BOE 3.1 - Mulitple Session Question

Similar Messages

• Security/session questions

  Hi,
  I have some security/session questions for you guys.
  My application uses flex, blazeds and spring. I use RemoteObjects to initiate calls from flex to java. The application consists of a login screen and 'other screens' available only to authenticated users after login. When the user logs in the server stores user credentials on the FlexContext (FlexContext.getFlexSession().setAttribute). So if the server timeout is reached and the user presses 'refresh' the user is thrown out and the login screen appears.
  Question 1: How can I check if the timeout is reached when the user makes a call to the server, without checking manually against the FlexContext. Are there any config parameters to set?
  Question 2: Is it necesssary to check against the user credentials in the session for every flex-to-server call? (I guess someone can omit the login screen and do a manual call)
  Question 3: If the answer to question 2 is yes, how can I check against the session credentials? The only way I can think of is calling a method which checks the session attribute manually, but then I have to remember to add this method call to each of the methods called from flex through Blazeds. Is it, for example, possible to call the user-logged-in method before the method given in the RemoteObject is called? (If not authenticated, do not run method).
  Hope someone got the time to help me out.

  I appreciate your answer, but as you yourself write, I think there must be a blazeDS way. But as nobody with extensive BlazeDS knowledge answers this post, I probably have to google this topic even more.
  Following are the main changes in my application: (Introducing spring security)
  Everything seems to be working as it should. But as already stated, I'm a newbie. So if anybody see something suspicious, let me know.
  The main problem I had implementing Spring Security was something that should be easy, but somehow it was not: the loading of the context files. Before introducing the spring security I only had one application-context file, and this was loaded by the DispatcherServlet. When introducing security I tried to add this to the same file. It did not work. Then I tried splitting up the files, and loading both using DispatcherServlet. It did not work. Then I tried loading both using ContextLoaderListener. It did not work. Finally I found the solution. Flex settings must be loaded by the DispatcherServlet, and spring security settings must be loaded by ContextLoaderListener. This work. I don't know if this is the only solution.
  On the server:
  web-xml:
  <context-param>
          <param-name>contextConfigLocation</param-name>
          <param-value>
              /WEB-INF/config/web-application-config.xml
              /WEB-INF/config/web-application-security.xml
          </param-value>
      </context-param>
      <filter>
          <filter-name>springSecurityFilterChain</filter-name>
          <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      </filter>
      <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>
      <listener>
          <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
      </listener>
      <servlet>
          <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
          <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
          <init-param>
              <param-name>contextConfigLocation</param-name>
              <param-value>/WEB-INF/config/flex-application-config.xml</param-value>
          </init-param>
          <load-on-startup>1</load-on-startup>
      </servlet>
  flex-application-context:
  <flex:message-broker>
          <flex:secured/>
      </flex:message-broker>
  web-application-context:
  I had to implement my own authentication mechanism. Had to compare the username/password against an object attribute. So this bean is not mandatory, but I think you have to write down username/password/role in flex-application-context if not provided.
  <bean id="customAuthenticationProvider" class="packagename.CustomAuthenticationProvider">
          <security:custom-authentication-provider/>  
  </bean>
  web-application-security:
  <http entry-point-ref="preAuthenticatedEntryPoint" />
      <beans:bean id="preAuthenticatedEntryPoint"
          class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint " />
      <!-- Securing the service layer -->
      <global-method-security>
          <protect-pointcut expression="execution(*package.ServiceImpl.*(..))" access="ROLE_USER"/>
      </global-method-security>
  On the client:
  private function login():void {
      var cs:ChannelSet =  ServerConfig.getChannelSet(loginRemoteObject.destination);
      var token:AsyncToken;
      token = cs.login(username, password);
    // Add result and fault handlers.
    token.addResponder(new AsyncResponder(loginResultHandler, loginFaultHandler));
  private function logout():void {
      var cs:ChannelSet =  ServerConfig.getChannelSet(loginRemoteObject.destination);
      var token:AsyncToken = cs.logout();
    // Add result and fault handlers.
    token.addResponder(new AsyncResponder(logoutResultHandler, logoutResultHandler));

• Session question; best practice

  Hi,
  One of our high profile application's queries/updates are served to user sessions. But we wanted to improve user query performance and reduce general database activity.
  This piece of application cause an auto refresh to execute every 60 seconds. These queries execute against order tables looking for statuses on active orders, are user specific, and in some cases are not optimally tuned producing very high database buffer get and disk read activity. On average, 1,500 executions representing various flavors of these queries are executed hourly.
  my questions are:
  1) how can we get max performance ?
  2) can we cache these queries for like every 30 secs ?
  3) how can we cache ? so that user sessions would access the cache.
  -sharma

  well, you could load the data and put it in the application scope (in memory) with a timeout time so that it's not used after however long, in which case, a request would have to go to get the newer data from the DB.

• More session questions

  Enumeration e = session.getAttributeNames(); String key, value;
  while( e.hasMoreElements() ) {
  key = (String) e.nextElement();
  value = (String) s.getAttribute( key );
  out.print( key + value );
  I'm not familiar with (String) usage, lines 3,4.
  It's obvious what's happening, though. My questions follow.
  1.) Why is the reserved word String in parentheses?
  2.) What other reserved words could I use in its place?
  3.) By deleting it, error says it found Object but required String.
  In earlier code, I defined it as a String. What gives?
  thanks,
  [email protected]

  the syntax (String) is called a CAST - it converts the 'type' of an object from one type to another.
  in this case it's converting from the type Object to type String - this is basic Object talk - read any beginning
  book on OO/Java and get a better understanding.
  one must cast the object returned from the enumeration to a more usefull type - but you may find
  that the code has run time errors - if the enumeration has other than Strings in it - for example
  one could put a Boolean object in the enumeration and casting to a String will give a class cast exception
  at run time.

• ODI database connection - session question

  Hi,
  I have a package, where I have used a procedure.
  In my procedure, I open a database connection.
  My question is - In my next procedure - will I be able to use my same database connection which I created in previous step?
  Re-phrasing the question - for any number of database transaction happening in a package, will ODI opens multiple database connection per step or will there be only one single database connection?
  Thank you,
  Paras

  I believe its one per session so one connection inside the package. I think you should be , although i have not tried it practically.

• Open Independent Mulitple sessions with oracle in a LabVIEW exe

  Is it possible to maintain different sessions to same database from within a labVIEW exe. I need to have a server to which multiple clients connect. Server starts handler for each client and each handler needs to connect to the database and transact on its own and get some data for the client. This is basically to achieve concurrency. But the operations are happening only sequentially. Please help.

  Your two other postings:
  "Parsing an SQL statement coming in the way of reentrancy."
  "NEW!! Parsing an SQL statement coming in the way of reentrancy."
  I put a link to all your postings here to help others on the discussion forum to follow your questions.
  The problem may be that your server has a single CPU and that it can only do one thing at a time. Another limitation may be the abstraction layer for your database. What version of the Oracle d
  b are you using? Do you have this problem across computers or just on a single machine?

• Servlet Session Questions

  Hi,everybody:
  I'm puzzled by two questions about session in servlet.
  1.The default timeout of J2EE example WAR is set to 30sec.Is it too short?
  2.in J2EE Tutorial1.3 it says"To ensure that an active session is not timed-out, you should periodically access the session in service methods because this resets the session's time-to-live counter",But I can't see any codes in example servlets to access session "periodically".Could you please explain that?
  Thank you!

  I,
  I have a problem with the session.
  After the "getMaxInactiveInterval" time, I reload my servlet , but
  the session is lost even if I test it :
  Before doing anything, I do this :
  HttpSession oSession = req.getSession (=(false);
       if(oSession == null)
  // forward to a login_page
  RequestDispatcher rd = getServletContext().getRequestDispatcher(
  "login_page");
  rd.forward(req, res);
  // request to the database to get user'characteristics
  // and put then in the session
  String sUser = (String)oSession.getValue("COD"); // sUser is null !
  The pb is that the session has not been removed from the Server after
  the MaxInactiveInterval, so when i make a request , I have in the session :
  the req.isRequestedSessionIdValid() gives : true .
  and a new session is created with a new id
  Something very strange.
  Thanks for help.

• Apple Remote Desktop session questions

  Hi all:  Just got my new mini server up the running.  I have a question concerning Apple Remote Desktop that I would like answered before plunking down $79.  I am wondering how ARD handles sessions run from a device with a smaller screen than the device you are trying to control?  That is, does ARD do simple screen scaling like you can do in vnc OR does it open a new remote x session that has the appropriate resolution for your device?  I am hoping it funcitons the same way MS Remote Desktop Connecton does.

  You'd be better off asking this question in the Remote Desktop forum...
  ARD supports 2 modes scaling, and "panning". As far as I know, there is no support for what you are describing.

• Synchronized(session) question

  Hi Gurus,
  I see some race condition in my application. And my question ist now. If I use:
  synchronized(session)
  in one servlet. Does is prevent an other servlet (not another instance of the same servlet) to manipulate the session? (second servlet doesen't use synchronized(session) )
  I thought this isn't possible but I realise this is the case in my webapp.

  No that doesn't help.
  "there is no gurantee that you are using the the same object in different requests "
  Session objects are on a per user basis.
  Scenario One: User1 makes request. Servlet synchronizes on the Session object for this user. All other requests for other users use different Session objects so are not impacted by the synchronization for user1's Session. Servlet releases lock on user1' s session and returns the response.
  Scenario Two: User1 makes request. Servlet synchronizes on the Session object for this user. All other requests for other users use different Session objects so are not impacted by the synchronization for user1's Session. Before the server releases the lock on user1's Session object, user1 makes a new request which tries to access user1's Session object and is blocked until the first request is processed and the lock released.
  I don't see how in either of these two scenarios that useri could get two different Session objects. In fact if it were possible then the storing of data in sessions would not be guaranteed which would be amajor flaw in the whole technology.

• Web service session question

  i develop a web service from a java class that has get and set method for a int variable.
  first i call set method of web service then i call get method.But i lose the value set before.
  Is it possible to store the value of the variable for the session.

  This is not something related to WS.
  Check your backend java code.

• Facebook Security/Active Session Question via iPhone and Safari

  I am running Mac OS 10.8.3 with Safari 6.0.4 on an iMac. On Facebook using Safari, I set up "Login Approvals" which would require a security code. However, every once in a while under the "Active Sessions" I noticed an unknown session from an iOS 6 device from a different location other than the state I live in. I ended that activity. As a test, I accessed my Facebook account using my iPhone 5. I noticed that under Facebook's Active Sessions on Safari on my iMac, it lists my iPhone device as being in a different state. Why is that? Is there some general iPhone setting that I need to change?

  Hi, Thanks for the suggestion!
  To look at the keychain sounds helpful to solve the problem. It seems top be a problem with accessibility. I will have a look. But I also have decided to extend my RAM - since it is very true 128 MB really isn't much.
  Then for clarity:
  I have not followed an email link to download the security upgrade, but I used the usual software update manager - I just didn't find the proper english description, since my eMac talks german with me.
  I had had a look into some protokolls "system.log" - well I don't understand much what is written down there. There I might have got the confusion about the security server.
  There are several lines with Safari, like this one:
  date + time: localhost/Applications/Safari.app/Contens/MacOS/Safari:
  InitializeDiskArbitrationMessages: DiskArbitraitionRegister failed 1102
  The same is noticed about Mail
  These messages are followed by several lines telling:
  date + time: localhost lookupd[623]: NetInfo connection failed for server 127.0.0.1/local
  But I am afraid, I don't really know what this means.

• Cookie session question

  I wan't to know how to maintain session or cookie in a wap application.
  As far as I know wap doesn't support(certainly current version) cookie.
  my scenario is user login(i wan't to save its user id in the session)
  He choose a brand then category then sku then enter sales from a input box.
  I wan't tosave the sale with userid(i don't wan't to pass user id to each page)
  So what can i do.
  Please help as I am a new bie to WAP

  woah, really? so would my best bet be to use a java
  -> com bridge and then just re-login using that?Errr.
  Okay here is the issue.
  The browser should only send cookies back to the server (or domain actually) from whence they (the cookies) originally came. This prevents a malicious site from reading cookies set by other sites which is good for all sorts of reasons. Imagine for a moment if I could send you to a site where I could read the cookies set on this site. I could pretend to be logged in as you then.
  So ultimatley if you want the browser to have a cookie it will send to a site it has to get it from that site in the first place and it shouldn't be getting it from somewhere else aka your code.
  Does this help explain it better?

• LSMW Create Batch Input Session question

  Hi all
  when I use LSMW to upload data. every step is OK, but at the NO. 13 step ' 13 Create Batch Input Session', it always set the 'Display Trnacts per BI Folder' field a default value '1' .I must clear the defautl value and let the field to black so I can create ONE session.
  why it always set a default value '1' in the 'Display Trnacts per BI Folder' field ??
  anybody can help me?
  thanks a lot!!

  Hi,
  => Looks like you havent mentioned the TCODE that you are using whilst recording. There is a field specific to TCODE in the step 'Maintain Field Mapping and Conversion Rules'. Double Click on the field, a dialog opens, give your TCODE in capitals.
  => Check if you have mapped all the fields that you want to upload using LSMW. You could have missed mapping few target fields with their source fields.
  => Remove any unnecessary structure relations in step 4 - 'Maintain Structure Relations'.

• UCCX scripting session question... for vm in queue

  we are sending a vm message into queue in order that the vm may be routed to the next available agent.  the problem that we are having is when the second vm is left in the queue, it is overwriting the first vm recorded.  I believe this has to do with the session that is active and the second call taking over the same session number.  What i need to do is force a new session on the second call.....I thought that this step would do it:  but it doesnt.
  it appears this step is grabbing the session that has remained active since that VM is still in queue.   this whole process works famously for one call/vm at at time, it is only the second call that seems to not cooperate.  any tips?

  Great analogy of the Session and virtual folder Jon.  I'll also add that you don't need Sessions to make the "call back with a recorded message" feature work.  The script which the caller called in to stays active after they've disconnected, and therefore the Document which holds the recording stays in memory.  You don't need to store it in a Session, Write Document, Upload Document, none of that.
  In fact, since OP brought up Sessions and mappings, it's likely that this is the cause of the problem.  The mapping ID might be a common value for all callers, and they could be overwritting, or referencing the incorrect Session to pull the recording value out of it.  Removing the Session feature from the callback solution all together might be the best choice.
  Anthony Holloway
  Please use the star ratings to help drive great content to the top of searches.

• Cisco VTY Session Question

  Community,
  Can someone take a look at the following vty line configuration and let me know why I can't open more than one session
  line vty 0
  exec-timeout 60 0
  login authentication vty_access
  transport input all
  line vty 1
  exec-timeout 60 0
  login authentication vty_access
  no exec
  transport preferred none
  transport input all
  line vty 2 4
  exec-timeout 60 0
  login authentication vty_access
  transport input all
  line vty 5 15
  exec-timeout 60 0
  login authentication vty_access
  no exec
  transport preferred none
  transport input all

  I see issues that prevent some of the vty lines from accepting sessions but not enough problems to account for being limited to a single session. on vty 1 and on 5 to 15 you have configured no exec. This prevents any session from being established.
  I assume that the session you establish is probably on vty 0. I do not see what would prevent additional sessions on vty 2 through 4. Perhaps there is something in vty_access which is having this impact? We need to have more information to be able to come up with a good explanation. At a minimum we will need to see the aaa parts of the config. Perhaps the output of show line might also be helpful.
  HTH
  Rick