HttpSession invalidate issue + serialization

The set up of my code is as follows:
* Applet communicates with Servlet(s)
* ServletA keeps a HashMap of session objects with an attribute as key.
* Once logout is called in applet - a call comes to servlet in form of a seriallized request object.
* After sessions is invalidated, second line of code is to send back a serialized response object back
* This is where I receive what seems to be a java.io.EOF exception
Reading up on invalidate() didn't seem to shed any light on anything similar happening except for the fact that the object's bindings are lost. Would that mean that I am not able to write on the response from servlet back to applet once I destroy session inside sevlet??
Thank you in advance.

My code here:
HttpSession session = this.getRequest().getSession();This is the current session. The new one.
//sessionID - getting existing session ID from DBHow you get this is unstated, but let that pass.
HttpSession oldSession = (HttpSession)session.getAttribute(sessionID);As I said before, this is nonsense. How can the old session possibly get into the attributes of the new session? Who put it there? Magic? What makes you think a session is available by sessionID from any servlet API at all? Hint: it isn't.
oldSession.invalidate(); //getting exception hereTrivially that's because 'oldSession' is null and you're not even checking it. You should have figured that out for yourself. You don't seem to have even considered the possibility that it is null, let alone the probability that the reason is that the previous line of code which set it is invalid. Instead you are just asking for a workaround to make your preconceived code work, when what you should be doing is asking about the validity of your preconceptions.
I find all that pretty strange frankly.
I also find the underlying requirement pretty strange. What if the user is logged in at two workstations simultaneously? Logging in at the second one will forcibly log him out of the first one. Why?

Similar Messages

  • ERROR attempting to call HttpSession.invalidate ()  in TOMCAT 5.5.9

    Can someone help me with this TOMCAT issue:-
    I am attempting to implement a logout method that will invalidate the current session and redirect to the login page (based on SRLogout demo eg).
    The code works fine in JDeveloper Embedded OC4J Server, but when i deploy the application to Tomcat 5.5.9 it throws an exception that the Session has already been invalidated.
    I also notice that When i print the session object in JDev it is: 'HTTP Session ac104af6231ccf2bd0e9a39148c5adc1ea2714432a9e' but in Tomcat it is : 'org.apache.catalina.session.StandardSessionFacade@bfb545'
    See the method below and exception below :
    public String logoutButton_action() throws IOException{
    ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContex();
    HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
    HttpSession session = (HttpSession)ectx.getSession(false);
    session.invalidate();
    response.sendRedirect("Login.jspx");
    return null;
    Exception
    [2006-07-18 11:31:01] [ERROR] [http-8080-Processor23] (com.sun.faces.lifecycle.InvokeApplicationPhase:80) - #{backing_app_SRLogout.logoutCommandButton1_action}: javax.faces.el.EvaluationException: java.lang.IllegalStateException: getAttribute: Session already invalidated
    javax.faces.FacesException: #{backing_app_SRLogout.logoutCommandButton1_action}: javax.faces.el.EvaluationException: java.lang.IllegalStateException: getAttribute: Session already invalidated
         at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:78)
         at oracle.adf.view.faces.component.UIXCommand.broadcast(UIXCommand.java:211)
         at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:267)
         at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:381)
         at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:75)
    ...

    After a lot of investigation, code review and tests, I finally managed to understand what's going on with this problem.
    The following stack trace is the key:
    java.lang.IllegalStateException: getAttribute: Session already invalidated
         org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:1077)
         org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:110)
         oracle.adf.share.http.HttpUtil.getAttribute(HttpUtil.java:98)
         oracle.adf.share.http.HttpSessionScopeAdapter.get(HttpSessionScopeAdapter.java:240)
         oracle.adf.share.statemanager.StateManagerScopeAdapter.<init>(StateManagerScopeAdapter.java:88)
         oracle.adf.share.http.HttpStateManagerScopeAdapter.<init>(HttpStateManagerScopeAdapter.java:51)
         oracle.adf.share.http.ServletADFContext.getStateManager(ServletADFContext.java:254)
         oracle.adf.share.statemanager.StateManagerScopeAdapter$ADFScopeListenerImpl.scopeInvalidated(StateManagerScopeAdapter.java:251)
         oracle.adf.share.ADFScopeHelper.fireScopeInvalidated(ADFScopeHelper.java:53)
         oracle.adf.share.http.HttpSessionScopeAdapter.invalidate(HttpSessionScopeAdapter.java:265)
         oracle.adf.share.http.HttpSessionScopeAdapter.valueUnbound(HttpSessionScopeAdapter.java:324)
         org.apache.catalina.session.StandardSession.removeAttributeInternal(StandardSession.java:1686)
         org.apache.catalina.session.StandardSession.expire(StandardSession.java:801)
         org.apache.catalina.session.StandardSession.expire(StandardSession.java:644)
         org.apache.catalina.session.StandardSession.invalidate(StandardSession.java:1158)
         org.apache.catalina.session.StandardSessionFacade.invalidate(StandardSessionFacade.java:150)
    oracle.adf.share.http.HttpSessionScopeAdapter.valueUnbound(HttpSessionScopeAdapter.java:324)*
    org.apache.catalina.session.StandardSession.removeAttributeInternal(StandardSession.java:1686)*
    org.apache.catalina.session.StandardSession.expire(StandardSession.java:801)*
    catalina first invalidate the session by setting expire property to true
    then it removes all attributes by calling removeAttributeInternal()
    which calls whatever attributes valueUnbound method...
    in this case, oracle's HttpSessionScopeAdapter try to get an attribute on the session
    org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:110)
    oracle.adf.share.http.HttpUtil.getAttribute(HttpUtil.java:98)
    catalina does not permit accessing the attributes when it is invalidated... so you get the mighty java.lang.IllegalStateException: getAttribute: Session already invalidated exception...
    the solution to this problem is to remove oracle attributes BEFORE invalidating the session. This should work in any appserver implementation.
    For example, in our case, the oracle attribute was a scope attribute (HttpStateManagerScopeAdapter in our stack trace)... We found those attributes using the
    HttpSession.getAttributeNames() method, and removed them manually before invalidating the session.
    session.removeAttribute("ORA_adf_sessionScope");
    session.removeAttribute("__adf_session_scope__");
    // remove private attributes
    // and invalidate the session
    session.invalidate();
    I think that it makes sense that catalina invalidates the session before any call to the listeners, because any problem in those attributes could mean an improperly invalidated session...
    Cheers.

  • Known Issue: Serializable nested types result in an internal compiler error in "Release" built C#/VB UWP apps (Windows 10 Insider Preview SDK and tools, April 2015 release)

    If you have a type nested inside of a type deriving from a WinRT type, and the nested type is marked Serializable (such as with [DataContract]), your build will fail.
    This code will cause this failure.
        public sealed partial class MainPage : Page
            public MainPage()
                this.InitializeComponent();
                var d = new DataContractSerializer(typeof(MyData));
            [DataContract]class MyData { }

    Avoid serializable types nested inside of WinRT types.

  • HttpSession Invalidate not working with WAS LTPA

    I normally handle site logout with a JSP that executes <% session.invalidate(); %> then redirects to the home page. Now I am running on WebSphere Application Server 5.1 authenticating against a Novell eDirectory LDAP server using LTPA and a SSL Certificate. Session.invalidate() does not work. Someone suggested it is because WAS is using LTPA. LTPA creates an authentication cookie that is not cleared by session.invalidate (?).
    IBM does have a proprietary logout JSP I could use**, but I don't want to use a vendor specific solution. Has anybody tackled a session logout that clears the LTPA cookie without being tied to a vendor's J2EE container?
    Thanks!
    Steve Mitchell
    http://www.byteworksinc.com
    ** http://publib.boulder.ibm.com/infocenter/wasinfo/v5r0/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/xsec_formlogin.html

    I saw this old post of mine and thought I would follow-up. I never found a vendor neutral solution. When running on WebSphere I redirect to a JSP that posts to ibm_security_logout. When testing on Tomcat I just call session.invalidate(). My Struts LogoutAction does the following:
    if ( serverInfo.toUpperCase( ).indexOf( "WEBSPHERE" ) > -1 )
    return mapping.findForward( "websphereLogoutForward" );
    session.invalidate( );
    return mapping.findForward( "success" );
    Steve Mitchell
    http://www.byteworksinc.com

  • HttpSession.invalidate()

    On WebLogic 6.0 sp1, I'm attempting to build "logout" functionality into an
              application. I thought that I could simply invlidate the sessoin and the get
              a new session, however, I never can get a new session id. The following
              code in my servlet:
              Debug.message("Terminating Session");
              Debug.message("Session Id: " + session.getId());
              session.invalidate();
              session = req.getSession(true);
              Debug.message("Session Id: " + session.getId());
              Produces the following output:
              Terminating Session
              Session Id: OznY9sVi4g8pK1gJkgSLtRZq6vt9rdqXvd3ZdRIMOX1nAQjACIAT
              Session Id: OznY9sVi4g8pK1gJkgSLtRZq6vt9rdqXvd3ZdRIMOX1nAQjACIAT
              What does session.invalidate() do if not invalidate the session? Shouldn't
              HttpRequest.getSession(true) return a new session id after rendering the
              first session invalid? This is a cookie-less site so the session id is
              built into the url.
              

    there was a bug in weblogic 5 sp9 with this same problem, I dont know if the
              same developer broke it in 6 or not, but the cr for it is : CR047878, you can
              try support and see if that problem is the same one as 6.
              -Joel
              Jeffrey Winter wrote:
              > On WebLogic 6.0 sp1, I'm attempting to build "logout" functionality into an
              > application. I thought that I could simply invlidate the sessoin and the get
              > a new session, however, I never can get a new session id. The following
              > code in my servlet:
              >
              > Debug.message("Terminating Session");
              > Debug.message("Session Id: " + session.getId());
              > session.invalidate();
              > session = req.getSession(true);
              > Debug.message("Session Id: " + session.getId());
              >
              > Produces the following output:
              >
              > Terminating Session
              > Session Id: OznY9sVi4g8pK1gJkgSLtRZq6vt9rdqXvd3ZdRIMOX1nAQjACIAT
              > Session Id: OznY9sVi4g8pK1gJkgSLtRZq6vt9rdqXvd3ZdRIMOX1nAQjACIAT
              >
              > What does session.invalidate() do if not invalidate the session? Shouldn't
              > HttpRequest.getSession(true) return a new session id after rendering the
              > first session invalid? This is a cookie-less site so the session id is
              > built into the url.
              

  • Serialization Error(URGENT)

    Hi All,
    I am facing a problem with a deployed Application on iPlanet 6.0 on Windows 2000 Server.
    The Application works fine but after a couple of days it starts chewing up a lot of memory on the Windows box and ultimately hangs.
    The KJS logs have the following errors :-
    [15/Jan/2002 18:45:32:3] error: SERVLET-put_nonserial: Putting non-serializable object when using NAS session
    [15/Jan/2002 18:45:32:5] error: SERVLET-put_nonserial: Putting non-serializable object when using NAS session
    [15/Jan/2002 18:45:33:1] error: SERVLET-put_nonserial: Putting non-serializable object when using NAS session
    [15/Jan/2002 18:45:33:1] error: SERVLET-put_nonserial: Putting non-serializable object when using NAS session
    [15/Jan/2002 18:47:09:8] error: Exception: SERVLET-exception: Exception occurred
    Exception Stack Trace:
    java.lang.ClassNotFoundException: com.diagnostix.dom.Patient
    at java.io.ObjectInputStream.inputObject(ObjectInputStream.java:981)
    at java.io.ObjectInputStream.readObject(ObjectInputStream.java:369)
    at java.io.ObjectInputStream.readObject(ObjectInputStream.java:232)
    at com.netscape.server.servlet.platformhttp.PlatformNASSession.getMemberValue(Unknown Source)
    at com.netscape.server.servlet.platformhttp.PlatformNASSession.finalInvalidation(Unknown Source)
    at com.netscape.server.servlet.platformhttp.SessionInvalidator.service(Unknown Source)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:865)
    at com.netscape.server.servlet.servletrunner.ServletInfo.service(Unknown Source)
    at com.netscape.server.servlet.servletrunner.ServletRunner.execute(Unknown Source)
    at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
    at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
    at com.kivasoft.thread.ThreadBasic.run(Native Method)
    at java.lang.Thread.run(Thread.java:479)
    [15/Jan/2002 18:47:09:8] error: Exception: SERVLET-exception: Exception occurred
    Exception Stack Trace:
    java.lang.ClassNotFoundException: com.diagnostix.dom.UserAccount
    at java.io.ObjectInputStream.inputObject(ObjectInputStream.java:981)
    at java.io.ObjectInputStream.readObject(ObjectInputStream.java:369)
    at java.io.ObjectInputStream.readObject(ObjectInputStream.java:232)
    at com.netscape.server.servlet.platformhttp.PlatformNASSession.getMemberValue(Unknown Source)
    at com.netscape.server.servlet.platformhttp.PlatformNASSession.finalInvalidation(Unknown Source)
    at com.netscape.server.servlet.platformhttp.SessionInvalidator.service(Unknown Source)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:865)
    at com.netscape.server.servlet.servletrunner.ServletInfo.service(Unknown Source)
    at com.netscape.server.servlet.servletrunner.ServletRunner.execute(Unknown Source)
    at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
    at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
    at com.kivasoft.thread.ThreadBasic.run(Native Method)
    at java.lang.Thread.run(Thread.java:479)
    [15/Jan/2002 18:47:09:8] error: Exception: SERVLET-exception: Exception occurred
    Exception Stack Trace:
    java.lang.ClassNotFoundException: com.diagnostix.dom.cumulative.CumDefaultDateRange
    at java.io.ObjectInputStream.inputObject(ObjectInputStream.java:981)
    at java.io.ObjectInputStream.readObject(ObjectInputStream.java:369)
    at java.io.ObjectInputStream.readObject(ObjectInputStream.java:232)
    at com.netscape.server.servlet.platformhttp.PlatformNASSession.getMemberValue(Unknown Source)
    at com.netscape.server.servlet.platformhttp.PlatformNASSession.finalInvalidation(Unknown Source)
    at com.netscape.server.servlet.platformhttp.SessionInvalidator.service(Unknown Source)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:865)
    at com.netscape.server.servlet.servletrunner.ServletInfo.service(Unknown Source)
    at com.netscape.server.servlet.servletrunner.ServletRunner.execute(Unknown Source)
    at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
    at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
    at com.kivasoft.thread.ThreadBasic.run(Native Method)
    at java.lang.Thread.run(Thread.java:479)
    Please help me out with this. This is very urgent.
    THANKS a lot in Advance.

    For starters you have not deployed your application correctly to the iAS server.
    iAS implements failover functionality within the server which allows for HTTPSession data to be distributed amongst the iAS servers in a cluster. This functionality is achieved by configuring your application and session data as Distributed.
    This is all fine and dandy but there are consequences in that ALL objects stored within an HTTPSession must be serializable. In your case, the following messages:
    [15/Jan/2002 18:45:32:3] error: SERVLET-put_nonserial: Putting non-serializable object when using NAS session
    Indicate that your are trying to store a non-serializable object in a iAS distributed session.
    Therefore, you have two options:
    1. Change you application code to ensure that all of your objects stored within HTTPSession's are serializable.
    2. Change your applications deployment descriptors to ensure that your application is set to 'Local' and 'Lite' sessions. This will remove the requirment for serializable objects.
    Option #2 requires some additional measures depending on your configuration. If you have multiple KJS engines or multiple servers in a cluster and are load-balancing requests amongts the engines you MUST enable sticky load-balancing within your application. Stick load-balancing will ensure that all requests for a particular session go to the same KJS engine and therefore will be able to access the session data.
    Concerning the memory being exhausted. This could be a side effect of this issue.
    Cheers!

  • NoClassDefFoundError when passing HttpSession

    Hello All,
    I am getting a NoClassDefFoundError when I start my rmi server.
    I am pass an HttpSession as one of the variables of my rmi call.
    Everything worked fine until I added the HttpSession variable.
    Why do I get this exception ?
    Exception in thread "main" java.lang.NoClassDefFoundError: javax/servlet/http/Ht
    tpSession
            at java.lang.Class.getDeclaredMethods0(Native Method)
            at java.lang.Class.privateGetDeclaredMethods(Class.java:2395)
            at java.lang.Class.privateGetPublicMethods(Class.java:2519)
            at java.lang.Class.getMethods(Class.java:1406)
            at sun.rmi.server.Util.getRemoteInterfaces(Util.java:221)
            at sun.rmi.server.Util.getRemoteInterfaces(Util.java:193)
            at sun.rmi.server.Util.createProxy(Util.java:126)
            at sun.rmi.server.UnicastServerRef.exportObject(UnicastServerRef.java:169)
            at java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:293)
            at java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:235)
            at java.rmi.server.UnicastRemoteObject.<init>(UnicastRemoteObject.java:133)
            at java.rmi.server.UnicastRemoteObject.<init>(UnicastRemoteObject.java:119)
            at pE.PEg.<init>(PEgImpl.java:36)
            at pE.PEgServer.<init>(PEgServer.java:10)
            at pEngine.PEgServer.main(PEgServer.java:18)If I add server2_2.jar to my class path, then I get this exception:
    java.rmi.ServerError: Error occurred in server thread; nested exception is:
            java.lang.NoClassDefFoundError: javax/servlet/http/HttpSessionWhile were at it, let me ask this: My RMI implementation code has some data that it needs to pass to my servlet that is invoked by an third-party server. I due to the sensitive nature of the data, I don't want to stick it in a DB, but pass as session variables, thus I was passing in the session var. A better way to do this?
    Edited by: jimcsc on Aug 29, 2008 9:58 AM

    I am getting a NoClassDefFoundError when I start my rmi server.That will be because either the server or the Registry or the client doesn't have the class named in the exception in its CLASSPATH.
    I am pass an HttpSession as one of the variables of my rmi call.Are HttpSessions really serializable? This sounds like a very odd design.
    While were at it, let me ask this: My RMI implementation code has some data that it needs to pass to my servlet that is invoked by an third-party server. I due to the sensitive nature of the data, I don't want to stick it in a DB, but pass as session variables, thus I was passing in the session var.There's something wrong with that description. It seems to me that it is the servlet passing the HttpSession to your RMI server, not the other way around. Assuming the HttpSession implementation is serializable it should work but it's still an odd design. I would get the stuff that you actually need out of the HttpSession and pass that.

  • Not able to invalidate session

    I am storing an attritbute in a session as set.setAttribute and do sessionName.invalidate() when I hit logout. However, next time when I access the servlet, I am still able to retrieve the value of the attribute set last time which should be null. Please let me know the plausible reason for not getting the desired behaviour.

    The defined behaviour for HttpSession.invalidate() is to make the session invalid and unbind all objects. However, this depends on the implementation provided by the servlet container. Some servlet containers actually retain the session attributes even after the session has been invalidated.
    One way of getting around this is to close the browser window and open a new one using some gawky scripting. Someone suggested to me sometime ago that a response.sendRedirect() to some logout page would also help.

  • Serialization Exception Again

    I was able to get my HTTPS web service to communicate with my clients, but now
    when I try to connect to the web service (type=document), I get this error:
    [java] 3) testQuoteStubs(com.arrow.arrowsoap.client.QuoteServiceClientTest)
    junit.framework.AssertionFailedError: failed to serialize class java.lang.Objectweblogic.xml.schema.binding.SerializationException:
    type mapping lookup failure on class=class weblogic.apache.xerces.dom.DeferredDocumentImpl
    TypeMapping=TYPE
    MAPPING SIZE=3
    [java] ENTRY 1:
    [java] class: java.lang.Object
    [java] xsd_type: ['https://www.xxx.com/QuoteService/']:lcl0:ProcessResponse
    [java] ser: weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec@
    b957ea
    [java] deser: weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec@
    3aff84
    [java] ENTRY 2:
    [java] class: java.lang.Object
    [java] xsd_type: ['https://www.xxx.com/QuoteService/']:lcl0:Process
    [java] ser: weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec@
    15d4de6
    [java] deser: weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec@
    a53de4
    [java] ENTRY 3:
    [java] class: java.lang.Object
    [java] xsd_type: ['http://www.w3.org/2001/XMLSchema']:xsd:anyType
    [java] ser: weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec@
    827968
    [java] deser: weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec@
    1f0b7d3
    [java] at com.arrow.arrowsoap.client.QuoteServiceClientTest.testQuoteSt
    ubs(QuoteServiceClientTest.java:98)
    [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    [java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcces
    sorImpl.java:39)
    [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMet
    hodAccessorImpl.java:25)
    Attached is the WSDL for the service.
    The type-mapping file looks like:
    <wsdd:type-mapping xmlns:wsdd="http://www.bea.com/servers/wls70"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
    <wsdd:type-mapping-entry xmlns:lcl0="https://www.xxx.com/QuoteService/"
    class-name="java.lang.Object"
    type="lcl0:ProcessResponse"
    serializer="weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec"
    deserializer="weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec">
    </wsdd:type-mapping-entry>
    <wsdd:type-mapping-entry xmlns:lcl0="https://www.xxx.com/QuoteService/"
    class-name="java.lang.Object"
    type="lcl0:Process"
    serializer="weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec"
    deserializer="weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec">
    </wsdd:type-mapping-entry>
    <wsdd:type-mapping-entry class-name="java.lang.Object"
    type="xsd:anyType"
    serializer="weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec"
    deserializer="weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec">
    </wsdd:type-mapping-entry>
    </wsdd:type-mapping>
    Any ideas?? Am I missing something from my classpath?? I am running the tests
    using the WL 8.1 ANT installation and using this as my WL classpath (my own jars
    are added first in the path and are omitted here):
              <pathelement path="${weblogic.home}/lib/webserviceclient.jar"/>
              <pathelement path="${weblogic.home}/lib/weblogic_sp.jar"/>
              <pathelement path="${weblogic.home}/lib/weblogic.jar"/>
    Thanks
    -- jake
    [QuoteService.wsdl]

    Hi Karen,
    My suggestion is to separate the issues (serialization failures and
    SSL). Make sure your app works OK using http trasport. For SSL, RU
    using the WLSSLAdapter for the client as described in the docs [1]? One
    or 2way SSL? What version of WLS?
    Thanks,
    Bruce
    [1]
    http://edocs.bea.com/wls/docs81/webserv/security.html#1053203
    Karen Yuan wrote:
    >
    Hi Bruce,
    I was also getting the SerializationException when I tried to connect from my
    weblogic web
    service client to my HTTPS webMethods web service (SOAP-RPC protocol). Then I
    included
    webserviceclient+ssl.jar client runtime JAR file on both of my client and server
    sides and re-ran
    my test. I still got the same error:
    Exception in thread "main" java.rmi.RemoteException: web service invoke failed:
    javax.xml.soap.SOAPException: failed to serialize class java.lang.Objectweblogic.xml.schema.binding.SerializationException:
    type mapping lookup
    failure on class=class java.io.StringReader TypeMapping=TYPEMAPPING SIZE=2
    ENTRY 1:
    class: com.freddiemac.ImportLoan.FileUploadHttpsStreamClient.WS_1.importLoan
    SubmitStream.CallServletInput
    xsd_type: ['http://com/freddiemac/ImportLoan/FileUploadHttpsStreamClient/WS_1/i
    mportLoanSubmitStream']:lcl0:__callServletInput
    ser: com.freddiemac.ImportLoan.FileUploadHttpsStreamClient.WS_1.importLoan
    SubmitStream.CallServletInputCodec@7eb366
    deser: com.freddiemac.ImportLoan.FileUploadHttpsStreamClient.WS_1.importLoan
    SubmitStream.CallServletInputCodec@33f0de
    ENTRY 2:
    class: com.freddiemac.ImportLoan.FileUploadHttpsStreamClient.WS_1.importLoan
    SubmitStream.CallServletOutput
    xsd_type: ['http://com/freddiemac/ImportLoan/FileUploadHttpsStreamClient/WS_1/i
    mportLoanSubmitStream']:lcl0:__CallServletOutput
    ser: com.freddiemac.ImportLoan.FileUploadHttpsStreamClient.WS_1.importLoan
    SubmitStream.CallServletOutputCodec@ab444
    deser: com.freddiemac.ImportLoan.FileUploadHttpsStreamClient.WS_1.importLoan
    SubmitStream.CallServletOutputCodec@c0f1ec; nested exception is:
    .... more
    Any suggestions?
    Thanks,
    Karen
    Bruce Stephens <[email protected]> wrote:
    Hi Jacob,
    From your post it was not clear was working and what was changed. Could
    you clarify. Note, for the standalone client app using SSL, you will
    need to include webserviceclient+ssl.jar client runtime JAR file,
    described in the docs [1].
    Thanks,
    Bruce
    [1]
    http://edocs.bea.com/wls/docs81/webserv/security.html#1053203
    Jacob Anderson wrote:
    I was able to get my HTTPS web service to communicate with my clients,but now
    when I try to connect to the web service (type=document), I get thiserror:
    [java] 3) testQuoteStubs(com.arrow.arrowsoap.client.QuoteServiceClientTest)
    junit.framework.AssertionFailedError: failed to serialize class java.lang.Objectweblogic.xml.schema.binding.SerializationException:
    type mapping lookup failure on class=class weblogic.apache.xerces.dom.DeferredDocumentImpl
    TypeMapping=TYPE
    MAPPING SIZE=3
    [java] ENTRY 1:
    [java] class: java.lang.Object
    [java] xsd_type: ['https://www.xxx.com/QuoteService/']:lcl0:ProcessResponse
    [java] ser: weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec@
    b957ea
    [java] deser: weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec@
    3aff84
    [java] ENTRY 2:
    [java] class: java.lang.Object
    [java] xsd_type: ['https://www.xxx.com/QuoteService/']:lcl0:Process
    [java] ser: weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec@
    15d4de6
    [java] deser: weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec@
    a53de4
    [java] ENTRY 3:
    [java] class: java.lang.Object
    [java] xsd_type: ['http://www.w3.org/2001/XMLSchema']:xsd:anyType
    [java] ser: weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec@
    827968
    [java] deser: weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec@
    1f0b7d3
    [java] at com.arrow.arrowsoap.client.QuoteServiceClientTest.testQuoteSt
    ubs(QuoteServiceClientTest.java:98)
    [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethod)
    [java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcces
    sorImpl.java:39)
    [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMet
    hodAccessorImpl.java:25)
    Attached is the WSDL for the service.
    The type-mapping file looks like:
    <wsdd:type-mapping xmlns:wsdd="http://www.bea.com/servers/wls70"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
    <wsdd:type-mapping-entry xmlns:lcl0="https://www.xxx.com/QuoteService/"
    class-name="java.lang.Object"
    type="lcl0:ProcessResponse"
    serializer="weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec"
    deserializer="weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec">
    </wsdd:type-mapping-entry>
    <wsdd:type-mapping-entry xmlns:lcl0="https://www.xxx.com/QuoteService/"
    class-name="java.lang.Object"
    type="lcl0:Process"
    serializer="weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec"
    deserializer="weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec">
    </wsdd:type-mapping-entry>
    <wsdd:type-mapping-entry class-name="java.lang.Object"
    type="xsd:anyType"
    serializer="weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec"
    deserializer="weblogic.xml.schema.binding.internal.builtin.XSDAnyCodec">
    </wsdd:type-mapping-entry>
    </wsdd:type-mapping>
    Any ideas?? Am I missing something from my classpath?? I am runningthe tests
    using the WL 8.1 ANT installation and using this as my WL classpath(my own jars
    are added first in the path and are omitted here):
    <pathelement path="${weblogic.home}/lib/webserviceclient.jar"/>
    <pathelement path="${weblogic.home}/lib/weblogic_sp.jar"/>
    <pathelement path="${weblogic.home}/lib/weblogic.jar"/>
    Thanks
    -- jake
    Name: QuoteService.wsdl
    QuoteService.wsdl Type: ACT Project (text/xml)
    Encoding: base64

  • HttpSession ?s

    1. Is using HttpSession.invalidate() the correct way to end a session? It works but I want to know best practice.
    2. Is there an event fired when the session is created/destroyed that I can hook into?

    1. Yes.
    2. Yes, write a class that implements HttpSessionListener and add it to web.xml (look in the dtd for the format).

  • Losing values in httpsession...

    This is a web application which is run over multiple servers. So the same war is deployed in multiple servers a to h , and a load balancer sends in requests to either of them...
    I believe that the load balancer sends all the requests associated with one session to the same server , say server a.
    This web app is not marked distributable and the stuff in httpsession is not serializable.
    I understand that if the server a comes down or whatever, the loadbalancer will direct requests to another machine which will recognize that the session id is invalid and redirect the browser to a login page.
    Now my question is this. How it possible to have a scenario where only parts of the httpsession are lost ?

    This is very specific to the server. Which one are you using?
    Also remember, the server may chose to serialize the session (in between requests) to conserve resources and any non-serializable data may be lost.
    All this depends on how you have configured your server.
    ram.

  • Problem "Session already invalidated" when logout?

    Hallo,
    for logout i'am using the following code
    public String logoutButton_action() throws IOException {
    FacesContext ctx = FacesContext.getCurrentInstance();
    ExternalContext ectx = ctx.getExternalContext();
    HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
    HttpSession session = (HttpSession)ectx.getSession(false);
    session.invalidate();
    response.sendRedirect("index.jspx");
    ctx.responseComplete();
    return null;
    In JDeveloper i don't have a problem. But using this method under tomcat it produces the error getAttribute: Session already invalidated.
    I know tomcat is not oracle but maybe someone had a tip for me.
    Any help is appreciated.

    Hi,
    could you check the discussion in this forum thread:
    ERROR attempting to call HttpSession.invalidate ()  in TOMCAT 5.5.9
    I think your issue is similar.
    Regards,
    Didier.

  • Cache problem after login to our site

    Hi,
    I am facing strange problem in my webapplication. Here is the senario.
    1. Login with User1.
    2. Logout User1.
    3.Login with User2.
    4.User2 getting the User1 session , means User2 can able to see all the links related to User1. Once he click on refresh button, User2 related information is coming. In the logout we are invalidating the session, eventhough this problem coming. Please share any ideas if you have in this issue.
    Please write your comments to [email protected]
    Thanks ,
    UmaMaheswaraRao

    UmaMaheswaraRao wrote:
    Hi,
    I am facing strange problem in my webapplication. Here is the senario.
    1. Login with User1.
    2. Logout User1.
    3.Login with User2.
    4.User2 getting the User1 session , means User2 can able to see all the links related to User1. Once he click on refresh button, User2 related information is coming. In the logout we are invalidating the session, eventhough this problem coming. Please share any ideas if you have in this issue.Likely the session is not invalidated the right way. Use HttpSession#invalidate() for that. Verify the session used by HttpSession#getId().
    Please write your comments to [email protected]
    You're here at a discussion forum, not at a contact advertising forum. Thereby, spambots likes plain vanilla email addresses. Never post email addresses anywhere at the web, keep it private.

  • How to avoid multiple session for the same username

    I need suggestions on implementing single user login , like My system has a user with a username jdavid and my application should not allow two different sessions for the same username jdavid , can one session peep into all other session
    to see if the any has a usernaem jdavid, I am basically looking for some pattern if any available for restricting multiple session for the same username . like jaas or any other security api provides this ?

    Store a Map<User, HttpSession> in application scope and let your application intercept on that. On login, just check if the User is already there, then get the associated HttpSession, invalidate it and replace it by the current HttpSession, else just store the current User-HttpSession pair in the map. On logout obviously remove the User-HttpSession pair from the map.

  • How to implement a logout

    I have a basic jsp application with a form-based authentication[which is working well].
    I would like advice on how to implement a logout mechanism from the application.
    I would also like help on how to retrieve the user ID of the user so that i display it on the screen.
    ochomo

    Call HttpSession#invalidate() to invalidate the session.
    The remote user is available by HttpServletRequest#getRemoteUser() and its principal by HttpServletRequest#getUserPrincipal() by the way.

Maybe you are looking for

  • Itunes library on an external hard drive

    I recently purchased an external hard drive to use for all of my media libraries (itunes, iphoto, etc). My first task was to move my iTunes library to the new HD.  I followed the steps from this Apple Support article (http://support.apple.com/kb/ht14

  • Boot Camp Assistant Won't Work....

    I've been wrestling with this for two days now (along with my very technically adept brother). I'll try to offer as much information as possilble. I've scoured this and other online forums without success. Here goes: Early 2011 MBPro/ 7500rpm HItachi

  • What is the difference between an ipad with cellular and one without?

    Anyone?

  • Issues Migrating Data from SQL Server to Oracle

    Good morning, I'm currently trying to migrate data from a SQL Server 7 Database to Oracle 11GR1. I've followed the steps outlined in the guide that's on OTN and for the most part it worked well, the Data Model Capture, transformation and generation w

  • How to load movie...

    Hi, I have the following code to make a movie clip appear when the user rolls over a symbol. The part I am missing is how to make that movie clip appear. I can't seem to figure that out. I will have about 20 symbols that each need a different movie c