in the session really need to be there?

A Need for Sessions
If you have unique users on a Web site and need to know who they are or need to get specific information to them, such as search results, then you should be using sessions. If you follow the guidelines set here, there's no reason not to use the HttpSession interface that Java provides. It's easy to use, flexible, secure, and it helps you to build a better Web site.

There's another architecture that deals with maintaining state for a client. Instead of relying on the HttpSession interface, state for clients can be maintained within Enterprise JavaBeans (EJBs). The EJB architecture takes the business logic for an application and places it in components or beans. A session bean is a type of EJB that exists for a given client/server session and provides database access or other business logic, such as calculations. Session beans can be stateless or they can maintain the state for a client, very much like an HttpSession object.

There is still some debate over where the state for a Web site visitor should be maintained. The best design for the application at this time is to continue using the HttpSession object for maintaining the state of the presentation layer of the Web application and to use stateful EJBs to maintain the state of the business logic and data layer. There are many other factors that should be considered with EJBs, one being the better performance of stateless beans over those that maintain state. These issues, which are outside the scope of this article, should be considered carefully when architecting an application.

Session Timeout
By default, on most servers the session is set to expire after 30 minutes of inactivity. The amount of time can be configured in the deployment descriptor of the Web application. The HttpSession API also provides a setMaxInactiveInterval() method that you can use to specify the timeout period for a session. The getMaxInactiveInterval() method will return this timeout value. The value given is in seconds.

The length of time will vary depending on what your visitors are doing on your site. If they're logging in to check their account balance, a shorter session timeout period can be used because it doesn't take long for a person to read a couple of numbers. If, on the other hand, the user is logging in to read large amounts of data, you need to be sure that you provide enough time for the user to do what he or she wants without being logged out. If the user is constantly navigating through your site, the session will last indefinitely.

Implement Serializable
It's important to make sure that all objects placed in the session can be serialized. This may not be an issue if you know that your Web application will not run in a cluster, but it should still be done anyway. What happens if your Web site grows too big for one server and you suddenly have to move to two? If you implement Serializable in your code now, you won't have to go back and do it later.

Keep It Simple
You should design objects that are going to be placed into a session so that they're not too big and don't contain unnecessary information. A JavaBean that contains a customer's name, address, phone number, e-mail address, credit card numbers, and order history should not be placed into the session if you're only going to use the object to get the customer's name.

Session Contents
When you're working on a Web site, it's important to know which objects are in the session and why they're needed. The size of the session should be kept as small as possible. If you're building a new Web site, work out ahead of time what goes in the session, why it's there, and where it gets removed. If you're redesigning an existing site, this may be a little tougher, especially when you have hundreds of servlets and JSPs to deal with. In this case, try implementing an HttpSessionAttributeListener to get an idea of what is going into the session. With this information, you may be able to better manage your sessions.

Conclusion
Hopefully this article helped you to better understand the design issues involved in using the HttpSession interface. Java provides a more robust session implementation than other languages. It's because of this power and flexibility that you must take the time to properly lay out the use of the session. A well-designed session will help make a Web application better for the programmers and the users.

References

Hall, M. (2002). More Servlets and JavaServer Pages. Prentice Hall PTR.

Java Servlet Technology: http://java.sun.com/products/servlet

Enterprise JavaBeans Technology: http://java.sun.com/products/ejb

Java BluePrints (J2EE): http://java.sun.com/blueprints/guidelines/ designing_enterprise_applications

另外，還有一些收集的材料
關于HttpSession的誤解實在是太多了，本來是一個很簡單的問題，怎會搞的如此的復雜呢？下面說說我的理解吧：
1、HTTP協議本身是“連接-請求-應答-關閉連接”模式的，是一種無狀態協議（HTTP只是一個傳輸協議）；
2、Cookie規范是為了給HTTP增加狀態跟蹤用的（如果要精確把握，建議仔細閱讀一下相關的RFC），但不是唯一的手段；
3、所謂Session，指的是客戶端和服務端之間的一段交互過程的狀態信息（數據）；這個狀態如何界定，生命期有多長，這是應用本身的事情；
4、由于B/S計算模型中計算是在服務器端完成的，客戶端只有簡單的顯示邏輯，所以，Session數據對客戶端應該是透明的不可理解的并且應該受控于服務端；Session數據要么保存到服務端（HttpSession），要么在客戶端和服務端之間傳遞（Cookie或url rewritting或Hidden input）；
5、由于HTTP本身的無狀態性，服務端無法知道客戶端相繼發來的請求是來自一個客戶的，所以，當使用服務端HttpSession存儲會話數據的時候客戶端的每個請求都應該包含一個session的標識(sid, jsessionid 等等)來告訴服務端；
6、會話數據保存在服務端（如HttpSession）的好處是減少了HTTP請求的長度，提高了網絡傳輸效率；客戶端session信息存儲則相反；
7、客戶端Session存儲只有一個辦法：cookie(url rewritting和hidden input因為無法做到持久化，不算，只能作為交換session id的方式，即a method of session tracking)，而服務端做法大致也是一個道理：容器有個session管理器（如tomcat的 org.apache.catalina.session包里面的類），提供session的生命周期和持久化管理并提供訪問session數據的 api；
8、使用服務端還是客戶端session存儲要看應用的實際情況的。一般來說不要求用戶注冊登錄的公共服務系統（如google）采用 cookie做客戶端session存儲（如google的用戶偏好設置），而有用戶管理的系統則使用服務端存儲。原因很顯然：無需用戶登錄的系統唯一能夠標識用戶的就是用戶的電腦，換一臺機器就不知道誰是誰了，服務端session存儲根本不管用；而有用戶管理的系統則可以通過用戶id來管理用戶個人數據，從而提供任意復雜的個性化服務；
9、客戶端和服務端的session存儲在性能、安全性、跨站能力、編程方便性等方面都有一定的區別，而且優劣并非絕對（譬如TheServerSide號稱不使用HttpSession，所以性能好，這很顯然：一個具有上億的訪問用戶的系統，要在服務端數據庫中檢索出用戶的偏好信息顯然是低效的，Session管理器不管用什么數據結構和算法都要耗費大量內存和CPU時間；而用cookie，則根本不用檢索和維護session數據，服務器可以做成無狀態的，當然高效）；
reply1:
不過我們也不能在session里面放入過多的東西
一般來說不能超過4K
太多了
對系統資源是一個很嚴重的浪費
reply2:
4K已是很大的一個數字了。
我一般喜歡寫一個類。封裝用戶登陸后的一些信息。
然后把這個類放在session中，取得直接用類的方法取相關信息，

posted @ 2008-05-21 15:49 honzeland 閱讀(294) | 評論 (0) | 編輯收藏

導航

留言簿(4)

隨筆分類

文章分類

收藏夾

隨筆檔案

文章檔案

閱讀排行榜

評論排行榜

常用鏈接

統計

Famous Websites

Java

Linux

P2P

最新評論

Oracle Performance Tuning for 10gR2, Second Edition -- http://www.amazon.com/Oracle-Performance-Tuning-10gR2-Second/dp/1555583458

Load Average:

1. http://www.teamquest.com/resources/gunther/display/5/index.htm 2. http://blog.scoutapp.com/articles/2009/07/31/understanding-load-averages (Great)

1. http://www.teamquest.com/resources/gunther/display/5/index.htm
2. http://blog.scoutapp.com/articles/2009/07/31/understanding-load-averages (Great)