Maintaining Sessions through Multiple Servlets and Contexts
Hi,
I have a webapplication that works like this:
* User connects to a login servlet on HTTPS
* Users information is authenticated on HTTPS
* An object is stored in the session for other servlets to validate the users access
* Authenticated users are forwarded to an HTTP page where the session is used to make sure they were granted access
My problem is this....Since I create the session in an HTTPS context, when I am in the HTTP context, I am unable to access the session and constantly get NULL. Is there any way that I can access the session from an HTTP context?
What you can do is, just login using HTTPS and switch over to HTTP
and then store data in session.That is true, but what I want in the session is basically a flag on whether or not the user was granted access. I would much rather set all that up on the secure line, and then just access it from the unsecure ones...
For example, you are creating session using the
http://testdev:port/index.jsp page.
If access the same page(with hostname)
http://10.300.20.18:8080/index.jsp, you can't get the session even
though both are same web server and same web application. Because the
browser treats it different sessionI think if you use my above solution with the explicit passing of the jsessionid, you can move from one domain to another and still maintain session. Not positive on that though...
Similar Messages
-
Maintain session in Multiple soap calls
Hi Experts,
We have an requirement which runs 2 synchronous calls.
1st synchronous cal is for validating user credentials and
2nd synchronous call (for successful log in) for uploading data in R/3 system.
The main task is to maintain session(ex: time 15 mins) .
1st synchronous call looks like Mobile Application (soap sender)<--->PI<----->(Soap receiver)Active Directory.
2nd synchronous call looks like Mobile Application (Soap sender)<--->PI<----->(Proxy)R/3 system.
can you pls let me know how can I achieve this requirement and
how to maintain session ID, session (is it in PI or in third party) and from where to maintain session.
Thanks in Adv..I am calling multiple web service apis from my bpel process on the same link. The Web services are written such that I always have to call a "login" api first which creates a context that's maintained throughout the session. Thus subsequent ws calls have to be made in the same session because all the other web service apis require the context to be present.
You can think of this as a stateful SessionBean (sort of).
The question is does bpel support this? -
Maintain session when calling servlet from form in a JSP
I have the following set up:
index.jsp calls login servlet from the action tag in a form.
Login servlet handles the login, stores the user info and db connection in the session and uses forward(req,res) to call another jsp.
That jsp has a form where user enters search info and in that form's action tag there is a search servlet. In the search servlet I am unable to access the session.
Is there any way to pass the session to the servlet from that jsp using a form/action?I've read elsewhere that if you go from a jsp to a servlet that the >request object is cleared of any attributes from the previous request.which is correct. But arent we speaking about session object here? A request object is valid for a request - ie the phase from where the server receieves a hit for a resource upto the point it sends the output for that request.
A session spans multiple requests.
it doesn't retrieve the session info and gives me a null pointer >exception when I try to use the connection object stored in the session.Bad bad bad . Why do you store Connection objects in session? Create them when necessary or use a connection pool. Do you for example clean up the connections when the session expires. What if its a 30 minute session and the user hits every say 15 minutes with a request. Why do you need to hold on to the Connection in the intervening interval when the user's session is inactive?
gives me a null pointer exception when I try to use the connection object stored in the session.which means that the Connection object is null - not the session object.
That last line is where I get the null pointer exception. And that is
Statement stmt = con.createStatement();?
Same answer as above.
If the session object was null,
userSession.getAttribute("connection");would have thrown a NPE.
ram. -
MAintain session across multiple DB Adapters.
Hi,
I am using a BPEL process which has multiple DB Adapters.
As far as I understand each DB Adapter call from BPEL is a different session.
Is there any way to maintain a same session across multiple DB Adapter calls i.e to make multiple DB calls in the same session?
thanks,
CDYes this is supported.
You'll have to take a look at the support for XA (distributed transactions).
See this thread for some good links to other info.
Re: DB Rollback Questions for 10.1.3.1 and 10.1.3.3 -
Accessing a array through a servlet and outputting info in a JSP?
I have researched and have not come up with any examples and no answer as to how to do this. Please help... The molecular2.java does all the computation. I will only include a snippet of it.
This file is like this because I needed to return multiple items and could not find another way to do it.
public String getResult(String mw)
if(overallcount == 1.0)
String overallcount 4 = String.valueOf(overallcount1);
return overallcount4;
else
String overallcount3 = String.valueOf(overallcount);
for(int i=0; i<j; i++)
if(coeff[i] != 0.0)
finalcoeff[i] = ((coeff/overallcount)*100);
} // keep in mind that and array called element[], has already been filled
return overallcount3;
} public String getResult(String mw)
if(overallcount == 1.0)
String overallcount 4 = String.valueOf(overallcount1);
return overallcount4;
else
String overallcount3 = String.valueOf(overallcount);
for(int i=0; i<j; i++)
if(coeff[i] != 0.0)
finalcoeff[i] = ((coeff[i]/overallcount)*100);
} // keep in mind that and array called element[], has already been filled
return overallcount3;
} Help with Code Tags (Toggle Plain Text) public String getResult(String mw)
if(overallcount == 1.0)
String overallcount 4 = String.valueOf(overallcount1);
return overallcount4;
else
String overallcount3 = String.valueOf(overallcount);
for(int i=0; i<j; i++)
{if(coeff[i] != 0.0){
finalcoeff[i] = ((coeff[i]/overallcount)*100);
} // keep in mind that and array called element[], has already been filled}
return overallcount3;}
} public String getResult(String mw){
if(overallcount == 1.0)
String overallcount 4 = String.valueOf(overallcount1);
return overallcount4;
else
String overallcount3 = String.valueOf(overallcount);
for(int i=0; i<j; i++)
if(coeff[i] != 0.0)
finalcoeff[i] = ((coeff[i]/overallcount)*100);
} // keep in mind that and array called element[], has already been filled
return overallcount3;
I want to pass the information hat I get here to a servlet that looks like this and is called MoleCalc.javapublic class Molecalc extends javax.servlet.http.HTTPServlet implements javax.servlet.Servlet {
protected void doGet (...)
RequestDispatcher disp = request.getRequestDispatcher("jsp/Calculators/MoleCalc.jsp");
if((request.getParameter("submit")==null) || (request.getParameter("submit").length() == 0))
{//do nothing
else //user hits submit button
if((request.getParameter("mole") != null) && (request.getParameter("mole").length() > 0))
String moleS = request.getParameter("mole");
String moleStr = "";
String overallcount = "";
try
overallcount = Molecular2.getResult(moleS);
if(overallcount == "1.0")
request.setAttribute("mole","");
request.setAttribute("moleformula","");
request.setAttribute("errormsg", "Did no t enter a proper equation");
}public class Molecalc extends javax.servlet.http.HTTPServlet implements javax.servlet.Servlet {
protected void doGet (...)
RequestDispatcher disp = request.getRequestDispatcher("jsp/Calculators/MoleCalc.jsp");
if((request.getParameter("submit")==null) || (request.getParameter("submit").length() == 0))
{//do nothing
else //user hits submit button
if((request.getParameter("mole") != null) && (request.getParameter("mole").length() > 0))
String moleS = request.getParameter("mole");
String moleStr = "";
String overallcount = "";
try
overallcount = Molecular2.getResult(moleS);
if(overallcount == "1.0")
request.setAttribute("mole","");
request.setAttribute("moleformula","");
request.setAttribute("errormsg", "Did no t enter a proper equation");
}Could someone please tell me how to implement the array into this code? I have tried everything that I can imagine but it is not working.
Any help would be great.... Thanks!Also....
I am figuring that for the jsp, which is MoleCalc.jsp, that I would just do a couple of foreach statements.
<form name = "moleformula" method="get" action="MoleCalc.java" onsubmit = "return vInputMoleformula(this);">
<h3>enter the Molecular Formula: </h3>
<td><input type="text" name="mole" id="mole" value="" maxlength="10" size="10"/> Molecular Formula </td>
<input class="submitButton" type="submit" value="Compute" name="submit" /> <br />
<h2> Molecular Weight = <c:out value="${moleformula}"/> g.</h2><br/>
<br> The formula entered was: <c:out value="${mole}"/><br/>
<h2><font color=red><c:out value="${errormsg}"/></font></h2><br/></form></div><form name = "moleformula" method="get" action="MoleCalc.java" onsubmit = "return vInputMoleformula(this);">
<h3>enter the Molecular Formula: </h3>
<td><input type="text" name="mole" id="mole" value="" maxlength="10" size="10"/> Molecular Formula </td>
<input class="submitButton" type="submit" value="Compute" name="submit" /> <br />
<h2> Molecular Weight = <c:out value="${moleformula}"/> g.</h2><br/>
<br> The formula entered was: <c:out value="${mole}"/><br/>
<h2><font color=red><c:out value="${errormsg}"/></font></h2><br/></form></div> -
Maintaining session across multiple browser windows and page refreshes
Hi there,
We're currently developing a Flex application with a couple of session-related requirements that we're not sure how to solve. Before we jump in and maybe go about things in the wrong way, I thought I'd post and see if anyone here knows of some elegant solutions!
Currently, when our Flex app starts the user is presented with a log-in screen which authenticates the user against our server. Client-server communication is done through BlazeDS.
Our first requirement is the ability to open a new browser window from Actionscript - this window will load a pdf document. The servlet that serves this pdf should deny the request if the user is not already logged in. The only way we can see to do this so far is to open the pdf url using navigateToUrl() with the '_blank' target, passing a jsessionid token as a url parameter. Is there a better way to preserve session state when opening a new window?
The second requirement is to preserve some application and session across browser refreshes. Our Flex app has several screens that the user can tab between. If the user hits F5 or the refresh button in their browser, we'd like the app to return to the same screen after the refresh. I've been looking into using BrowserManager to add a fragment such as #screen=2 to the url, but of course we only want the app to display screen 2 if the user has already authenticated with the server. Is there a way to reuse the user's existing session credentials after a page refresh?
Many thanks in advance for any advice anyone can offer on this. It could very well be that we're missing something about how BlazeDS uses / exposes session credentials that would make all of this easier to implement than we currently realise!We use javascript to pass values between a 'data look up' window and the originating Servlet. If this is of any use, I can send you some examples.
-
Single Sign-on with Multiple Servlets and JSPs
I am in the midst of attempting to logically tie together a number of our
web applications under a single sign-on "umbrella". What we want is the
following: for any n applications a user may have access rights for up to n
of them. Once signed in, she has rights to visit any app to which she has
permissions as long as her session is valid. Unfortunately, I'm having
trouble seeing how to make this work given the documentation that I have.
I've read thru the newsgroup in search of a solution, but I haven't seen
anything geared toward this specific approach.
Currently, each "application" (servlet) has a list of valid users via ACLs
(we've implemented a RealmExtender, so we're not going via props file
entries), and we let the browser pop-up window enforce the sign-on. This
has worked exactly as we wish (single sign-on, etc.), for testing, but we'd
really rather have our own form-based sign-on for production.
To that end, we've done the following:
1) implemented a JSP form-based sign-on (basically ripped off from the
example provided by BEA), which does a "ServletAuthentication.weak()" check
to confirm identity.
2) placed the following code (essentially) within the service() method of
our servlet superclass, which I thought would force another check. My
intention is to disallow the user from "jumping into" an app thru a
shortcut, and thereby bypassing security.
HttpSession session = request.getSession(true);
if (session.isNew()) {
response.sendRedirect(welcomeURL);
However, we can't get the form-based approach to mimic the functionality of
the default browser pop-up: the sign-in doesn't seem to "follow" the user
the way it did with the pop-up. Instead, when I come in thru our login
page, the browser pop-up is still appearing when I click the link for an
app for which to which I have permissions.
Is the default browser pop-up doing something different that I should know
about? Seems like this should be simple to do, but it's surprisingly subtle
(or maybe I'm just clueless).
TIA
Well, if you want to hear my personal opinion:
better stick to the cookie specification (http://wp.netscape.com/newsref/std/cookie_spec.html) and accept the constraint that cookies will only be send to domains that tail-match the domain-constraint specified in the set-cookie http response.
Although this specification is not an official internet standard most browsers are implementing the cookie mechanism according to this specification.
Unfortenately there's no option to specify that a cookie should be send to a list of servers and/or sub-domains.
However one physical server can have multiple (FQDN) hostnames. So if you intend to send the cookie to a group of servers the best approach is to create a new (DNS) (sub-)domain exclusively for those servers.
Theoretically (and also practically) it is possible to set cookies for multiple domains (by using a webservice that will set cookies on request of a caller). But that approach is dangerous:
(1) not the server but the http client is defining the content of the cookie (= part of the http server response)
(2) (unintended) many servers can obtain the cookie which will be send to all servers that reside in all (tail-matching sub-)domains; although most likely only one or two servers of each domain are intended recipients
Regards, Wolfgang -
Maintaining session across multiple browsers
Hello All,
We have an application that runs using Apache Struts. One of the requirements is to pop-up a "data look up" window, i.e. a new browser window. The problem is, when I start this window any communication between this new window and server happens on a brand new session. I would like to maintain the same session as the parent window. Any ideas?We use javascript to pass values between a 'data look up' window and the originating Servlet. If this is of any use, I can send you some examples.
-
Maintaining session both with cookies and jservsessionid
Can the same session be maintained both with cookies and jservsessionid?
If not, does anybody know how to link a request without cookie to an existing session? Can that be achieved by means of just the sessionid?
Thanks,
Modulabrepost
-
Servlet and Database Connectivity
Hi,
I have got a basic question. I am connecting to a database through a servlet and displaying a table. What I need to do is have three buttons at the bottom of the table like "ADD", "DELETE" "MODIFY". I am wondering how I can add buttons to the HTML page through the servlet, select a row and click on one of the buttons to MODIFY/DELETE and how to capture the actions of each button when clicked like when "ADD" button is clicked it should pass control to a servlet "add.java". If i plan to include a javascript how can i call from the servlet, is there a way. If anyone could throw me some light or atleast point me in the right direction that would be great.
Thanks
Chakyou can even use buttons!
HTML:
<input type="submit" name="add" value="Add">
<input type="submit" name="modify" value="Modify">
<input type="submit" name="delete" value="Delete">
Servlet:
String addButton = req.getParameter("add");
String modifyButton = req.getParameter("modify");
String deleteButton = req.getParameter("delete");
So when the add-Button is clicked, addButton equals to "add", modifyButton==null and deleteButton==null, and vice versa -
JDeveloper starting multiple servlets
Two questions.
1. Is there anyway to start/debug and alias multiple servlets.
2. Can JDeveloper's "webtogo" engine be replaced with something else such as LWS.
My goal is an environment where I can start/debug and alias multiple
servlets all from JDeveloper's IDE.
Any help would be appreciated.
Thanks
nullYes, you could start multiple servlets in JDeveloper IDE.
check online help
Open help system
Select the topic "Developing Java Servlets"
select "registering a servlet with web object manager"
You could register multiple servlets and run one of the servlets from the IDE and later on
change the servlet name in the URL to run the other servlet.
raghu -
Maintaining Sessions between http and https
I have a web application in which I want my users to view the login page over SSL and send the login request via SSL also, but then I want to revert back to http://
My problem is, and i've seen this problem on loads of boards with no real resolution, during the login I set some objects with in the session that are used to display information in other parts of the site... but the session object is being lost!!!
I am using Tomcat as my web server, I saw an article on JavaWorld titled "mix protocols transparently in web applications", and apparently to over come this problem if you are using WebLogic 6.1 there is a parameter in the weblogic.xml file that must be configured, but I cant find a similar one on Tomcat!!!
Thanks in advanceThanks a million for the answer, I have got it working now, but I had to do something a little different for any one else who experiances this problem I'll go through it... I set an attribute in the context which was named the the value of the current session id and contianed the session object. Then when leaving the login handeling in my dispatcher servlet I apended the session id to the url of the next jsp called. In this jsp then I retrived the "secure session" object from the context, this so far is what you suggested.
But then I had to loop through "non secure session" object's attributes and set them in the "non secure session" object, that is I was not just able to reset the "non secure session" object equal to the "secure session" object as when I went on to the next page it was reset to the "non secure session" object again!
The fact that the session object is changed when moving between http and https is (according to Tomcat buglist) a bug of Tomcat 4.1 and did not occur in tomcat 3.2 -
Record multiple, simultaneous sessions through one webinar meeting room
Is there a way to record multiple, simultaneous sessions through one webinar meeting room? I know breakout rooms can't be recorded, but is there another way to have users join a main webinar room, select a sub-room/session they're interested in, and then join that sub-session? We want to have four sessions happening at once and allow users to choose which they want to participate in. We'd also like to record the sessions. Thanks for any help you can provide.
Use PPT, or a tool of your choice, to create a slide/object with links to each room. Then the user can click between the rooms as desired.
You may want to use the ?launcher=false command at the end of the URLs to keep the individuals from having the add-in launched multiple times and in multiple rooms at the same time. This will keep the meetings in the individual's browser. -
Lifespan of Request, Session and Context Attributes
I'm studying for the SCWCD exam and am hoping to clarify a few points on the lifespan of attribute objects bound to the various request, session and context web scopes.
Do request attributes persist as long as the request is being handled by some servlet? In other words, once the response is committed are those objects unbound and destroyed?
Similarly, I'm assuming session attributes are unbound and destroyed when the session either times out or is explicitly terminated.
Lastly, for context attributes, which are available to the entire web application, are these simply available
until explicitly removed?
Thanks.Request: available until the HttpServletRequest object goes out of scope (at the end of the doService or associated methods). The attributes here are basically just stored in a HashMap in that object
Session: available until the session no longer exists, which occurs when the session times out (NOT when the user closes their browser), or when the session is terminated by the server code
Context: Available until the container stops, such as upon a JVM restart
NOTE: Specific objects in all three contexts can be removed and added at any time by the server code -
I am trying to buy songs on itunes and half way through the terms and conditions come up, I accept them and press return and then I get a 'session timed out' notice and the sale hasn't gone through - tried loads of times / updating software, any answers?
I am trying to buy songs on itunes and half way through the terms and conditions come up, I accept them and press return and then I get a 'session timed out' notice and the sale hasn't gone through - tried loads of times / updating software, any answers?
Maybe you are looking for
-
Scheduling one background job inside another
Hi All, Is it possible to Scheduling one background job inside another.? i.e In my Z program I am calling job_open, job_submit, job_close and to execute one standard report in background. And after that I am executing my Z program itself from SE38 a
-
Custom Calculation Script almost works...
I'm trying to creaet a form that uses a dropdown box to select the proper text for a text field. I have created the form and the Custom Calculation for my Text box works great (Thanks to these forums!). The problem I am experincing now is that I wan
-
My MacBook will not connect to the Internet, but all of my other devices connect perfectly.
I have a MacBook and it will not connect to the Internet. It connects to wifi, but then when I open Safari, the page does not load. I have tried forgetting the wifi network, deleting keychain passwords, and restarting the computer, but nothing has wo
-
Links are not working with Firefox and some other browsers
Hello, On my site (iWeb08) I have some pictures of pieces of text as a link to another page of website.. but with some browsers the links doesn't work. Also de links are very difficult to activate on the site.. What I mean is when you want to click t
-
Some questions on Collaboration rooms
HI, In some of the room templates I found an extension BANNER. But how do I configure a Banner for my room I couldnt find. I want to add a quick poll to my room template which I developed. How do I go about this. The Search Room functionality: DOes t