Java 微服务中的会话管理
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/32741333/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Session Management in microservices
提问by Fahim Farook
We have the following setup.
我们有以下设置。
- STM (Stingrey Traffic Manager) does load balancing + session stickiness
- Weblogic 'cluster'
- Auth handled by a third party tool
- STM(Stingrey Traffic Manager)做负载均衡+会话粘性
- 网络逻辑“集群”
- 由第三方工具处理的身份验证
Therefore I do not have to worry about session with regards to horizontal scaling/ running multiple instances of the application. STM/ Weblogic cluster makes sure that the subsequent request come to same managed server.
因此,我不必担心与水平扩展/运行应用程序的多个实例有关的会话。STM/Weblogic 集群确保后续请求来自同一托管服务器。
What we currently have is a monolithic application and we are trying to move to microservices. Also we do not wan't to move out of current infrastructure (i.e. STM/ Weblogic cluster/ Auth tool). What we have planned is:
我们目前拥有的是一个单体应用程序,我们正在尝试转向微服务。此外,我们不想搬出当前的基础设施(即 STM/Weblogic 集群/身份验证工具)。我们的计划是:
- A Gateway WAR which routes requests to other microservices
- N x Microservices (WAR) for each functional sub-domain
- Only the API Gateway receives user requests and other microservices are not accessible from outside
- 将请求路由到其他微服务的网关 WAR
- 每个功能子域的 N x 微服务 (WAR)
- 只有 API Gateway 接收用户请求,其他微服务无法从外部访问
So my question is
所以我的问题是
- Should API Gateway be state-full while other microsevices are stateless?
- If so, how should the user session data be shared between API Gateway and microservices?
- API 网关应该是有状态的,而其他微服务是无状态的吗?
- 如果是这样,API网关和微服务之间应该如何共享用户会话数据?
Please suggest any better alternatives and resources/links as well. Thanks.
请提出任何更好的替代方案和资源/链接。谢谢。
采纳答案by Mark Bramnik
Let me share my opinion.
让我分享一下我的看法。
First of all, if you can keep your application stateless, by all means do so :) It will be the best solution in terms of both performance and scalability.
首先,如果您可以让您的应用程序保持无状态,请务必这样做:) 这将是性能和可伸缩性方面的最佳解决方案。
Now, if its impossible, then you should maintain some distributed session management layer.
现在,如果不可能,那么您应该维护一些分布式会话管理层。
The gateway responsible for authentication could generate some unique session identifier which could later be used as a key. This key could be propagated to all the microservices and be a part of the API or something.
负责身份验证的网关可以生成一些唯一的会话标识符,以后可以将其用作密钥。这个密钥可以传播到所有微服务,并成为 API 或其他东西的一部分。
In order to access the session, the microservice could 'get' value by key and work with it.
为了访问会话,微服务可以通过键“获取”值并使用它。
In terms of implementation: I would take a look on NoSQL solutions. Some of them that can suit your need are:
在实现方面:我会看看 NoSQL 解决方案。其中一些可以满足您的需求的是:
- Redis. Take a look on ''hset'' there
- Hazelcast. Its more a in-memory grid but if the solution is java only, you can also implement the required functionality
- Memcache.d. It will give you an old good map, just distributed :)
There are also other solutions I believe.
我相信还有其他解决方案。
Now, the performance is crucial here, otherwise the whole solution will be just too slow. So In my understanding, using an RDBMS would be not be good here, moreover potentially it would be harder to scale it out.
现在,性能在这里至关重要,否则整个解决方案将太慢。因此,在我看来,在这里使用 RDBMS 并不好,而且扩展它可能会更困难。
Hope this helps
希望这可以帮助
回答by indika
1)Should API Gateway be state-full while other microservices are stateless?
1)API网关是否应该是有状态的,而其他微服务是无状态的?
Yes, As in 12 Factor App guide linesall the services should be stateless.
是的,在12 Factor App 指南中,所有服务都应该是无状态的。
2)If so, how should the user session data be shared between API Gateway and microservices?
2)如果是这样,API网关和微服务之间应该如何共享用户会话数据?
Your API should be stateless therefore do not share the session state to the microservices. The recommended approach is to set up a Redis cache to store session data.
您的 API 应该是无状态的,因此不要将会话状态共享给微服务。推荐的方法是设置一个Redis缓存来存储会话数据。
