IPlanet 6.0 Session Validation
Hi,
We are using iPlanet 6.0 web server on windows 2000 environment. The session validation is done using custom SAF, created as .dll file. Now, the problem we are facing currently is,
*1. http://www.test.com/sample/xxx/a.htm*
*2. http://www.test.com/example/yyy/b.htm*
If I use the first URL, the web server calls the custom SAF dll file and checks whether the session is valid or expired. If the session is expired, it will redirect the users back to login page.
Whereas, if I use the second URL,the session validation is not done. The web server just serves the client requested page.
Hence, I understand the session validation is done only for the pages that reside under */sample/* directory located under wwwroot.
The question is, where is this path to check for session validation is mentioned.
Any help is highly appreciated...
Thanks in advance,
WS6.0 docs are located in http://docs.sun.com/app/docs/coll/S1_ipwebsrvree60_en
Info about Session manager :
http://docs.sun.com/source/816-5689-10/sess.htm
Can you send your server.xml and other configuration files in <ws-install-root>/<instance>/config directory?
Can you migrate to 7.0 update 2 if possible?
You can download it fro free from http://www.sun.com/software/products/web_srvr/home_web_srvr.xml
Similar Messages
-
Re: [iPlanet-JATO] Re: session timeout when not submitting to a handler
Mark--
I know what's happening here, but am curious about your approach. You said
in an earlier email that you were generating links directly to JSPs, but
from what you are describing, you are generating JATO-style links to access
JATO pages. Nothing wrong with that, but there is a signficant difference.
Actually, it just occurred to me, I'm wondering what your URLs look like.
The way the request dispatching works in JATO is it ignores anything after
an initial "." in the final part of the URL path. For example, a request
for "/myapp/module1/MyPage.jsp" doesn't actually try to hit the JSP, instead
it tries to hit the JATO page "/myapp/module1/MyPage".
The end result is that you may think you are accessing a JSP directly, but
are instead accessing a JATO page. The reason the request dispatching works
this way is because it is illegal to access JATO JSPs directly, and there is
actually a (disabled) JATO feature that piggybacks on the use of the
dot-delimited URL.
So, now I need to understand your intent. I wasn't really sure why you were
generating direct JSP/page links to begin with. This works against the Type
II architecture JATO uses, in which all JATO requests go back to the
controller servlet.
If you are trying to design something like a menu page, you may have thought
that it was burdensome to create a number of HREF children, plus implement
event handlers for each of them. This definitely would be burdensome beyond
just a handful of links, but this is why JATO provides other mechanisms for
doing what I'll call here "polymorphic HREFs".
Assuming this menu page scenario, the easiest thing to do is to simply use
one HREF child on the page, and add a value to it each time it is rendered
that distinguishes it from the other instances on the page. In your event
handler for the HREF, you simply check this value and use it to decide which
page to forward to. You can add a value to an HREF or Button by using the
"addExtraValue()" method. Or, if you are using JATO 1.2, you can add extra
query string NVPs right in the JSP document using the "queryParams"
attribute of the <jato:href> tag. Thus, your one HREFchild and event
handler become "polymorphic" because what they do depends on the context in
which they are invoked.
Now, I still don't have confirmation that this is what you were trying to
do, so until I do, let me explain the exception you're seeing. JATO assumes
that when a request comes in for a page that includes the pageAttributes
NVP, it is a request coming from a previously generated JATO page. Because
of the way JATO works, this means that the request dispatching code should
send the request back to the originally rendered page. For example, if Page
A renders an HREF, which the user then activates, JATO sends the request
back to Page A for handling. All of the HREFs and forms generated during
rendering of Page A actually refer back to Page A, regardless of where those
links or buttons actually pass the request in their event handlers/Command
objects.
So, what's happening when you include the pageAttributes in your HREFs is
that JATO is assuming that a request is being sent to the target page, with
the assumption that the target page has a mechanism in place to handle the
request. This assumption relies on the specification of the "originator" of
the request being specified in the request. For links/HREFs, the name and
value of the HREF is sent along with the request. For forms, the name and
value of the button that was pressed are sent in the request. JATO uses the
presence of these name/value pairs to decide which event handler, or which
Command object, to invoke to handle the request.
The exception you are receiving is saying that there was no object on the
target page that indicated it could handle the request. This is to be
expected, since you have not specified a query parameter that indicates
which CommandField child is responsible the request. However, this is where
I see the disconnect, because that is not what I believe you were trying to
do (as explained above).
So now, given all the information above, can you tell me what you're trying
to accomplish, and whether or not the info I've given you has helped you to
design a mechanism more in line with a JATO approach? If not, given that I
understand what you're trying to do, I can offer a more concrete solution.
Todd
----- Original Message -----
From: <Mark_Dubinsky@p...>
Sent: Monday, November 05, 2001 2:54 PM
Subject: [iPlanet-JATO] Re: session timeout when not submitting to a handler
This is the exception we get:
(And BTW, leaving a blank value for the pageAttributes doesn't help)
[05/Nov/2001 17:49:18:4] error: <portalServlet.processRequest>
javax.servlet.ServletException: The request was not be handled by the
specified handler
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled Code)
at
javax.servlet.ServletException.<init>(ServletException.java:107)
at
com.putnaminvestments.common.jato.ApplicationServletBase.dispatchRequ
est(Compiled Code)
at
com.putnaminvestments.common.jato.ApplicationServletBase.processReque
st(Compiled Code)
at
com.putnaminvestments.bp.portal.portalServlet.processRequest(Compiled
Code)
at
com.putnaminvestments.common.jato.ApplicationServletBase.doPost(Compi
led Code)
at
com.putnaminvestments.common.jato.ApplicationServletBase.doGet(Compil
ed Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at com.putnaminvestments.bp.bpServletBase.service(Compiled
Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at
com.netscape.server.servlet.servletrunner.ServletInfo.service(Compile
d Code)
at
com.netscape.server.servlet.servletrunner.ServletRunner.execute(Compi
led Code)
at com.kivasoft.applogic.AppLogic.execute(Compiled Code)
at com.kivasoft.applogic.AppLogic.execute(Compiled Code)
at com.kivasoft.thread.ThreadBasic.run(Native Method)
at com.kivasoft.thread.ThreadBasic.run(Native Method)
at com.kivasoft.thread.ThreadBasic.run(Native Method)
at com.kivasoft.thread.ThreadBasic.run(Native Method)
at com.kivasoft.thread.ThreadBasic.run(Compiled Code)
at java.lang.Thread.run(Compiled Code)
--- In iPlanet-JATO@y..., "Todd Fast" <Todd.Fast@S...> wrote:
Mark--
Initially we tried to add the pageAttributes NVP as well, but that
was
causing an exception, so we stopped doing that.That's odd--what was the exception?
Our problem now is that when the SessionTimes out it does not go
to
onSessionTimeout method as in processRequestMethod of the
ApplicationServletBase it looks for pageAttributes. If it is notnull
then only onSessionTimeOut method is called.This is sadly the only technique for determining if a session hastimed out
and a new one been created, versus the initial creation of thesession.
Is there any work around for this? Maybe you can suggest how topass
the pageAttributes without causing the initial exception?Definitely--let me know what the exception was and I'll be able tosuggest
something. However, it shouldn't really be any harder thanappending a
"jato.pageAttributes=" empty NVP on the HREF.
Todd
Todd Fast
Senior Engineer
Sun/Netscape Alliance
todd.fast@s...
For more information about JATO, please visit:
http://developer.iplanet.com/tech/appserver/framework/index.jspOK, here's what I'm trying to do: We have, like you said, a menu
page. The pages that it goes to and the number of links are all
variable and read from the database. In NetD we were able to create
URLs in the form
pgXYZ?SPIDERSESSION=abcd
so this is what I'm trying to replicate here. So the URL that works
is
pgContactUs?GXHC_GX_jst=fc7b7e61662d6164&GXHC_gx_session_id_=cc9c6dfa5
601afa7
which I interpreted to be the equivalent of the old Netd way. Our
javascript also loads other frames of the page in the same manner.
And I believe the URL-rewritten frame sources of a frameset look like
this too.
This all worked except for the timeout problem. In theory we could
rewrite all URLs to go to a handler, but that would be...
inconvenient. -
Issue in keeping the InfoView session valid using Custom JSP Open Document
Hi
We are using OpenDocument URL in custom JSP to show BO Web Intelligence Document. The documents are opening fine but some of our WebI documents have links to other WebI document, when the link is clicked it takes to Info View Login Page.
If I login and logout once from InfoView then the WebI document links work fine.
Can you please guide me on how to make the session valid for WebI internal links? Do I need to create a Cookie or use URL Encoding?
Following is the sample JSP code:
<%@ page import="com.crystaldecisions.sdk.exception.SDKException" %>
<%@ page import="com.crystaldecisions.sdk.framework.CrystalEnterprise" %>
<%@ page import="com.crystaldecisions.sdk.framework.IEnterpriseSession" %>
<%@ page import="com.crystaldecisions.sdk.framework.ISessionMgr" %>
<%@ page import="com.crystaldecisions.sdk.occa.infostore.IInfoStore" %>
<%@ page import="com.crystaldecisions.sdk.occa.security.ILogonTokenMgr"%>
<%
try{
String systemName = "ServerName";
String userName = "user";
String password = "pass";
String authType = "secEnterprise";
IEnterpriseSession enterpriseSession=null;
if (enterpriseSession == null)
ISessionMgr enterpriseSessionMgr = CrystalEnterprise.getSessionMgr();
enterpriseSession = enterpriseSessionMgr.logon(userName, password, systemName, authType);
ILogonTokenMgr logonTokenMgr = enterpriseSession.getLogonTokenMgr();
String defaultToken = logonTokenMgr.createWCAToken("",20,10);
response.sendRedirect("http://boServer:port/OpenDocument/opendoc/openDocument.jsp?iDocID=16894&token="+defaultToken);
catch(Exception e)
e.printStackTrace();
%>Thanks Aasavari for responding. My problem is solved.
I need not create any cookie or create token using getLogonToken
Some of the URLs in the webi documents were incorrect and so Info View was taking to the Info View Login page.
But I am surprised though why info view not complain about incorret and rather takes to the login page.
Thanks for your help again. -
Help with jsp session validation
i've build up a page that only users wil 'administrator' as the session is variable can access. if they don't they will be directed to the login page.
However, I'm getting a null pointer exception.
my code is as follows:
<%@ page import="java.io.*"%>
<%
if (session.getAttribute("id").equals(null) || !(session.getAttribute("id").equals("administrator")))
response.sendRedirect("adminlogin.htm");
%>
Error Message:
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException
root cause
java.lang.NullPointerException
any pros please help? i know it's something to do with my jsp session validation. thanks in advance.one more thing, with regrads to the solution evnafets provided. I tried it out on all my pages that requires administrator rights and found that the code only redirects when it's not expecting any parameters. Else, it just display an error message there. Is there a way around this? Or I should let let my end user suffer?
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:248)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2396)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:405)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:380)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:508)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533)
at java.lang.Thread.run(Thread.java:534)
root cause
java.lang.NullPointerException
at org.apache.jsp.view_jsp._jspService(view_jsp.java:177)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:136)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:204)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2396)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:405)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:380)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:508)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533)
at java.lang.Thread.run(Thread.java:534) -
Hi All!
Is it possible to create custom session validation mechanism in coherence, which checks session availability in third party system (Siebel in our case) and provides data caching assigned to this session from external Web Services?
Thank you very much :)Coherence supports HTTP Session Caching via Coherence*Web.
In terms of doing something similar for some other session context such as Siebel it may or may not be doable depending upon the nature of
the session object you are caching. You probably would need to use standard Coherence API mechanisms and application logic to manage the session state
and relate it to other entities. -
I am using windows 2000.
iPlanet Web Server, Enterprise Edition 6.0 SP2
I tried to do jdbc persistence for sessiondata.
Somehow it didn't work.
I edited the JdbcStore code and added some system.outs in it.
From the logs I could note that
It is going into
JdbcStore.init(Properties config)//when the server starts up
JdbcStore.reap(long currentTime) //when the server is brought down
But it is not going into
JdbcStore.save(IWSHttpSession session)
JdbcStore.remove(IWSHttpSession session)
JdbcStore.load(IWSHttpSession session)
I did a "select count(*) from sessions" and it got me
no of rows=0.
The logs contained
[06/Mar/2002:11:25:09] info ( 552): IWSSessionManager: Maximum number of sessions is 1000
[06/Mar/2002:11:25:10] info ( 552): IWSSessionManager: Maximum number of sessions is 1000
[06/Mar/2002:11:25:14] info ( 552): JdbcStore: initialized with url=jdbc:odbc:LocalServer, driver=sun.jdbc.odbc.JdbcOdbcDriver
So I should think it was working.
The pages that are using HttpSession are working ok but should I not get some rows in my table "sessions" when I query?
This is the webapps.xml I used.
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- iWS 6.0 specific web application configuration. -->
<!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN" "http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
<vs>
<!-- Define global configuration -->
<!-- Configure a session manager and tracking configuration -->
<session-manager
class='com.iplanet.server.http.session.IWSSessionManager' >
<init-param>
<param-name>maxSessions</param-name>
<param-value>1000</param-value>
</init-param>
<init-param>
<param-name>timeOut</param-name>
<param-value>1800</param-value>
</init-param>
<init-param>
<param-name>session-failover-enabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>reapInterval</param-name>
<param-value>600</param-value>
</init-param>
<init-param>
<param-name>session-data-store</param-name>
<param-value>com.iplanet.server.http.session.JdbcStore</param-value>
</init-param>
<init-param>
<param-name>url</param-name>
<param-value>jdbc:odbc:LocalServer</param-value>
</init-param>
<init-param>
<param-name>provider</param-name>
<param-value>sun.jdbc.odbc.JdbcOdbcDriver</param-value>
</init-param>
<init-param>
<param-name>username</param-name>
<param-value>sa</param-value>
</init-param>
<init-param>
<param-name>password</param-name>
<param-value>sa</param-value>
</init-param>
<init-param>
<param-name>lookupPool</param-name>
<param-value>4</param-value>
</init-param>
<init-param>
<param-name>insertPool</param-name>
<param-value>4</param-value>
</init-param>
<init-param>
<param-name>updatePool</param-name>
<param-value>4</param-value>
</init-param>
<init-param>
<param-name>deletePool</param-name>
<param-value>4</param-value>
</init-param>
<!--
<init-param>
<param-name>session-failover-enabled</param-name>
<param-value>false</param-value>
</init-param>
-->
</session-manager>
<session-tracking use-cookies="true" />
<!-- Define the web applications for this virtual server-->
<!-- catalog application -->
<web-app uri="/Web" dir="E:/iPlanet/Servers/docs" enable="true" >
<!-- Specify a tempory directory. A path returned in the "javax.servlet.context.tempdir" property; defaults to WEB-INF/tmp. -->
<!--
<tempdir dir='/var/catalog/tmp'/>
-->
<!-- reload classes at every 5 minutes; also include mycatlog.jar file in the classpath -->
<!--
<class-loader reload-interval='300' classpath='/home/work/mycatalog.jar' />
-->
</web-app>
</vs>I'm trying to do the same thing with a file store, also somewhat unsuccessfully. However, one thing I can point out is that the manual says that the <session-manager> element should be within the <web-app> element in web-apps.xml. In your example, it is outside of it.
-
All,
I have set the BIP security as Oracle BI SERVER and able to successfully log in from dashboards, answers to BIP. but after some time BIP is getting timed out.
where can I set the session time out parameter? and
how to make the BIP session valid as long as OBI presentation services session is valid?
Thanks in advance.Post Author: amr_foci
CA Forum: Authentication
go to the universe which this report based on, get the parameters window from (File->Paramaters)
check the CONTROL tab
see those parameters and configure them as you want
good luck
Amr -
Session in java swing??
Hi friends,
I need to create session in java swing...
I have a client running in swing and can access resources in multi-threaded server. I need to validate user using session. But i don't know how to use session.
User has to login with username & password (authentication verified at server using socket communication).
If successful the login frame vanishes and other options are displayed. user has a feature that he can send files to other
user. so i need to use session for security purpose.
Anyone help me with code
Edited by: sathya_vn on Apr 20, 2008 5:41 PMAnyone help me with the code-----> u got tat wrong..
I need to know how to use session with java swing. I requested if anyone has such code....
This is a part of my project .
Am using MySQL Database to store username and password.
Cleint side interface has a frame (first frame--frame1) requesting client to provide login information. The login details <username and password> are sent to server. server validates whether the login info are correct or not and return true or false .
If false the frame1 will show a JOptionPane ... message stating that wrong username or password specified.
If true i need to create a session and other operations are done after session validation. I am using ssl socket.
If u want the code then i have post around 300 or more lines.. -
Session-failover-enabled not working in iWS6 with a FileStore
I'm trying to use a FileStore to implement session persistence using IWSSessionManager. I have the following in my web-apps.xml:
<web-app uri="/Banking" dir="c:/java/online">
<session-manager class='com.iplanet.server.http.session.IWSSessionManager'>
<init-param>
<param-name>session-data-store</param-name>
<param-value>com.iplanet.server.http.session.FileStore</param-value>
</init-param>
<init-param>
<param-name>session-data-dir</param-name>
<param-value>c:/iplanet/servers/SessionData</param-value>
</init-param>
<init-param>
<param-name>session-failover-enabled</param-name>
<param-value>false</param-value>
</init-param>
</session-manager>
</web-app>
I'm seeing the following exception in my log:
[12/Jun/2002:10:10:56] info ( 320): java.io.NotSerializableException: com.iplanet.server.http.servlet.WebApplication
at java.io.ObjectOutputStream.outputObject(ObjectOutputStream.java:1148)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:366)
at java.io.ObjectOutputStream.outputClassFields(ObjectOutputStream.java:1827)
at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:480)
at java.io.ObjectOutputStream.outputObject(ObjectOutputStream.java:1214)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:366)
at java.io.ObjectOutputStream.outputClassFields(ObjectOutputStream.java:1827)
at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:480)
at java.io.ObjectOutputStream.outputObject(ObjectOutputStream.java:1214)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:366)
at java.util.Hashtable.writeObject(Hashtable.java:764)
at java.lang.reflect.Method.invoke(Native Method)
at java.io.ObjectOutputStream.invokeObjectWriter(ObjectOutputStream.java:1864)
at java.io.ObjectOutputStream.outputObject(ObjectOutputStream.java:1210)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:366)
at com.iplanet.server.http.session.IWSHttpSession.writeObject(IWSHttpSession.java:764)
at java.lang.reflect.Method.invoke(Native Method)
at java.io.ObjectOutputStream.invokeObjectWriter(ObjectOutputStream.java:1864)
at java.io.ObjectOutputStream.outputObject(ObjectOutputStream.java:1210)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:366)
at com.iplanet.server.http.session.FileStore.save(FileStore.java:167)
at com.iplanet.server.http.session.IWSSessionManager.update(IWSSessionManager.java:499)
at com.iplanet.server.http.servlet.NSHttpServletRequest.closeInputStream (NSHttpServletRequest.java:612)
at com.iplanet.server.http.servlet.NSServletRunner.servicePostProcess(NSServletRunner.java:857)
at com.iplanet.server.http.servlet.NSServletRunner.invokeServletService(NSServletRunner.java:942)
at com.iplanet.server.http.servlet.WebApplication.service(WebApplication.java:1065)
at com.iplanet.server.http.servlet.NSServletRunner.ServiceWebApp(NSServletRunner.java:959)
Any ideas what's wrong?
I should note that I don't think it is because I am storing non-serializable things in the session attributes. I think this because originally I was getting an exception that said that a specific attribute wasn't serializable. I changed the class definition of the class I was storing in that attribute to include "implements java.io.Serializable" and that problem went away.Hi Sija,
Can i have detailed scenario in your cluster configuration.
Means you are saying that going to start cluster package manually, if it is right please make sure that you had the same copy of start, instance profiles of NodeA to Node B. Means you need to maintain two startup, two instance profiles for both nodes. In a normal situation it will picik the profile of node A to start databse from A node. But in a failover situation it will not pick node A profile to start, it should pick Node B s profiles.
Just make a copy from node A and change the profile name accordingly to Node b. Then try to restart.
Regards
Nick Loy -
Bug in session manager. If you work for Sun, please take a look.
While evaluating what it would take to transition from Iplanet 6 to Sun Webserver 6.1, I found a problem with the Sun Webserver's s1ws60 session managers. If the page is not explicitly flushed before ending, the session cookie JSESSIONID is never sent. So as long as the user continues to visit small pages, they keep getting new sessions (because they are never sent a session id, so the session manager creates a new one every time they visit). The session cookie is sent if larger pages are visited (the buffer is automatically flushes). The session cookie is also sent if out.flushBuffer() is explicitly called within the JSP. This problem was not present in IWS6.0.
The problem has been tracked down to a combination of the code in com.iplanet.server.http.session.IWSSessionManager (found in the "plugins" directory) and the JSP's Java code generated by a component of the webserver (Catalina?). Under Iplanet, the code generated in the finally{} section of the JSP first flushed the buffer, then called releasePageContext. Under Sun Webserver, the code generated just calls releasePageContext without explicitly flushing the buffer before the call. When flushing the buffer for a non-committed response, the headers are first generated and sent, along with any cookies, including the session cookie. The server only sends the session cookie if, among other things, the session satisfies "_session.isNew()". The order of events in releasePageContext ensures that this is never true when used in combination with IWSSessionManager. I don't have the source code to verify this, but from experimentation I think this is the reason: Before the buffer is flushed, the session is saved by IWSSessionManager.update(session), which at line 498 calls "sn.unsetNew()". So the session is never isNew() when it gets around to sending the session cookie. This can be resolved by either adding an explicit buffer flush to the finally{} section of the JSP, or removing the unsetNew() call from IWSSessionManager. Since I don't know where the code that generates the JSP is (or if I can even change it), I ended up removing the sn.unsetNew() call from the update() function.
Here's the code generated in the finally{} section using IWS6 and Sun Webserver:
Iplanet 6
} finally {
if (out != null && (out instanceof org.apache.jasper.runtime.JspWriterImpl)) {
((org.apache.jasper.runtime.JspWriterImpl) out).flushBuffer();
if (_jspxFactory != null) _jspxFactory.releasePageContext(pageContext);
}Sun Webserver
} finally {
_jspx_releaseTags(_jspx_curTag, null);
if (_jspxFactory != null) _jspxFactory.releasePageContext(pageContext);
}I posted a bug report on this.
-
I have a servlet filter that checks the session for every incoming request.
The session validation is done for every request except the login request. If a request with a new session, which is not a login request is sent, then unauthorised user is sent in the response.
If the http request for login is sent in the form of : http://ipaddress:portnumber/myApp/login.do, and after successful login, if the subsequent requests are sent in the form of
http://mymachinename.domain.com/myApp/processotherrequests.do (since Apache server is configured on my machine), then these requests are treated as new sessions and hence unauthorised user response is sent back.
what could be the problem?The session is maintained as a cookie on the browser with the name JSESSIONID. The browser only sends cookies back to the domain that set the cookie. The browser does not know that the ipaddress and the domain name are the same so does not send the cookie.
As an example the ip address 127.0.0.1 is equivalent to the domain name 'localhost' but the browser does not know this so a cookie created for 127.0.0.1 will not be send to in a call to 'localhost' -
JDBC Sessions in SunOne WebServer and
Has anyone in here worked with JDBC sessions in SunOne Webserver 6.1 ( with ASE 12.5.x / JDBC JConnect 5.x of course )?
In SunOne 6.1 webserver, you can specifically tell it to use JDBC for session persistence:
http://docs.sun.com/source/817-1833-10/pwasessn.html
... by using "com.iplanet.server.http.session.JdbcStore" as the "session-data-store" property. It also goes on to allow you to specify the actual column names that are used, etc...
According to the URL above, the columns are:
create table sessions
SessionID VARCHAR(100),
AccessTime NUMERIC(9),
TimeOut NUMERIC(9),
Value VARBINARY(4096)
2) What indexes are required here ??
e.g. I presume you'll need to have a unique index on the SessionID column, and perhaps an index on AccessTime ( for the repear to delete expired sessions )
3) Any working example sun-web.xml using JdbcStore ??
Thanks,
John2) What indexes are required here ??
e.g. I presume you'll need to have a unique index on
the SessionID column, and perhaps an index on
AccessTime ( for the repear to delete expired
sessions )You are correct on both accounts. Those are the only needed indexes as none of the other columns are used ias selection criterion.
>
>
3) Any working example sun-web.xml using JdbcStore
??Unfortunately, our collection of samples does not include one, but I do know of customers using this Store. -
Iam using iPlanet 6.0SP6 in NT 4.0.
I would like to make the session cookie JSESSIONID to be transfer only on secure connection.
Then, I make the change to web-apps.xml as below
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
"http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
<vs>
<session-cookie is-secure="true"></session-cookie>
</vs>
After that, I restart the iplanet web server and load the page with I.E. again. I see that the cookie is still passed with non-secure mode.
Is there any wrong with my web-apps.xml?Janice,
Thanks for your help.
When I use the below web-apps.xml, I can make the cookie in secure session.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
"http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
<vs>
<web-app uri="/" dir="d:/java/docroot" enable="true">
<session-manager class="com.iplanet.server.http.session.IWSSessionManager">
<init-param>
<param-name>maxSessions</param-name>
<param-value>16000</param-value>
</init-param>
<init-param>
<param-name>timeOut</param-name>
<param-value>7200</param-value>
</init-param>
<init-param>
<param-name>reapInterval</param-name>
<param-value>30</param-value>
</init-param>
<init-param>
<param-name>maxValueSize</param-name>
<param-value>8192</param-value>
</init-param>
</session-manager>
<session-cookie is-secure="true"/>
</web-app>
</vs>
However, when I configure more on the web applicaiton with the web.xml, I check that the cookie no more secure.
THe web.xml is
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<display-name>Trade Info Exchange</display-name>
<description>
Trade Info Exchange
</description>
<!-- Define servlets that are included in the example application -->
<servlet>
<servlet-name>Login</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Login</servlet-name>
<url-pattern>/Login</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Fmenu</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.FmenuServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Fmenu</servlet-name>
<url-pattern>/Fmenu</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Fcontent</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.FcontentServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Fcontent</servlet-name>
<url-pattern>/Fcontent</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Express</servlet-name>
<servlet-class>com.chase.apps.express.servlet.EXPRESS2</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Express</servlet-name>
<url-pattern>/EXPRESS2</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>AppControl</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.AppControlServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AppControl</servlet-name>
<url-pattern>/AppControl</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>errorPage</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.errorPage</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>errorPage</servlet-name>
<url-pattern>/errorPage</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>LoginFail</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.LoginFailServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginFail</servlet-name>
<url-pattern>/LoginFail</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Logout</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.LogoutServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Logout</servlet-name>
<url-pattern>/Logout</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>ChangePwdWarning</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.ChangePwdWarningServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ChangePwdWarning</servlet-name>
<url-pattern>/ChangePwdWarning</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>ChangePwd</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.ChangePwdServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ChangePwd</servlet-name>
<url-pattern>/ChangePwd</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>ReLoginDialog</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.ReLoginDialog</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ReLoginDialog</servlet-name>
<url-pattern>/ReLoginDialog</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>TradeTrackProcessSearch</servlet-name>
<servlet-class>chase.app.tt.servlet.ProcessSearchServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TradeTrackProcessSearch</servlet-name>
<url-pattern>/TradeTrackProcessSearch</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>TradeTrackSearchScreen</servlet-name>
<servlet-class>chase.app.tt.servlet.SearchScreenServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TradeTrackSearchScreen</servlet-name>
<url-pattern>/TradeTrackSearchScreen</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>TradeTrackMain</servlet-name>
<servlet-class>chase.app.tt.servlet.MainServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/LCIMPORT</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/LCEXPORT</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/COLLIMP</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/COLLEXP</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/B2BMenu</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/B2BMain</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>ctielogin.html</welcome-file>
</welcome-file-list>
</web-app>
Pls advise how I can make the cookie secure for using the web.xml and web-apps.xml
thanks
samuel poon -
Portal Session killing or Session time out
Hi experts
Where we can maintain the session validation in the portal server
Rgds,
PriyaHi Priya,
The termination of the Portal and all Web Dynpro applications as a whole is defined by the Security Session timeout.
This is an absolute timeout value, e.g. the default is about 27h, that always terminates the whole security session after the defined period of time independtly from any user interaction.
The expiration of the HTTP sessions is handled automaticaly and does not need to be cared about.
When the HTTP sessions are created they get the maximum of the application session timeout and the default HTTP session timeout. After the corresponding application session has been destroyed, the HTTP session gets a very small value to expire as soon as possible.
Go through this SAP NOTE to make the suitable changes:-
[Note 842635|https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=842635&nlang=EN&smpsrv=https%3a%2f%2fwebsmp206%2esap-ag%2ede]
Also refer to NOTE 842878 for Session Management Information.
Hope this helps,
Regards,
Shailesh Nagar
Edited by: Shailesh Kumar Nagar on Jan 31, 2008 10:07 AM -
I've two pages in my web application which need regular refresh after a particular interval.I'm using
(session.setMaxInactiveTime) to check the session validation.& HTML's <META> tag to regularly refresh the page after particular interval.
On these two pages there are links to the different pages for which i'm opening a new window.
But i'm losing the session after some time & i'm not able to catch the source from where the session is getting invalidated.even when i'm using meta tag of html to refresh the page.
I'm also using HttpSessionEventListener Interface to know when the session.putValue & session.removeValue
functions are used.
I hope the problem is clear to you people.
an urgent help/suggestion will be appreciated.
thanks in advanceHi,
it isn't easy see your problem. When you losing your session? When you hava open a link from your page i a new browser window (instance) and return?
Also check follow: when no validate session exist, a jsp open a new session, else you use <%@ page session="false" %>
Roland
Maybe you are looking for
-
Deleted coremidi.framework & CAN'T OPEN MUSIC PROGRAM. please help!
I use Ableton LIVE to make music. I don't know what "coremidi".framework is, but the coremidi.framework folder always bounces in my dock. I recently downloaded and installed my first plugin (Waves Tune) which wasn't working, so I suspected this Core
-
GR not replicated in ERP, Stock updated in EWM
Hello experts, We can not able to move the Stock information from EWM to ERP as we have completed the Goods receipt in EWM (IDR activation, IDO and Warehouse Task and confirmation) We have verified the staus of IDOC in EWM ( T code SLG1) , it says th
-
Weblogic10.3 and Play2.10 logging issues
Hi We are deploying play2.10 application as war inside ear under weblogic10.3 If i deploy my application without play app(deployed as war) logging will happen as expected. but if i deploy my .ear with play app(as play war) weblogic is throwing hell l
-
Satellite A110-149: Battery is empty after about one hour
Hi I've bought a Sattellite A110-149 but I'm worried about the battery because in just 1 hour or a little bit more, it's already empty. Is this normal? If I leave my laptop connected to a socket outlet all day long, this can make my battery less effe
-
Hi guys, I am new to Mac, and this MacBook is my first one to own. I recently had to hold down the power button, because my computer would not respond, or wake from the screen saver. When I turned it back on, the Bluetooth icon in my menu bar, was go