Servlet Session Questions

Hi,everybody:
I'm puzzled by two questions about session in servlet.
1.The default timeout of J2EE example WAR is set to 30sec.Is it too short?
2.in J2EE Tutorial1.3 it says"To ensure that an active session is not timed-out, you should periodically access the session in service methods because this resets the session's time-to-live counter",But I can't see any codes in example servlets to access session "periodically".Could you please explain that?
Thank you!

I,
I have a problem with the session.
After the "getMaxInactiveInterval" time, I reload my servlet , but
the session is lost even if I test it :
Before doing anything, I do this :
HttpSession oSession = req.getSession (=(false);
if(oSession == null)
// forward to a login_page
RequestDispatcher rd = getServletContext().getRequestDispatcher(
"login_page");
rd.forward(req, res);
// request to the database to get user'characteristics
// and put then in the session
String sUser = (String)oSession.getValue("COD"); // sUser is null !
The pb is that the session has not been removed from the Server after
the MaxInactiveInterval, so when i make a request , I have in the session :
the req.isRequestedSessionIdValid() gives : true .
and a new session is created with a new id
Something very strange.
Thanks for help.

Similar Messages

Security/session questions

Hi,
I have some security/session questions for you guys.
My application uses flex, blazeds and spring. I use RemoteObjects to initiate calls from flex to java. The application consists of a login screen and 'other screens' available only to authenticated users after login. When the user logs in the server stores user credentials on the FlexContext (FlexContext.getFlexSession().setAttribute). So if the server timeout is reached and the user presses 'refresh' the user is thrown out and the login screen appears.
Question 1: How can I check if the timeout is reached when the user makes a call to the server, without checking manually against the FlexContext. Are there any config parameters to set?
Question 2: Is it necesssary to check against the user credentials in the session for every flex-to-server call? (I guess someone can omit the login screen and do a manual call)
Question 3: If the answer to question 2 is yes, how can I check against the session credentials? The only way I can think of is calling a method which checks the session attribute manually, but then I have to remember to add this method call to each of the methods called from flex through Blazeds. Is it, for example, possible to call the user-logged-in method before the method given in the RemoteObject is called? (If not authenticated, do not run method).
Hope someone got the time to help me out.

I appreciate your answer, but as you yourself write, I think there must be a blazeDS way. But as nobody with extensive BlazeDS knowledge answers this post, I probably have to google this topic even more.
Following are the main changes in my application: (Introducing spring security)
Everything seems to be working as it should. But as already stated, I'm a newbie. So if anybody see something suspicious, let me know.
The main problem I had implementing Spring Security was something that should be easy, but somehow it was not: the loading of the context files. Before introducing the spring security I only had one application-context file, and this was loaded by the DispatcherServlet. When introducing security I tried to add this to the same file. It did not work. Then I tried splitting up the files, and loading both using DispatcherServlet. It did not work. Then I tried loading both using ContextLoaderListener. It did not work. Finally I found the solution. Flex settings must be loaded by the DispatcherServlet, and spring security settings must be loaded by ContextLoaderListener. This work. I don't know if this is the only solution.
On the server:
web-xml:
<context-param>
 <param-name>contextConfigLocation</param-name>
 <param-value>
 /WEB-INF/config/web-application-config.xml
 /WEB-INF/config/web-application-security.xml
 </param-value>
 </context-param>
 <filter>
 <filter-name>springSecurityFilterChain</filter-name>
 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 </filter>
 <filter-mapping>
 <filter-name>springSecurityFilterChain</filter-name>
 <url-pattern>/*</url-pattern>
 </filter-mapping>
 <listener>
 <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
 </listener>
 <servlet>
 <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
 <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
 <init-param>
 <param-name>contextConfigLocation</param-name>
 <param-value>/WEB-INF/config/flex-application-config.xml</param-value>
 </init-param>
 <load-on-startup>1</load-on-startup>
 </servlet>
flex-application-context:
<flex:message-broker>
 <flex:secured/>
 </flex:message-broker>
web-application-context:
I had to implement my own authentication mechanism. Had to compare the username/password against an object attribute. So this bean is not mandatory, but I think you have to write down username/password/role in flex-application-context if not provided.
<bean id="customAuthenticationProvider" class="packagename.CustomAuthenticationProvider">
 <security:custom-authentication-provider/>
</bean>
web-application-security:
<http entry-point-ref="preAuthenticatedEntryPoint" />
 <beans:bean id="preAuthenticatedEntryPoint"
 class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint " />
 
 <global-method-security>
 <protect-pointcut expression="execution(*package.ServiceImpl.*(..))" access="ROLE_USER"/>
 </global-method-security>
On the client:
private function login():void {
 var cs:ChannelSet = ServerConfig.getChannelSet(loginRemoteObject.destination);
 var token:AsyncToken;
 token = cs.login(username, password);
// Add result and fault handlers.
token.addResponder(new AsyncResponder(loginResultHandler, loginFaultHandler));
private function logout():void {
 var cs:ChannelSet = ServerConfig.getChannelSet(loginRemoteObject.destination);
 var token:AsyncToken = cs.logout();
// Add result and fault handlers.
token.addResponder(new AsyncResponder(logoutResultHandler, logoutResultHandler));

Weblogic 8.1 SP2 + Struts + Internal Servlet Session Process Error Found!

Hi,
          I have developed a struts 1.1 based webapplication which runs fine on
          weblogic 7 (for one year in production), tomcat 4.1,5 and others but
          refuses to function in weblogic 8.1 sp2!
          This is the stacktrace I get when I try to call an action via the browser:
          java.lang.IllegalStateException: Internal Servlet Session Process Error
          Found!
               at
               weblogic.servlet.internal.session.SessionData.checkProcess(SessionData.java:1148)
               at
               weblogic.servlet.internal.session.SessionData.setAttribute(SessionData.java:501)
               at
               org.apache.struts.action.RequestProcessor.processLocale(RequestProcessor.java:638)
               at
               org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:230)
               at
               org.apache.struts.action.ActionServlet.process(ActionServlet.java:1420)
               at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:502)
               at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at
               javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at
               weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
               at
               weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
               at
               weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
               at
               weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
               at
               weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
               at
               weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
               at
               weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
               at
               weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
               at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197) at
               weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
          Just out of curiosity I deployed the struts-examples webapplication from
          the apache jakarta struts distribution and it also fails to run with the
          same error!
          Can anybody help me out with this one? Does anybody experience the same
          thing?
          regards,
          oliver
          p.s. I will also post this message on the struts user list.


Hi,
          I have developed a struts 1.1 based webapplication which runs fine on
          weblogic 7 (for one year in production), tomcat 4.1,5 and others but
          refuses to function in weblogic 8.1 sp2!
          This is the stacktrace I get when I try to call an action via the browser:
          java.lang.IllegalStateException: Internal Servlet Session Process Error
          Found!
               at
               weblogic.servlet.internal.session.SessionData.checkProcess(SessionData.java:1148)
               at
               weblogic.servlet.internal.session.SessionData.setAttribute(SessionData.java:501)
               at
               org.apache.struts.action.RequestProcessor.processLocale(RequestProcessor.java:638)
               at
               org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:230)
               at
               org.apache.struts.action.ActionServlet.process(ActionServlet.java:1420)
               at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:502)
               at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at
               javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at
               weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
               at
               weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
               at
               weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
               at
               weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
               at
               weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
               at
               weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
               at
               weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
               at
               weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
               at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197) at
               weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
          Just out of curiosity I deployed the struts-examples webapplication from
          the apache jakarta struts distribution and it also fails to run with the
          same error!
          Can anybody help me out with this one? Does anybody experience the same
          thing?
          regards,
          oliver
          p.s. I will also post this message on the struts user list.

Servlet Session Object

 I need to get the lastAccessTime of the servlet which I have deployed on Weblogic
 7.0.
 I have found that by using ServletSessionRuntimeMBean interface which has a method
 called getTimeLastAccessed, I can get the same.
 I am not able to get the same. Can any one sujject the way I have to go for this.


Hello Linus,
Actually, you would want to retrieve the necessary objects from your servlet context
and then pass them along to your session EJBs. It's not necessary to pass the
entire ServletContext object to your session bean. You should wrap the values
in DTOs (Data Transfer Objects / Value Objects) and pass them along to your session
beans. Also, it's not good to couple your EJBs with Servlets, as they may be eventually
accessed from standalone clients in the future. For more information on this design
pattern, please see the following link:
http://java.sun.com/blueprints/corej2eepatterns/Patterns/TransferObject.html
Best regards,
Ryan LeCompte
[email protected]
http://www.louisiana.edu/~rml7669
"Linus Nikander" <[email protected]> wrote:
Is it possible to accesss objects stored in a Servlet session context
from
an EJB ? If so, how ?
//Linus Nikander - [email protected]

IllegalStateException: Internal Servlet Session Process Error Found!

 I keep getting the annoying error as listed, and the server also keeps reporting
 that I can only connect from 0 unique ip addresses. Has anybody else seen these
 type of frustrations on 8.1 sp2, or can explain them.
 With as much detail omitted for simplicity;
 Frustration 1.
 I have a 8sp2 server running all ok, occasionally after a redeploy of an ear file
 I attempt to load a jsp file, and the error below is thrown.
 The JSP has a bean which is session based, and as from following the stack trace
 it is around some weblogic code which tests if my license allows access to the
 http session (on a developer license). I then have to start another server instance
 and do a deployment of a v.simple war, and access this, then deploy the same war
 to the broken server and access that, then the initial jsp works fine. no code
 changes just environment stops, starts and redeploys!
 Frustration 2
 Server runs ok, tray and connect from two machines (I have an ldap server that
 wants to 'broadcast' messages to my server), error of too many connections.
 The ip connection issues can in most cases be removed with a server restart.
 EXCEPTION TRACE
 java.lang.IllegalStateException: Internal Servlet Session Process Error Found!
 With the following stack trace:
 java.lang.IllegalStateException: Internal Servlet Session Process Error Found!
 at weblogic.servlet.internal.session.SessionData.checkProcess(SessionData.java:1148)
 at weblogic.servlet.internal.session.SessionData.setAttribute(SessionData.java:501)
 at jsp_servlet._security.__changeprofile._jspService(__changeprofile.java:135)
 at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
 at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
 at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
 at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:446)
 at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
 at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
 at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
 at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
 at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
 at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
 at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
 at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)


 I have the same problem. Could any one help us?
 "David" <[email protected]> wrote:
 >
 >I keep getting the annoying error as listed, and the server also keeps
 >reporting
 >that I can only connect from 0 unique ip addresses. Has anybody else
 >seen these
 >type of frustrations on 8.1 sp2, or can explain them.
 >
 >With as much detail omitted for simplicity;
 >
 >Frustration 1.
 >I have a 8sp2 server running all ok, occasionally after a redeploy of
 >an ear file
 >I attempt to load a jsp file, and the error below is thrown.
 >
 >The JSP has a bean which is session based, and as from following the
 >stack trace
 >it is around some weblogic code which tests if my license allows access
 >to the
 >http session (on a developer license). I then have to start another
 >server instance
 >and do a deployment of a v.simple war, and access this, then deploy the
 >same war
 >to the broken server and access that, then the initial jsp works fine.
 > no code
 >changes just environment stops, starts and redeploys!
 >
 >Frustration 2
 >Server runs ok, tray and connect from two machines (I have an ldap server
 >that
 >wants to 'broadcast' messages to my server), error of too many connections.
 >The ip connection issues can in most cases be removed with a server restart.
 >
 >
 >EXCEPTION TRACE
 >
 >java.lang.IllegalStateException: Internal Servlet Session Process Error
 >Found!
 >
 >With the following stack trace:
 >
 >java.lang.IllegalStateException: Internal Servlet Session Process Error
 >Found!
 > at weblogic.servlet.internal.session.SessionData.checkProcess(SessionData.java:1148)
 > at weblogic.servlet.internal.session.SessionData.setAttribute(SessionData.java:501)
 > at jsp_servlet._security.__changeprofile._jspService(__changeprofile.java:135)
 > at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
 > at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
 > at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
 > at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:446)
 > at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
 > at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
 > at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
 > at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
 > at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
 > at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
 > at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
 > at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
 >
 >

Servlet Sessions+dont have a clue

im trying to get a servlet session goin for a college project,i know its hard to help someone on this but please try this is driving me mad,,,
im useless at java so i have just being piecing together other peoples code and trying to get it working,
Iam trying to accept a username and password for the Oracle database and then put the resulting database connection into a session variable...
here is my useless code,,,please help....the only error iam getting is to do with the PrintWriter,,,
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
// You need to import the java.sql package to use JDBC
import java.sql.*;
public class LoginServlet1 extends HttpServlet
private Connection con=null;
public LoginServlet1(Connection con){
this.con=con;
public Connection getConnection(){
return con;
public void doGet(HttpServletRequest request,HttpServletResponse response)
 PrintWriter writer = response.getWriter();
 HttpSession session = request.getSession(true);
 String username = null;
 String password = null;
 String strHTML = "";
 boolean success = false;
 if (((username==null) || (username.compareTo("")==0)))
 strHTML = strHTML + "<title> Lab #11 Login Error </title>";
 strHTML = strHTML + "</head>";
 strHTML = strHTML + "<body bgcolor=white>";
 strHTML = strHTML + "Massive Error --- you need to provide a username ...please try again ... ";
 strHTML = strHTML + "Back to the login page ..<A HREF=\"../login.html\"> click here </A>";
 strHTML = strHTML + "</body>";
 strHTML = strHTML + "</html>";
 success = false;
 else if (((password==null) || (password.compareTo("")==0)))
 strHTML = strHTML + "<title> Lab #11 Login Error </title>";
 strHTML = strHTML + "</head>";
 strHTML = strHTML + "<body bgcolor=white>";
 strHTML = strHTML + "Massive Error --- you need to provide a password ... please try again ... ";
 strHTML = strHTML + "Back to the login page ...<A HREF=\"../login.html\"> click here </A>";
 strHTML = strHTML + "</body>";
 strHTML = strHTML + "</html>";
 success = false;
 else
 try
 // Load Oracle driver
 DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
 LoginServlet1 holder=(LoginServlet1) session.getValue("servletapp.connection");
 if(holder==null){
 try{
 holder= new LoginServlet1(DriverManager.getConnection("jdbc:oracle:thin:@macha.wit.ie:1521:MACH"));
 session.putValue("servletapp.connection",holder);
 catch(SQLException e){
 getServletContext().log(e, "No");
 success= true;
 catch (SQLException sqlex)
 strHTML = strHTML + "connection failed .... ";
 if (sqlex.getErrorCode()==1017)
 strHTML = strHTML + "OUPS !!! wrong username or password lads ...please try again ... ";
 else
 strHTML = strHTML + "SQL Error happened .... ";
 strHTML = strHTML + "Error Number = " sqlex.getErrorCode() " ";
 strHTML = strHTML + "Error Message = " + sqlex.getMessage() + " ";
 strHTML = strHTML + "ah common cheer up, it's not the end of the world... ";
 strHTML = strHTML + "Back to the login page<A HREF=\"../login.html\"> click here </A>";
 success = false;
 if (success)
 try
 getServletConfig().getServletContext().getRequestDispatcher("/WEB-INF/jsp/query.jsp").forward(request,response);
 catch (Exception ex) {
 ex.printStackTrace ();

back again,,
the code above is causing the following error when i try to run it,,
Apache Tomcat/4.0.4 - HTTP Status 500 - Internal Server Error
type Exception report
message Internal Server Error
description The server encountered an internal error (Internal Server Error) that prevented it from fulfilling this request.
the error goes on to give a very long list of exceptions and root causes,there is nothing wrong with Tomcat because i can run the other version of this program that doesnt have any sessions is it,,,
thanks

How to share objects between two ADF Faces servlet sessions

I gather the application scope is one way to go for sharing data between sessions in an ADF application. Are there other more generic methods of sharing data between servlet sessions?
For example, let's say we have a JDev 101.3 ADFBC/JSF app. (or JDev 11g for that matter). In this app we also register a servlet in web.xml. So two people log into this application and access this defined servlet, creating two instances of that servlet...I guess. Is there a way for those two instances/sessions to talk to each other? Pass data back and forth? Should I read about JMS? Or does application scope sound better? I guess a direct communication would be more tidy, than putting data on an application bulletin board, lilke application scope.
Any thoughts?

Hi,
Only one instance of each servlet defined in web.xml gets created, not one per user. You're right about the sessions though, one per user is created. You're right on the other parts as well I think you could use application scope to do something like that, or the data base for that matter, depending on the use case.
Regards,
~ Simon

Servlet Session Monitoring via MBeans turns up no MBeans

Hi,
I discovered more about why I'm not seeing any Servlet Session Runtime
MBeans when I enable session monitoring. It looks like each time my
managed server creates a new session, two errors get written to my
WebLogic log:
"####<Sep 22, 2002 6:46:43 PM EDT> <Warning> <Dispatcher>
<chile.iso-ne.com> <adminserver> <ExecuteThread: '7' for queue:
'__weblogic_admin_rmi_queue'> <> <> <000000> <RuntimeException thrown
by rmi server: 'weblogic.rmi.internal.BasicServerRef@10b - jvmid:
'7074298665992588400S:10.145.220.82:[7001,7001,7002,7002,7001,7002,-1]:smsdomain:adminserver',
oid: '267', implementation:
'weblogic.management.internal.AdminMBeanHomeImpl@3c7b65''>
weblogic.management.NoAccessRuntimeException: User guest does not have
access permission on weblogic.admin.mbean.MBeanHome
at weblogic.management.internal.Helper.checkAdminPermission(Helper.java:1637)
and
"####<Sep 22, 2002 6:46:43 PM EDT> <Error> <HTTP Session>
<chile.iso-ne.com> <webuiserver> <ExecuteThread: '0' for queue:
'default'> <> <> <100032> <Error creating servlet session runtime>
weblogic.management.NoAccessRuntimeException: User guest does not have
access permission on weblogic.admin.mbean.MBeanHome
at weblogic.rmi.internal.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:85)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:136)
at weblogic.rmi.internal.ProxyStub.invoke(ProxyStub.java:35)
at $Proxy7.getMBeanServer(Unknown Source)
at weblogic.management.internal.MBeanHomeImpl.isAdminHome(MBeanHomeImpl.java:93)
at weblogic.management.internal.MBeanHomeImpl.getMBean(MBeanHomeImpl.java:118)
at weblogic.management.internal.MBeanHomeImpl.getRuntimeMBean(MBeanHomeImpl.java:590)
at weblogic.management.internal.MBeanHomeImpl.getRuntimeMBean(MBeanHomeImpl.java:568)
at weblogic.servlet.internal.session.SessionData$1.run(SessionData.java:185)
at weblogic.management.internal.Helper.doLocally(Helper.java:1656)
at weblogic.servlet.internal.session.SessionData.getRuntimeMBean(SessionData.java:179)
at weblogic.servlet.internal.session.SessionData.<init>(SessionData.java:166)
Looks like the managed server is making a request of the admin server
and propagating the "guest" principal instead of "system".
These principal propagation errors from managed-to-admin seem to
happen all over the place with different MBeans, and get patched one
place at a time in various BEA service packs. For instance, there's
another issue with accessing the XML Entity Cache from a managed
server, and I'm sure I've read about others. Isn't there a way to
make sure these errors no longer occur with any MBean requests from
the managed server?
Jim

Add
acl.access.weblogic.admin.mbean.MBeanHome=guest
in the filerealm.properties file.
Jim Doyle wrote:
Hi,
I discovered more about why I'm not seeing any Servlet Session Runtime
MBeans when I enable session monitoring. It looks like each time my
managed server creates a new session, two errors get written to my
WebLogic log:
"####<Sep 22, 2002 6:46:43 PM EDT> <Warning> <Dispatcher>
<chile.iso-ne.com> <adminserver> <ExecuteThread: '7' for queue:
'__weblogic_admin_rmi_queue'> <> <> <000000> <RuntimeException thrown
by rmi server: 'weblogic.rmi.internal.BasicServerRef@10b - jvmid:
'7074298665992588400S:10.145.220.82:[7001,7001,7002,7002,7001,7002,-1]:smsdomain:adminserver',
oid: '267', implementation:
'weblogic.management.internal.AdminMBeanHomeImpl@3c7b65''>
weblogic.management.NoAccessRuntimeException: User guest does not have
access permission on weblogic.admin.mbean.MBeanHome
at weblogic.management.internal.Helper.checkAdminPermission(Helper.java:1637)
and
"####<Sep 22, 2002 6:46:43 PM EDT> <Error> <HTTP Session>
<chile.iso-ne.com> <webuiserver> <ExecuteThread: '0' for queue:
'default'> <> <> <100032> <Error creating servlet session runtime>
weblogic.management.NoAccessRuntimeException: User guest does not have
access permission on weblogic.admin.mbean.MBeanHome
at weblogic.rmi.internal.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:85)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:136)
at weblogic.rmi.internal.ProxyStub.invoke(ProxyStub.java:35)
at $Proxy7.getMBeanServer(Unknown Source)
at weblogic.management.internal.MBeanHomeImpl.isAdminHome(MBeanHomeImpl.java:93)
at weblogic.management.internal.MBeanHomeImpl.getMBean(MBeanHomeImpl.java:118)
at weblogic.management.internal.MBeanHomeImpl.getRuntimeMBean(MBeanHomeImpl.java:590)
at weblogic.management.internal.MBeanHomeImpl.getRuntimeMBean(MBeanHomeImpl.java:568)
at weblogic.servlet.internal.session.SessionData$1.run(SessionData.java:185)
at weblogic.management.internal.Helper.doLocally(Helper.java:1656)
at weblogic.servlet.internal.session.SessionData.getRuntimeMBean(SessionData.java:179)
at weblogic.servlet.internal.session.SessionData.<init>(SessionData.java:166)
Looks like the managed server is making a request of the admin server
and propagating the "guest" principal instead of "system".
These principal propagation errors from managed-to-admin seem to
happen all over the place with different MBeans, and get patched one
place at a time in various BEA service packs. For instance, there's
another issue with accessing the XML Entity Cache from a managed
server, and I'm sure I've read about others. Isn't there a way to
make sure these errors no longer occur with any MBean requests from
the managed server?
Jim--
Rajesh Mirchandani
Developer Relations Engineer
BEA Support

Get the Web users Clipboard text in Servlet session

We have a small web application � uses JSPs , Servlets and runs on Tomcat Server.
We are trying to get the end web user�s ( browsers ) Clipboards copied text in our Servlets session.
We know there is some AWT API to get the Clipboards copied data.
java.awt.datatransfer.Clipboard clipboard = java.awt.Toolkit.getDefaultToolkit().getSystemClipboard();
// Get data from clipboard
java.awt.datatransfer.Transferable clipData = clipboard.getContents(clipboard);
But if we use this piece of code in our servlet session, we always get the Clipboard text, which is copied on the Server. Not at the users / browsers.
So, we wonder are there any ways or similar to get the Users clipboard text in that users session.
Any help would be great.

Its the same old story.
Java code is only running on the server.
At the client end all you can work with is HTML and javascript.
With Internet explorer you can access clipboard data:
http://msdn.microsoft.com/workshop/author/dhtml/reference/objects/clipboarddata.asp?frame=true
Grab it with javascript, put it into a hidden field, and submit the page.
That will pass it as a request parameter to your jsp/servlet, and you can get at it that way.

Servlet Session data being shared

I have a bunch of servlets tha basically generate reports. The problem I'm having is that when two users run the same servlet at about the same time, one of the reports will be over written by the data of the other report. It almost seems that the users are sharing the same context.
Is there any way to fix this or do you have ny suggestions, tips as to how to prevent this.
Thnaks in advance for any help you may provide.

I ran into a similar problem not to long ago with sessions. I had an instance or global reference to the session object in my servlet. When two or more people used the servlet at just the right time I would get problems where data was getting used across sessions. For example:
public class FooServlet extends HttpServlet
     HttpSession session;
     doGet(HttpServletRequest req, HttpServletResponse res)
          session = req.getSession(false);
          doStuffWithSessionData();
     doStuffWithSessionData()
          String temp = session.getValue("temp");
          //do some stuff
}So, person A would connect to the servlet, and their session would be retreived, and the instance reference would get set to their session. Person B would connect at about the same time, their session would get retreived and the instance reference would get set to theirs... right before the getValue("temp") on person A's session is called. So, whatever I was doing for person A would end up using the data out of person B's session. I like to call this a race condition.
It is important to keep in mind that servlets are accessed by multiple threads concurrently, so you need to make sure your servlets are thread safe. Instance variables that get modified with each request are a very bad, non-thread safe thing and will cause odd behaviour like what you are describing. I speak from experience.
I fixed the above by removing the instance reference and doing the following:
public class FooServlet extends HttpServlet
     doGet(HttpServletRequest req, HttpServletResponse res)
               doStuffWithSessionData(req);
     doStuffWithSessionData(HttpServletRequest req)
          HttpSession session = req.getSession(false);
          String temp = session.getValue("temp");
          //do some stuff
          //NOTE: this works most of the time. However, if the client
          //connects with more than one browser window using the same
          //session, I could run into some trouble here too.
}That was a quick fix. However, what I really need to do is create a separate class to encapsulate all user session data and access the session and all data through public static synchronized methods on that class, passing it the request object when I do it. That way all data is stored in one object, and that object is used to do all session access in a thread-safe, synchronized manner.
I hope this information helps you and is understandable. If you have any questions I will try to clarify. Making things thread-safe can be a daunting task.

Servlet session gets reset

Does anyone know why a session would get reset when an application posts from a JSP page to a servlet. (is this a known bug with weblogic? or is there a property I have to set?

Hi
Without a sample of your code it is difficult to point out where the problem could be. When posting question`s make sure that you give enough information about your problem.
As far as the problem goes try looking into the deployment descriptor and aslo try setting the session timeout programatically through setMaxInactiveTime() method.
Good Luck!
Eshwar Rao
Developer Technical Support
Sun microsystems inc
http://www.sun.com/developers/support

Synchronized(session) question

Hi Gurus,
I see some race condition in my application. And my question ist now. If I use:
synchronized(session)
in one servlet. Does is prevent an other servlet (not another instance of the same servlet) to manipulate the session? (second servlet doesen't use synchronized(session) )
I thought this isn't possible but I realise this is the case in my webapp.

No that doesn't help.
"there is no gurantee that you are using the the same object in different requests "
Session objects are on a per user basis.
Scenario One: User1 makes request. Servlet synchronizes on the Session object for this user. All other requests for other users use different Session objects so are not impacted by the synchronization for user1's Session. Servlet releases lock on user1' s session and returns the response.
Scenario Two: User1 makes request. Servlet synchronizes on the Session object for this user. All other requests for other users use different Session objects so are not impacted by the synchronization for user1's Session. Before the server releases the lock on user1's Session object, user1 makes a new request which tries to access user1's Session object and is blocked until the first request is processed and the lock released.
I don't see how in either of these two scenarios that useri could get two different Session objects. In fact if it were possible then the storing of data in sessions would not be guaranteed which would be amajor flaw in the whole technology.

Session question; best practice

Hi,
One of our high profile application's queries/updates are served to user sessions. But we wanted to improve user query performance and reduce general database activity.
This piece of application cause an auto refresh to execute every 60 seconds. These queries execute against order tables looking for statuses on active orders, are user specific, and in some cases are not optimally tuned producing very high database buffer get and disk read activity. On average, 1,500 executions representing various flavors of these queries are executed hourly.
my questions are:
1) how can we get max performance ?
2) can we cache these queries for like every 30 secs ?
3) how can we cache ? so that user sessions would access the cache.
-sharma

well, you could load the data and put it in the application scope (in memory) with a timeout time so that it's not used after however long, in which case, a request would have to go to get the newer data from the DB.

Global variable in servlet & DBPooling questions

Hello guys,
I used to develop PHP/ASP, and am new to servlet. I have been searching around for a solution ...
With Php, we can get the reference of a global variable in any classes->functions...
How do I do this with servlet ?
And second..I have developed the DB class as below... I set the datasource to be static, so it initializes only once. Is it a good idea? How would you like to improve this class? any comments?
package shop.database;
import javax.sql.DataSource;
import java.sql.*;
import org.apache.commons.dbcp.BasicDataSource;
import org.apache.log4j.Logger;
import shop.admin.exception.GeneralException;
public class DdManager {
     static protected Logger logger = Logger.getLogger(DdManager.class);
     private String userName = "root";
private String password = "";
private String hostName = "jdbc:mysql://localhost:3306/shop";
private String database="shop";
     static private DataSource ds;     // set this to be static so all threads share the same job in JVM
     private Statement stmt;
     private Connection conn;
     private ResultSet rs;
     private CallableStatement cs;
public DdManager() {}
* setup the data source and return it
     public static DataSource getDataSource(
          String sDrvName,
          String sUserName,
          String sPwd,
          String connectURI) {
          BasicDataSource ds = new BasicDataSource();
          ds.setDriverClassName( sDrvName );
          ds.setUsername( sUserName );
          ds.setPassword( sPwd );
          ds.setUrl( connectURI );
          ds.setMaxActive( 15 );
          ds.setMaxIdle( 10 );
          ds.setMaxWait( 10000 ); // 10 seconds
          return ds;
     * static init of the class
     * this class is will be called only once to initialize the DataSource
     static {
          try {
               Class.forName( "com.mysql.jdbc.Driver" );
               ds = getDataSource(     "com.mysql.jdbc.Driver",
                                        "root",
                                        "jdbc:mysql://localhost:3306/shop" );
               if (ds == null) {
                    String msg = "Connection Pool error";
                    logger.error(msg);
                    throw new GeneralException(msg);
               logger.info("DataSource has been initialized");
          } catch(Exception exception) {
               logger.error(exception.toString());
               try {
                    throw new GeneralException(exception.toString());
               } catch (GeneralException e) {
                    logger.error(e.toString());
     * get the connection from the pool (DataSource)
public void openConnection() throws GeneralException {
try {
     BasicDataSource bds = (BasicDataSource) ds;
     logger.info("NumActive: " + bds.getNumActive() + ", " + "NumIdle: " + bds.getNumIdle());
conn = ds.getConnection();
logger.info("Connection of " + database + " has been established");
} catch(Exception exception) {
     logger.error(exception.toString());
     throw new GeneralException(exception.toString());
* close the connection will actually return the connection to the pool (Must)
public void closeConnection() throws GeneralException {
     initResource();
try {
     if (conn != null){
               conn.close();
               logger.info("Connection of " + database + " has been closed");
} catch(SQLException exception) {
     logger.error(exception.toString());
     throw new GeneralException(exception.toString());
* prepare the calling stmt
public void prepareProcedure(String callStatement) throws GeneralException {
     initResource();
try {
     cs = conn.prepareCall(callStatement);
} catch(SQLException exception) {
     logger.error(exception.toString());
     throw new GeneralException(exception.toString());
* set the pass-in parameter for "String"
public void setParameter(int position, String parameter) throws GeneralException {
try {
     cs.setString(position, parameter);
} catch(Exception exception) {
     logger.error(exception.toString());
     throw new GeneralException(exception.toString());
* set the pass-in parameter for "Integer"
public void setParameter(int position, int parameter) throws GeneralException {
try {
     cs.setInt(position, parameter);
} catch(Exception exception) {
     logger.error(exception.toString());
     throw new GeneralException(exception.toString());
* execute the procedure and return the resultset
public ResultSet execProcedure() throws GeneralException {
try {
     rs = cs.executeQuery();
} catch(SQLException exception) {
     logger.error(exception.toString());
     throw new GeneralException(exception.toString());
return rs;
* close the statment and resultset
     private void initResource() throws GeneralException {
     try {
          if(rs != null) {
               rs.close();
          if(stmt!= null) {
               stmt.close();
          logger.info("Statement & Resultset have been free");
     } catch(Exception exception) {
     logger.error(exception.toString());
     throw new GeneralException(exception.toString());
Thanks mates!
myy

Thanks Saish,
Your response is really appreciated. Sorry about that
as i didnt know there is 'code' formatting button,
and I will look into the Singleton pattern.
As I'm still in the learning stage. Therefore, i
still have a lot of thing do not understand.
... use it in a method signature ...What is "a method signature" ?
A method signature is basically the method's parameters, return value, name and any access or other modifiers. The following is a method signature:
static final public void main(final String[] args)Between the braces of the method body is the implementation (or as I already alluded to, the method body).
Consider using an already-developed connection poolimplementation, such as Jakarta Commons DBCP ...
I'm trying to implement the Jakarta DBCP. Did I go
into the wrong way?
Sorry, did not read the imports. Yes, you are. However, I am confused about what you are trying to implement. You have a static method getDataSource(). You also have a static variable 'ds'. Use one or the other. I would be that there are seemingly random errors cropping up based on whether you remember to call getDataSource() or not.
You do not, generally, want the data source to be static. Multiple threads might use the class. And if there is only a static data source, you will either need to synchronize the methods that use the data source (resulting in a scaling bottleneck) or not synchronize them (which will totally destroy any concept of a logical unit of work or database transaction).
.. A static datasource, as in your class, can onlysafely be used by one thread at a time, potentially
introducing scaling bottlenecks (or race conditions)
in your system ...
So, you mean there is no need for the DataSource to
be static ?
No, in fact, IMO, it should not be. That is why you are pooling. Use instances. The pool will manage the connections and their availabilty for you.
Why are you throwing GeneralException everywhere?Here's a question: can someone using your class (a
caller) realistically be expected to handle a
database exception?
When there is a database error, I just want to stop
the process and redirect the user to an error page. I
will look into the unchecked exceptions. Thanks.
Unchecked exceptions do not need to be declared in a method signature or caught within the method body. Checked exceptions do. As such, an added benefit is that unchecked exceptions de-clutter your code.
In your initResources() method, what happens if theclose() on ResultSet throws an exception
Oh, yes. I'm so stupid.
Now I only have ...
     private static DataSource ds;     // set this to
be static so all threads share the same obj in JVM
     private Connection conn;
     private CallableStatement cs;
private void initResource() throws GeneralException
n {
     try {
          if(cs != null) {
               cs.close();
logger.info("CallableStatement has been
as been free");
     } catch(Exception exception) {
     logger.error(exception.toString());
throw new
throw new GeneralException(exception.toString());
You still have issues.
public void initResources() {
   if (rs != null) {
     try { rs.close(); } catch (SQLException ignore) { ignore.printStackTrace(); }
   if (stmt != null) {
     try { stmt.close(); } catch (SQLException ignore) { ignore.printStackTrace(); }
}Normally, this type of method would not be called initResources() but rather closeResources() or freeResources(). It would be called from within the 'finally' block of another method using the CallableStatement or ResultSet.
This is really is problem, would you mind to tell me
how to handle this(close the connection) if the
close() on either CallableStatement or Resultset
throws an exception ?
See above. Simply log the exception (there is usually nothing meaningful you can do if a close() fails, and it is up to you as a developer if this is an error or just a warning). Another option is to 'chain' exceptions. In your own exception, add a method 'addException(Throwable)'. This would add another exception to a List of exceptions. When you print the stack trace, iterate through the chained exceptions to print them all out. One place where I find this useful is rollback() code. If the original SQL statement fails AND the rollback fails, I definitely want to see that rollback() exception as well in my logs.
The DB thing makes me headache. What I actually
wanted is a solution for:
Let say I have a class "HelloAction.class" contains
the code:
public ActionForward XXX() {
     DbManager DB = new DBManager();
     ... do some DB thing here...
     SecondClass SC = new SecondClass();
     SC.doSomeOtherDbThing();
     ... do something else...
     ThirdClass TC = new ThirdClass();
     SC.doMoreOtherDbThing();
}There are some functions in SecondClass.class and
ThirdClass.class that will need database connection.
I consider 'global variable' is because I want these
two classes are able to use the same
connection(DbManager) from the function -
ActionForward XXX().
What is the best way to implement the above situation
(sharing the same connection in different classes &
sub-classes?
I also just realize that the problem of multi-threads
with these two class variables..
     private Connection conn;
     private CallableStatement cs;Really headache. I really appreciate any comments.
Thanks.
- myyPass the Connection or DataSource to each method or constructor. Call commit() or rollback() from the method that created the transaction.
- Saish

JNDI Lookup in Servlet - Design Question

I will appreciate if someone answers/clarifies my following questions.
I am using Tomcat Connection pooling.
1. If I understand correctly- with Connection Pooling - Server will take
care of opening the connections with DB
So if the Max users allowed is 10, it means that at any given time 10
Concurrent users will be allowed access to DB.
2.. Where do I place the code for doing the context lookup?
I have many servlets called by JSP pages and these servlets will be
accessing Database.
(a) Shall I place the context lookup code in each of the servlets Init
Method, but by doing so I am writing the same code again and
again.
If I understand correctly the Context lookup code is following 3 lines
or Can I squeeze more code in Init()
Context i = new InitialContext();
Context e = (Context) i.lookup("java:comp/env");
DataSource d = (DataSource) e.lookup("jdbc/mytestdb");
Again if I have 30 Servlets, is this still a good idea?
(b) If there is an alternative to 2 (a), like having another class or
something, please elaborate on that and which part of code should
be in this alternative.
My application will be using JSP pages to call servlets that access Database to update or display results.
Thank you very much.

Thanks for reply.
Yes, I have read that putting connection code in init of servlet is not good. Hence
I have now a DbHelper Class that takes care of opening and returning a Connection when called.
Servlets call this DbHelper class to get connection.
Is the following a good idea?
DbHelper.java
import javax.naming.*;
import javax.sql.*;
import java.sql.*;
public class DbHelper {
 //private final static String DATASOURCENAME = "java:comp/env/jdbc/schooljsp";
 public static Connection getConnection(String jndiName){
 System.out.println(jndiName);
 try {
 Context ctx = new InitialContext();
 DataSource datasource = (DataSource)ctx.lookup(jndiName);
 Connection con = null;
 if (datasource != null) {
 con = datasource.getConnection();
 return con;
 } catch (NamingException ex){
 throw new RuntimeException("Init: Cannot get connection" + ex);
 } catch ( SQLException e){
 throw new RuntimeException("Cannot get Connections from Datasource");
}And MY Servlet code
public class AuthServlet1 extends HttpServlet {
 private final static String DATASOURCENAME = "java:comp/env/jdbc/schooljsp";
 public void doGet(HttpServletRequest req, HttpServletResponse res)
 throws ServletException, IOException {
 res.setContentType("text/html");
 PrintWriter out = res.getWriter();
 try {
 Connection conn = DbHelper.getConnection(DATASOURCENAME);
 Statement stmt = conn.createStatement();
 ResultSet rs = stmt.executeQuery("select * from SIGNUP");
 out.println("SIGNUP ");
 while (rs.next()) {
 out.print(rs.getString(1));
 out.print(" ");
 out.print(rs.getInt(2));
 out.println(" ");
 rs.close();
 stmt.close();
 }catch (Exception e) { System.out.println("Error e : " + e); }
}Or I can make it more robust and better?
Thanks a lot.

Servlet Session Questions

Similar Messages

Maybe you are looking for