Implementing Distributed Session Management

Similar Messages

• How to implement the Session ManageMent in OracleADF .

  Hi I am New to ADF, In my application i have requirement like, I Have a JSPX login page,which contain 4 taskflows as a regions(like AddEmp,DeleteEmp,Create New Dept,Delete Emp), based on the type of user login,i want give different responsibilities(ADF Security, for example a normal employe cant Edit the Other Employe information only HR can do the Edit ), for those who logged in i want to use Session.
  Every Time When the user Request the resource it has to check for the session validation.
  i know in JEE How to implement Sessions but i don't know in ADF .
  Thanks in Advance...

  Hi,
  have a look here http://download.oracle.com/otn_hosted_doc/jdeveloper/11gdemos/AdfSecurity/AdfSecurity.html
  Its a video about ADF Security that explains how you can use custom Resource Permissions for any kind of user authorization, plus the on-board page and task flow permission. Note that the session has nothing to do with authorization. All a session can be is authenticated after which users are associated with enterprise roles, which then are mapped to permissions (through application roles in ADF Security). So session management is not what you are looking for in this case.
  In addition you want to read: http://www.oracle.com/technetwork/developer-tools/adf/learnmore/76-insert-update-entity-protection-334421.pdf
  Frank

• Distributed sessions for multiple web-apps in a single App. Server (v.8.1)

  I have 3 applications on App. Server 8.1 (running on JDK 1.5)
  App-A handles login
  App-B and App-C are functions that are accessible after login is validated.
  It works fine with App. Server 6.5 (JDK 1.3)
  But the distributed session cannot be shared in App. Server 8.1 (JDK 1.5)
  So App-A handles sign on and stores the user's Login Name on the session.
  App-B and App-C read the user's login name from the session object and grant access to different modules.
  1. Starting App-A and perform login
  2. Starting App-B from App-A (it is linked there)
  3. Starting App-C from App-A (it is linked there)
  In step 1, a new session is created for the user, an attribute ("LoginName") is put in the session - ie. using HttpSession.setAttribute()
  In step 2, the program checks for attribute "LoginName" from the session object - ie. using HttpSession.getAttribute()
  If not found, redirect to login; if found, then continue with App-B
  In step 3, same as in step 2 above.
  It works fine with App. Server 6.5 but problem occurs in step 2 and 3.
  web.xml of App-A, App-B and App-C:
  <i>
  <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
  <display-name>App-A</display-name>
       <distributable/>
  </i>
  sun-web.xml of App-A, App-B and App-C
  <i>
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 8.1 Servlet 2.4//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_4-1.dtd">
  <sun-web-app>
  <session-config>
  <session-manager persistence-type="memory">
  <manager-properties>
  <property name="persistenceFrequency" value="web-method"/>
  </manager-properties>
  <store-properties>
  <property name="persistenceScope" value="session"/>
  </store-properties>
  </session-manager>
  </session-config>
  </i>

  Distributed sessions has nothing to do with different web applications. The concept is about distributing load for the same application between several appserver instances running on the same box(different jvm) or on some other box in the network.
  What you used with iAS 6.5 is not available in 8.1 because sharing sessions between web apps is forbidden by the servlet spec. You should consider repackaging your apps. into a single web app. or using other way of signing/verifying user identity(check Sun Access Manager for example).
  Have a look at this thread as well: http://swforum.sun.com/jive/thread.jspa?threadID=100931

• Plugin based Web Service with session management

  I am trying to make a web service in java with jax-ws that should support extensions to the service without rebuilding the project. I thought it might be possible to make a standard web service and the let each plugin create their own service, making the client side plugin point to both the standard service and the plugin specific one. This way I could have user management and such in the standard service and the more plugin specific one in an other service. The problem is though, how do I make a common session for all the services? All services are running at the same server and on the same domain name.
  I checked the HTTP headers and found out that the JSESSIONID was changing when I created a new port on the client side. I was trying to implement a SOAPHandler to edit the cookie in the HTTP header, hoping that this will lead to the same session across the services. But found it hard. It was no problem reading the "Set-cookie" header, setting the cookie on the new requests was harder, as the CookieJar object seems to be internal [1]. And the MessageContext.HTTP_REQUEST_HEADERS wasn't created at the time my handlers run. Is there an easy solution to this?
  I am not sure if my idea is a good solution to the main problem, and all other ideas are more than welcome. I hope it is possible to extend the features of my server without rebuilding the project. If anything is unclear, feel free to ask :)
  [1] com.sun.xml.internal.ws.client.http.CookieJar

  Adhir_Mehta wrote:
  Could you explain plug in scenario with one example?Ok. We have not chosen exactly how to do this, but the idea is that someone may be able to extend the functionality of our server without rebuilding the project. We thought of something like a jar file with a implementation of some abstract classes. It should at least only be necessary to redeploy the project into the web container. The problem is; how do we let the plugins extend our web interface? One solution we thought of was to let each plugin have it's own service and dynamicly link to the plugin services from the main service that we provide as standard in our server. This way we may have some kind of plugin support on the clients as well, making the client side plugins know what kind of service it needs on the server side and thus extending the functionality all together.
  Hope that explains our scenario. Feel free to comment and add new ideas :)
  Regarding session management, its not advisable to manage the session in web services since that way it will become non interoperable.The documentation we found regarding sessions and jax-ws was all doing sessions with HTTPSessions, and to let the web container handle that.
  On the server side
      @Resource
      private WebServiceContext wsContext;
      private HttpSession getSession() {
          MessageContext mc = wsContext.getMessageContext();
          return ((javax.servlet.http.HttpServletRequest)mc.get(MessageContext.SERVLET_REQUEST)).getSession();
      HttpSession session = getSession();
      session.setAttribute("User", user);On the client side
  ((BindingProvider)port).getRequestContext().put(BindingProvider.SESSION_MAINTAIN_PROPERTY,true);Do you have other standard options for us on how to do session management? All ideas are more than welcome

• Web service authentication/session management using Axis2

  I'm creating a web service using Axis2 where the client will need to login to the service and maintain a session. I'm trying to figure out a good way to do this. I've read the article on the following link:
  http://www.developer.com/services/article.php/3620661/Axis2-Session-Management.htm
  and it describes 4 main ways of doing this: Request Session Scope, Soap session scope, Transport session scope, and Application scope. However, it doesn't give much detail in actually implementing this. It says to add a parameter to services.xml like this:
  <service name="foo" scope=" transportsession">
  </service>
  but what about the actual code that goes in the server and client to actually handle the login process and verify the username/password in an SQL database on the server? I'm having a lot of trouble finding a good tuturial on this. Can anyone point me in the right direction? I'm also open to other ideas that don't necessarily directly involve Axis2.

  Session management for a web service and already answered. Locking.

• Session management for a web service

  I am building a web service where the user will need to login and the application will need to maintain a persistent session. I am using Apache Axis2 for client/server communication via SOAP/XML. What would the simplest and most common way of doing this? I know I could implement session management from scratch similarly to how a browser does it, using cookies, but I'd rather use standard Java libraries for this. Am I correct in assuming that even though I'm using Axis2, the solution doesn't really have anything to do with Axis2 since Axis2 is basically just a way for the client/server to send messages to each other?
  I've read a lot of information online about this, but there's so much information that it's hard to know where to start. Basically I'm just looking for someone to point me in the right direction on what classes to use and so on. I just need a simple username password authentication and session management system for a web service.

  Container Managed Authentication. Does everything you need.

• Re: (forte-users) Session management for page builder(fwd)

  Jaco,
  Hope this helps,
  John
  John Soper, Information Systems Development, ITS, The University of Melbourne
  email: j.soperits.unimelb.edu.au >>>> Tel: 9344 5612---------- Forwarded message ----------
  Date: Mon, 10 Jan 2000 16:34:31 +1100
  From: Lyle Winton <L.Wintonits.unimelb.edu.au>
  To: John Soper <j.soperits.unimelb.edu.au>
  Subject: Re: (forte-users) Session management for page builder (fwd)
  Why not construct an intermediate page after the
  login page that has SESSION_UNSPECIFIED and
  a refresh META tag. The page can then refresh
  to either the login failed or login succeeded pages
  depending on how the login went! Looks like...
  1) Login page (SESSION_UNSPECIFIED)
  2A) Refresh page (SESSION_UNSPECIFIED)
  < HTML >
  < HEAD >
  < META http-equiv="refresh"
  content="0;URL=<a href=
  "http://www.blah.com/forte.cgi?PageName=3">http://www.blah.com/forte.cgi?PageName=3</a>" >
  < /HEAD >
  < BODY >
  Login succeeded. Please wait...
  < /BODY >
  < /HTML >
  2B) Refresh page (SESSION_UNSPECIFIED)
  < HTML >
  < BODY >
  Login failed.
  < /BODY >
  < /HTML >
  3) We're finally in. (SESSION_REQUIRED)
  I'm not sure if this works on internet exploder.
  Lyle.
  John Soper wrote:
  Lyle,
  (Post from forte mailing group)
  Does this make sense to you?
  John
  John Soper, Information Systems Development, ITS, The University of Melbourne
  email: j.soperits.unimelb.edu.au >>>> Tel: 9344 5612---------- Forwarded message ----------
  Date: Thu, 30 Dec 1999 07:54:24 +0200
  From: "Jaco Erasmus (home)" <jacoerasmweb.co.za>
  To: kamranaminyahoo.com
  Subject: (forte-users) Session management for page builder
  Hi everybody,
  We have a lot of legacy code making use of the page builder service to
  produce web pages. These pages were originally written without session
  management. I'm now busy adding session management to them, but there is
  one problem with this approach and I will appreciate if someone can shed
  some light on it. Here it is:
  Page one is submitted.
  Some validation (authentication) takes place and depending on the outcome,
  either page 2A (SESSION_REQUIRED) or 2B (error page with
  SESSION_UNSPECIFIED) must be displayed. In order to implement this, I
  needed a place to make a decision. The way I've done it, is to pass a
  'virtual page' (SESSION_UNSPECIFIED) to the page builder service. The
  validation is done here and request.PageName is then replaced with the
  PageName of pages 2A or 2B. The HandleRequest() method is then called
  again. The problem is that the ValidateSession() method does not get
  invoked again, thus allowing 2A through without a session. How do I make
  sure that the ValidateSession() method get invoked again?
  The approach making use of templates look to me as if it has all the means
  to do this (redirect tag), but I don't want to rewrite everything if I
  don't have to. Is there a way that a pagebuilder page can be specified by
  the redirect tag? This will definitely help, but so far I've only managed
  to call templates from the redirect tag.
  Is the template approach better suited for session management? It is
  definetely better documented...
  Regards.
  Jaco
  For the archives, go to: http://lists.sageit.com/forte-users and use
  the login: forte and the password: archive. To unsubscribe, send in a new
  email the word: 'Unsubscribe' to: forte-users-requestlists.sageit.com

  Hi,
  i hope this helps
  http://help.sap.com/saphelp_nw70/helpdata/EN/7e/aa610cc1dd8f4388b1df02fc362f0f/frameset.htm
  http://help.sap.com/saphelp_nw70/helpdata/EN/69/c250754ba111d189750000e8322d00/frameset.htm
  regards,
  Anil.

• Session management in JAX-RCP with JWSDP 1.0_01

  Hi all,
  How can I access to the HTTP Session of the TOMCAT which run the Web Services engine?
  Browsing by the API I've found the method getHttpSession() in the interface javax.xmlrpc.server.ServletEndpointContext.
  How can get an instance which implements this interface?
  Regards,
  C�sar.

  An old thread but I have a question re session management and web services.
  The documentation for ServletEndpointContext says getHttpSession returns null if there is no HTTP session currently active and associated with the service endpoint. It further says the endpoint class should not rely on the HTTP session always being there.
  I need to ensure a session is active after a user successfully logs in. Other than spending alot of time implementing session management myself its the only way to tell whether the service requestor is allowed to use the service. Is the session not guaranteed to be active to take account of things like session timeout? Under normal circumstances where the user is sufficiently active to prevent timeout is it reasonable to assume the session will be there?

• Session management thru SOAP services

            Hi I am trying to deploy our application in a clsutered environment. Previsouly
            I had some problems with http session replication. That problems were solved but
            now I have another problem.
            Our application has multiple clients, some are browser based and some are swing
            based that use our SOAP services.
            all browser based clients use httpsession for session management, since weblogic
            replicates the httpsession, we have no problem clustering http webapps. But SOAP
            services has no access to httpsession.
            We have implemented our own session management (we cache the app specific session
            objects) so that SOAP services works fine (SOAP services doesn't have access to
            httpsession, so we could not use httpsession for session management). Each method
            in our soap services takes a sessionid and we get the session objects (not http
            session objects but our app specific session objects) based on the sessionid.
            But now that our application is clustered, the session cache mechanism doesn't
            work since its not replicated thru out the clusters.
            I thought I could use stateful session beans to cache the sessions, but how do
            I cache the SFSB thru out the session w/o sending any references to the SFSB to
            the client. I know I can send the Handle reference to the client but We cannot
            change the SOAP API now. The only information client has is the session id.
            My question is: How do I use SFSB w/o changing my soap services method paramaters.
            My SOAP method looks like methodName(String sessionid, ..............)
            I could use a clustered cache but we can't buy anything in the current situation.
            Any help would be appreciated.
            Praveen
            

  Well, does the DSM log have any details? (see [Note 529924|https://service.sap.com/sap/support/notes/529924] on how to view the logs)
  My guess is that you are using different protocols between the dispatcher and a backend system: they both have to use HTTP or both use HTTPS (as described in the same note). That would also explain why the URL for the direct connection to the portal  doesn't present the error, if that URL has the same protocol as the backend.
  Regards,
  Sean

• Session Manager?

  Hello,
  I would like to be able to save my session in Photoshop much like I can with the workspace.
  With a session manager, I will be able to save and load all the open canvases in one go.
  So, for instance, if I wanted to continue my work next time I open Photoshop, I will be able to load the previous session -- this will open all the canvas windows and their exact placement in the main Photoshop window.
  How can I accomplish this? Are the scripts advanced enough to implement new menu's and trigger such actions (maybe I am being too hopeful, here)?
  With functionality, an intuitive design, and ease of use being some of the top priorities in applications these days, I am hopeful that Adobe can at least implement this next time around.
  Perhaps I am just missing the option? Is such a feature available?
  Thanks in advance!

  This thread is a little old but I was searching for this ability in photoshop.  Is there any script to do this ?

• Session management question

  I have a requirement to prevent multiple sessions per user id. So, when a
  user logs in to our app, any existing sessions he has must be invalidated.
  Does anyone know the correct WebLogic API call to use to locate a session
  object for a given user id? I need to call this so that I can invalidate the
  existing session.
  Thanks,
  Rob.

  Hi Rob,
  Using Servlet 2.3 features this can be done using the sessionCreated and
  sessionDestroyed API (chapter 10 of the servlet 2.3 Spec). This Spec has been
  implemented in WLS 61.
  These methods are provided by the HttpSessionListener interface and they are
  called by the container whenever a session is created or destryed as their name
  suggests. These methods take in HttpSessionEvent as their parameter which can be
  use to get a handle of the corresponding Session object. Once you get this
  handle you can store it in a Hashtable with userID as the key.
  You can use this Hashtable to verify if the session for a particular user
  already exists or not. Once the session is invalidated, the sessionDestroyed
  method will be called and this allows you to remove the session handle from the
  Hashtable. The Hashtable thus, maintains a list of active sessions in an web
  application.
  A sample impl:
  public void sessionCreated(HttpSessionEvent evt){
  sess = evt.getSession();
  /* have code to populate the sesion Attributes */
  log("\nsession created " + sess.getId() );
  log("Session id: " + sess.getAttribute("userID") );
  synchronized(this) {
  h.put(sess.getAttribute("userID"), sess);
  public void sessionDestroyed(HttpSessionEvent evt){
  sess = evt.getSession();
  log("\nsession destroyed: " + sess.getId() );
  synchronized(this) {
  h.remove(sess.getAttribute("userID"));
  hope this helps,
  mihir
  Rob Worsnop wrote:
  OK. I posted the original message after speaking to BEA tech support. They
  had told me there was an API for getting hold of the session. Now they tell
  me there is not.
  It looks like I have to implement this particular aspect of session
  management myself.
  It's a pretty simple task - provided you expect no more than a few hundred
  users logged on at a particular time.
  Anyone got any tips about how to implement this in scalable manner?
  Thanks,
  Rob.
  "Rob Worsnop" <[email protected]> wrote in message
  news:[email protected]...
  I have a requirement to prevent multiple sessions per user id. So, when a
  user logs in to our app, any existing sessions he has must be invalidated.
  Does anyone know the correct WebLogic API call to use to locate a session
  object for a given user id? I need to call this so that I can invalidatethe
  existing session.
  Thanks,
  Rob.

• Session manager attach data

  I've got a successful implementation where I am using NI's Session Manager to manage instrument sessions.  I want to be able to attach information to the session to reference later. I have managed to implement the AttachLong and AttachString methods (as well as the get versions) and things are working just fine.  However, I can't seem to manage to get the AttachObject method to work out. 
  Does anyone have any sample LabVIEW code for implementing the IInstrSession.AttachObject / IInstrSession.GetObject methods?
  Thanks

  hi,
  1.check to No the cache
  2.check at what level you have set the user (max is 7)
  3.clear all cache and the logs.
  4.restart all services...
  reults???
  is it possible to show us the results???
  hope i helped....
  http://greekoraclebi.blogspot.com/
  ///////////////////////////////////////

• WebService with Session manager and Connection pooling

  I've created many a Oracle users in our RDBMS. It comes to this, that every
  user in our Company has its own oracle account.
  We are developing now a Web application (Internal information system) for my
  Company.
  This Web application will have GUI created in perl and middle tier will be
  Oracle WebServices.
  This WebServices will be connected to the DB for every oracle user and it also
  must have a session management.
  And this is a Action plan:
  1. the user will log to the Web GUI with his oracle login name and a password
  2. this oracle user name and the password will be sent from this Web app to the
  WebService
  3. this WebService will create a connection over a JDBC (not over DataSources)
  and will create also a session (maybe like a servlet)
  4. in this session the instance of the created connection for this user will be
  saved and the WebService will return to the Web app the session id
  5. and this session id will be then used for further calling of WebServices
  Then comes another user, signs up over the Web app with his oracle account and
  this whole process repeats.
  Finally every logged user will have its own session id with his own connection
  instance to DB.
  Maybe it's possible, that it will work only with Servlet (with HttpSession) and
  WebService created from this Servlet.

  Take a look at the Statefull Java Web Services. It may be able to handle your use case.
  http://download-west.oracle.com/docs/cd/B14099_04/web.1012/b14027/javaservices.htm#i1027664
  You should be able to cache the database connection, directly in your service implementation class.
  Hope this helps,
  Eric

• Oracle's Temporary Table Use/Session Management

  I'm wondering about the session management that the JSQL services use. We have an app that uses a standard Oracle user but we manage the users via the application. We are using the temporary table feature in Oracle as it allows for session specific data to be created, read, etc for that single session.
  Is there a way for me to force each new web user into it's own session (that will span across multiple XSQL pages) so that we can continue to use this functionality.
  Thanks.

  Not using the built-in connection manager, but the latest versions of the XSQL Pages framework allow you to provide your own implementation of a connection manager that could be a custom implementation like this.

• How does Session Manager work?

  Is anyone else using Session Manager? It is a relatively new tool. I think it came out with TestStand 2.0. It is used to manage instrument handles. At first I thought it would allow us to share handles between Labview and CVI (the documentation hints at this) but after reading the fine print I found that it cannot share handles that run in different processes (i.e. Labview and CVI). It is still useful because it keeps a handle open so that a new handle does not need to be opened everytime TestStand calls a Labview or CVI module. Unfortunately, the only documentation for Session Manager is a help file. There is no reference to it in the TestStand documentation, although there are a couple of examples in the TestStand\Examples directory. I
  find that I need to experiment with Session Manager to figure out how it behaves. In particular, I'm trying to figure out how it works with a mix of Labview and CVI modules being called from TestStand. Does anyone know of any app notes or other documentation explaining the proper use of Session Manager?

  Mark,
  Unfotunately the only help available is the help file of the Session Manager and the TS examples.
  You mentioned that Session Manager cannot share handles between processes. In fact, Session Manager is capable of sharing handles between processes, it is the C DLL drivers that are not capable of sharing their handles between processes. There are some ActiveX instrument drivers out there that are capable of sharing their ActiveX session handles between processes, and more ActiveX instrument drivers are due for release. With these drivers, the Session Manager will be able to manage the instrument handles between different processes.
  Because of the limitation of C style DLL drivers, you cannot create a instrument handle in a VI called by TS and use the handle in a DLL called by TestStand. The VI is executed in a LabVIEW process while the DLL is called in the Sequence Editor or you operator interface process. There are 2 solutions to overcome this limitation. Both are based in running the VI and DLL in the same process:
  1) You can have your operator interface written in LabVIEW. When you build you operator interface into an executable, you can configure the LV adapter in TestStand to use the LV opeator interface to run the VIs that your sequence calls (see NIDZ document "Overview of Distributing TestStand when your Sequences use the LabVIEW Standard Prototype Adapter"). In this case both the DLLs and VIs called by your sequence will be executed in the same process and can share C DLL instrument handles.
  2) You can build your VIs into DLLs using LV 6.0 or later. You can then configure your sequence to call these DLLs instead of calling the VIs. This means rewriting your sequence to use the DLL Flexible adapter to call the LV DLL instead of using the LV adapter to call your VIs. In this case your LV DLLs and other DLLs called by your sequence are executed in the same process and can share C DLL instrument handles.
  Are there specific questions that you have regarding the Session Manager? Perhaps your questions can lead to examples and App Notes. There have not been very many questions regarding to the Session Manager so it is difficult to determine what customers need.