Is it possible to use your own HttpSession implementation with Spring and Tomcat?
I would really like to use some features of Spring that require the use of HttpSession - but on my project we have a strict policy of no state being held in the web-tier. All authentication and user-related services (eg. allowing a user to update their contact details) are performed through middleware. Each time a request is made to the web-tier, an authentication token is extracted (currently with cookies) and the middleware validates the user and is also used to perform any other business logic for the request.
My questions are:
* Can I create an HttpSession implementation and have Spring/Tomcat use this instead of Tomcat's usual mechanism?
* Would Tomcat then use this with its URL-rewriting mechanism?
* Is there a way to do all this with spring that I have missed? I am not aware of any authentication mechanisms being built in to Spring and have not seen any way of plugging in a new session mechanism.
Thanks for any help in advance!