Limit user session in ADF security
I want single user work in web application only with a single session at any time. How can I limit user sessions?
Hi,
+1. How can I override ADF security (based on JAAS) credentials checking mechanism j_security_check ?+
Why do you want to override this?
+2. How can I store users log-in log-out information in database? Which classess and which methods must be overriden? Can you show code sample of your realisation, please?+
Authentication is not handled by ADF but WebLogic Server. If you want to track database login information you will need to write a custom JAAS Login Module and configure it as an authentication provider in WLS
How can I check if user closed browser?
I would use a temporary cookie with no lifetime. This way, when the browser is closed, the cokie is unavailable, indicating that the user is good to login again. However, this then allows users to start 2 sessions using different browsers (again something you would need to check)
Frank
Similar Messages
-
How to manage User Session in Adf ?
Is there any guide line to manage the user session in adf ?
View layer Http session if it is not a desktop based application. Model layer also you can store session using
getSession().getUserData()But before that the information you provided is not enough. You need to describe in more detail of what session and what exactly are you looking for -
Detecting user session expiry in secure connection
I have implemented Frank's method of detecting expired session (http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/)-
basicaly we call session expired when requested session is not equal to current web session:
String requestedSession =
((HttpServletRequest)request).getRequestedSessionId();
String currentWebSession =
((HttpServletRequest)request).getSession().getId();
boolean sessionOk =
currentWebSession.equalsIgnoreCase(requestedSession);
It works perfectly well when I am launching application in OC4J, but it doesnt if I use JBoss with secure connection and session id in cookie- requestedSession and requestedSession is always the same
Is there a way to detect session expiry using secure connection?Thank You for the answer Frank.
unfortunately I cannot see full view of how this proposal differ from what I am doing..
Can You please be more specific...
As I understand, I am doing exactly the same with:
String requestedSession =
((HttpServletRequest)request).getRequestedSessionId();
String currentWebSession =
((HttpServletRequest)request).getSession().getId();
or you mean to save currentWebSession somewhere else? -
Multiple user sessions for ADF application
Hi All,
We have a ADF application with 3-4 pages starting with a login screen.
Assume we have two users, user1 and user2. In same system but different browser windows, when both users are logging in, only user2 's session is active. Though user1 logged in first and is able to perform transactions, the moment user2 logs in, user1's session is being over-written by user2 (user1's window now displays user2's information). I have observed the URL of user1 window which now changes to user2's URL (_adf.ctrl-state parameter of user2 is displayed in user1 browser)
How do we overcome this?? We have a requirement to be able to open multiple user sessions.
We are using JDeveloper 11.1.2.3.0 and browsers being used are IE 8, IE9 and chrome.
Thanks,
DeeptiHi,
Continuation to my above question
I am using these two statements in my code..
ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
HttpSession httpSession = (HttpSession)ectx.getSession(true);
On any event in Window1, I gues it is getting the context and session of window2(this being the latest)..
Shouldnt it return the context and session of the current window instead of the latest window???
This problem is well explained here
internet explorer 8 - How to avoid session sharing provided by IE8 programmatically in Java EE application? - Stack Over…
I want to know.. what is the best way to handle this in ADF... We are using managed beans with request scope and using HttpSession to store few values like user Id. -
CISCO ACS, How to Limit User Session ?
Hi Guys,
hope you would help me,
how to limit the user session in ACS 5.x ?
i'm aware the menu on
Access Policies >Max User Session Policy > Max Session Group Settings
i already set the global value to 1, Max Session for User in Group to 1, and Max Session for Group to 1.
so it means the user only could open 1 connect at the same time right?
the problem, it didn't works.
i had 1 ACS 5.5
2 CISCO Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T13, RELEASE SOFTWARE (fc3)
(let's call it R1 and R2 )
i'm trying to telnet both of them at the same time, and it works ( it means the session limit didn't works, cmiiw )
i already include :
radius-server attribute 44 include-in-access-req
radius-server host 192.168.217.98 auth-port 1645 acct-port 1646 key somekey
on the line vty :
accounting connection acs
login authentication acs
am i missing something?
also, is this feature works on tacacs+ too?
Thanks,Dash,
You can leverage the group mapping feature where members of a certain AD group are mapped to a local group in ACS with the max sessions defined.
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-3/user/guide/acsuserguide/access_policies.html#pgfId-1162308
Thanks,
Tarik Admani -
Controlling user actions without ADF Security
Hi!
I have an application in which we use J2EE security, and therefore we have user accounts that can be managed by, in our case, the OID. We have not implemented ADF security yet, because that means we will have to import all kinds of permissions to a suitable place in the OID, and there is no time yet to investigate how to do that (especially how to migrate it to a node in the OID where we want the info, not the default way).
Now I have a requirement to make a JSF screen with an input form read only, based on either a user role or a parameter being populated or not.
I know that I can achieve this by modifying all ReadOnly and Disabled properties of the controls and put an EL expression in there, but I would rather do this on a higher level. Is it possible to make a whole iterator or form read-only with EL or using backing beans?
Regards,
Jeroen van VeldhuizenJeroen,
You could certainly write some code in a backing bean that would iterate over all the children of the form and set the property. Without using ADF security (which would let you do it on the iterator level - much preferred, but more work), I cannot think of another way other than setting readOnly/disabled on each individual control.
You can iterate over the children of a component using something like this:
UIComponent target;
List children;
int i, cnt;
children = target.getChildren();
cnt = target.getChildCount();
for (i = 0; i < cnt; i++)
// do whatever here
}Hope this helps,
John -
Best way Of providing user authentication using ADF security...
Hi,
I have a web application . I want to implement to ADF security to the application.. What is the best approach of doing this? I have the user information in the database tables along with the roles and other information. I want to these tables for authorization ?
What is the best approach to do this? It would be great if u could help ..
I ma using 11g release 2
Thanks in advance.
RakeshHi,
Thanks for the quick response.
I have been looking at the post but i found one of the forum post in which the person was saying the SQLAuthentication doesnt work ..
"Be wary when using ADF Security (OPSS) with a SQLAuthenticator.
This is feedback I got in SR 3-4124753004 :
"If the you want to use DB as the identity store, then the supported way is to buy OVD server license and configure DB adapter in OVD and then configure an OVD authenticator in Weblogic. SQLAuthenticator will not be used as identity store. And, we do not recommend to use LibOVD for DB identity store. OVD server is the recommended and supported way."
related bugs are :
- bug 13876651, "FMW CONTROL SHOULD NOT ALLOW MANAGING USERS GROUPS FROM SQL AUTHENTICATOR"
- enhancement request 12864498, "OPSS : ADDMEMBERSTOAPPLICATIONROLE : THE SEARCH FOR ROLE FAILED"
related forum threads are :
- "ADF Security : identity store : tables in a SQL database"
- "OPSS : addMembersToApplicationRole : The search for role failed"
regards
Jan Vervecken"
Is this true?
Rakesh -
How to show pages based on user logged in adf security ?
Hi All,
JDev ver : 11.1.1.4.0
I have three Roles MANAGERS, ADMIN, ANALYST with users in each role.
And i used form based authentication. There are seperate screens for each user, i want to show according to the user entered with Roles.
How to Configure these roles in Resource Grants and what should be done in login action..
For me the page now going forward, it remains in the login page itself
How to do that ?
thanks,
GopinathHi..
try out following sample
http://andrejusb.blogspot.com/2011/05/oracle-webcenter-11g-ps3-adf-security.htmlalso check this >http://andrejusb.blogspot.com/2009/01/practical-adf-security-deployment-on.html -
Disable the link respective of my users role in ADF Security
Hi,
Am using jdeveloper 11.1.1.6.0.,
In my jspx page i have two links like Employees and Departments. The Departments button should be enabled only to the Managers role.
I have also implemented ADF Security in my project.
Regards,
Prasad K T,Hi,
Check out this blog : ADF Code Bits: Bit #17 - Using the securityContext bean in a JSF page
-Arun -
Aaa network access limit user session
Hi, I'd like to limit a user to one authenticated session in aaa network access, with ASA and ACS.
Is tacacs+ accounting necessary ?
thank you in advance
RSI have never done it with Cisco ACS so I can not offer much support on this.
However, I've done it many times on Cisco Freeware TACACS+ and it is very easy.
1- in Cisco Freeware tacacs, include "max-session = 1" under either the user
profile or group file definition.
2- in the router itself, you need to enable "ip finger". This will allow the
TACACS+ server to querry the router everytime there is a new attempt to loggin.
If you already have a session to the router, TACACS+ server will see this and
reject a new session for that same user. If the login ID is different than what
is already connected to the router, it will then be accepted:
C7140#who
Line User Host(s) Idle Location
0 con 0 idle 11w2d
* 2 vty 0 cciesec idle 00:00:00 192.168.15.9
Interface User Mode Idle Peer Address
C7140#
Now if user "cciesec" tries to login again through another session, it will
be rejected by the TACACS server:
[root@LinuxES-lab1 root]# finger @192.168.15.1
Line User Host(s) Idle Location
0 con 0 idle 11w2d
2 vty 0 cciesec idle 00:04:00 192.168.15.9
* 3 vty 1 idle 00:00:00 192.168.128.100
Interface User Mode Idle Peer Address
[root@LinuxES-lab1 root]#
Easy right? -
Adf security with upper case user results in 500-internal server error
Hello
JDev 11.1.1.0.2, Integrated WLS
I'v set up ADF security as explained in the documentation.
The only difference being that the role test-all has been removed.
I have one user 'paul' with a password of 'password'
I have one application role 'myrole'
'paul' is a member of 'myrole'
I have one unbounded task flow with one view (view1).
Via the janz-data.xml 'View1' has been granted to 'myrole' (view action)
When running View1 I get the login.html page which is correct.
The fun starts when playing around with the user/password.
If I login with 'paul' and 'password' view1 is display, this is correct
If I login with an unknown user or an incorrect password Windows Explorer 7 shows a generic HTTP 403 error page and not the error.html
If I login with 'PAUL' and 'password' (or Paul, or any mixed cased version of Paul with the correct password) I get the following stack trace :
oracle.adf.controller.security.AuthorizationException: ADFC-0619: Echec de la vérification des autorisations : '/view1.jspx' 'VIEW'.
at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:145)
at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:124)
at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:639)
at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:449)
at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:44)
at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:529)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:118)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:166)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:122)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:68)
at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:51)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:354)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:175)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:181)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:279)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._invokeDoFilter(TrinidadFilterImpl.java:239)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:196)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:139)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at oracle.security.jps.wls.JpsWlsFilter$1.run(JpsWlsFilter.java:85)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:257)
at oracle.security.jps.wls.JpsWlsSubjectResolver.runJaasMode(JpsWlsSubjectResolver.java:250)
at oracle.security.jps.wls.JpsWlsFilter.doFilter(JpsWlsFilter.java:100)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:65)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
The questions are :
- Why do I get the generic HTTP 403 error instead of the error.html (its not the end of the world but I would like to understand) ?
- Why do I get the error 500 if the case of the username is incorrect but the password is correct ?
Best Regards
PaulNope nothing in there that looks out of place...
Here's the contents of the web.xml file ..
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<description>Empty web.xml file for Web Application</description>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
<param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
<param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
<param-value>false</param-value>
</context-param>
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
<init-param>
<param-name>enable.anonymous</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>remove.anonymous.role</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>addAllRoles</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>jaas.mode</param-name>
<param-value>doasprivileged</param-value>
</init-param>
</filter>
<filter>
<filter-name>trinidad</filter-name>
<filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>trinidad</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
</web-app>
Regards
Paul -
How to crate new user in adf security using jspx page
how to crate new user in adf security using code in java file.plz help me this work will submited to day plz help me...
sigh
Search really would help and point you in the right direction. You'd find [url http://forums.oracle.com/forums/thread.jspa?messageID=4584464]this, for example. -
Create .jspx page to add users using ADF security.
Hello,
I'm using JDeveloper 11.1.1.3. I've created a login page (form based) with different users and roles using ADF Security. I'm able to successfully login/logout through the users and get redirected to the home page. However, i'm asked to create a page by which i can create users and add roles to them. This page will only be accessible by the administrator. I searched this forum for anything that might help, but couldn't find anything. Can anyone help?
Thanks,
Mohamed.check this thread:
Re: change password in jazn-data.xml programmatically -
Problem in implements ADF Faces: Detecting and handling user session expiry
Hello everybody
I´m trying to implement a method to handle user session expiry as explained by frank nimphius in his blog.
http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/
I have implemented the class bellow and add the filters in web.xml. However when I add the JavaServer Faces Servlet to sign the filter, my hole application get nuts. I try to publish the applicatoin in the OAS and it seems that it already starts expired.
Someone konw what I´m doing wrong?
I use the filter
<filter>
<filter-name>ApplicationSessionExpiryFilter</filter-name>
<filter-class>adf.sample.ApplicationSessionExpiryFilter</filter-class>
<init-param>
<param-name>SessionTimeoutRedirect</param-name>
<param-value>SessionExpired.jspx</param-value>
</init-param>
</filter>
then I add
XML:
<filter-mapping>
<filter-name>ApplicationSessionExpiryFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
package adf.sample;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
this is the class
public class ApplicationSessionExpiryFilter implements Filter {
private FilterConfig _filterConfig = null;
public void init(FilterConfig filterConfig) throws ServletException {
_filterConfig = filterConfig;
public void destroy() {
_filterConfig = null;
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
String requestedSession = ((HttpServletRequest)request).getRequestedSessionId();
String currentWebSession = ((HttpServletRequest)request).getSession().getId();
boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
// if the requested session is null then this is the first application
// request and "false" is acceptable
if (!sessionOk && requestedSession != null){
// the session has expired or renewed. Redirect request
((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
else{
chain.doFilter(request, response);
I'm really having trouble controlling user sessions. if someone know where I can get materials to learn how to implements session in Jdev ADF + BC, I´m very grateful.
Thank you MarnieThe class works fine.. the issue is when I add the this code into web.xml
<filter-mapping>
<filter-name>ApplicationSessionExpiryFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
bellow the web.xml
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app>
<description>Empty web.xml file for Web Application</description>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>CpxFileName</param-name>
<param-value>userinterface.DataBindings</param-value>
</context-param>
<filter>
<filter-name>ApplicationSessionExpiryFilter</filter-name>
<filter-class>view.managedBean.ApplicationSessionExpiryFilter</filter-class>
</filter>
<filter>
<filter-name>adfFaces</filter-name>
<filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ApplicationSessionExpiryFilter</filter-name> ==> the problem occurs when I try to add this code
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>adfFaces</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<url-pattern>*.jspx</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/pain</mime-type>
</mime-mapping>
</web-app>
By the way, how can I post code on the forum properly? -
How to kill the session after the user exit the ADF application
Dear all
I have a problem
The problem is the session still exist after the user close the application and the browser. I want to kill all sessions that is not active.
This is my test scenario:
1- I open IE and run my ADF application that is deployed on weblogic. http://192.168.100.17:7001/myapp/faces/login
2- At the same time I issue this SQL command to view the sessions for user 'ADFUSER' - the "ADFUSER" is the schema user.
SELECT USERNAME,STATUS FROM v$session
WHERE USERNAME = 'ADFUSER';QUERY RESULT IS
USERNAME MODULE STATUS
ADFUSER JDBC Thin Client INACTIVE3- Now the user close the browser
4- Run the SQL again and I notice that the session still exist
SELECT USERNAME,STATUS FROM v$session
WHERE USERNAME = 'ADFUSER'RESULT:
USERNAME MODULE STATUS
ADFUSER JDBC Thin Client INACTIVE5- now the user open the URL again http://192.168.100.17:7001/myapp/faces/login
6-Run the SQL again , and I notice that the old session still exists and a new session created too.
SELECT USERNAME,STATUS FROM v$session
WHERE USERNAME = 'ADFUSER'RESULT:
USERNAME MODULE STATUS
ADFUSER JDBC Thin Client INACTIVE
ADFUSER JDBC Thin Client INACTIVE
2 rows selected.and every time I login to the application , a new session is open and the old session still exist
I do not know why this happens
I want to kill old session when the user close the application.
These sessions are cleared only when i restart the weblogic domain.
here is some information about my development environment:
Jdeveloper 11.1.2.3
WebLogic Server Version: 10.3.5.0
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
thanks in advanceHi,
for performance reasons you should not use dedicated user connections to the database. Instead you use JDBC data sources (default in JDeveloper for ADF BC) that you can configure the database connection pooling for. This means that your v$session will always show a set of active session, which however are shared among users. Assuming you use ADF BC, this is what happens
- A user requests a data bound page
- The ADF BC checks out an AM and connects to the database using one of the database connections in the pool
... user work here ...
- user exits application
- ADF BC returns AM to pool and passivates pending user state (if application is left with dirty transaction)
- Database connection is available in pool as soon as AM released
This also happens between requests. Long story cut short: v$session doesn't give you a true picture
Frank
Maybe you are looking for
-
Instead-of Trigger Complication.
Hi folks, Please look at the following table to have a clear picture, I have 2 schemas namely, A and B. I have 2 objects also X and Y. These are tables in schema A but these same tables (with same structures and data also ) are views in schema B. In
-
How to send an e-mail from an ADF BC application?
Hi all, I have a requirement of sending e-mail from my ADF BC application.I am using JSF and Jdeveloper 10.1.3.3.0. Can anyone please help me out? Thanx in advance, Arijit
-
Hi , When i use bapi BAPI_REQUISITION_DELETE it is showing error No changeable purchase requisitions exist CAN ANYONE PLEASE HELP ME WITH THIS.
-
IDoc error handling using workflows
Hi, I have a requirement to generate IDocs in the Source system and process them in the target system. The IDoc message type is HRMD_ABA. And I am using standard processes to generate them and post them using PFAL and RBDAPP01 program respectively. A
-
i want to set value of variant and then running or scheduling a job with the variant my question is How to make program that can be run a job with updated variant ? appreciate your help Kind Regards JeiMing