Servlets, JSESSIONID, and HttpSession
I have a clustered WL7 environment setup. The app uses:
ServletAuthentication.weak(user,pass,request);
To ensure that the userid is correct. It successfully authenticates and sets
the JSESSIONID cookie value on the admin server and going back to the same
server is no problem but when I invoke the servlet on the other server
within the cluster, there's no JSESSIONID cookie and so the user is not
authorized.
Any pointers, tips would be apprechiated.
Thanks
Web Server 6.0 docs collection is in : http://docs.sun.com/app/docs/coll/S1_ipwebsrvree60_en
Planet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets http://docs.sun.com/app/docs/doc/816-5689-10
If possible upgrade to Web Server 7.0 Update 2 from :
http://www.sun.com/download/index.jsp?cat=Web%20%26%20Proxy%20Servers&tab=3&subcat=Web%20Servers
docs collection:
http://docs.sun.com/app/docs/coll/1653.2
Sun Java System Web Server 7.0 Update 2 Developer's Guide to Java Web Applications
http://docs.sun.com/app/docs/doc/820-2207
Similar Messages
-
Problem with HttpURLConnection and HttpSession.
Hi,
Problem with HttpURLConnection and HttpSession.
I created a HttpSession object in my main class and then called a URL via HttpURLConnection.
I tried to access the same session object from the servlet called by the URL . but the main session
is not returned a new seperate session is created.let me know how can we continue the same session in
the called URL also which is created in main class.
Thanks
PrasadYou are not supported to create a HttpSession by java client. Only J2EE web container can create it.
-
My JSP's/Servlets use simple HttpSession objects that expire when the browser is closed. It is my understanding that if a browser has cookies disabled that URL rewriting is used. I've been testing in IE6 and when cookies are restricted all my session objects are all null. So it appears URL writing isn't occuring.
Is there anything I have to do to 'turn on' URL rewriting? Any other suggestions?Hi Jason,
Read this:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q293222
http://support.microsoft.com/support/kb/articles/q293/2/22.asp?LN=EN-US&SD=gn&FR=0&qry=cookie&rnk=10&src=DHCS_MSPSS_gn_SRCH&SPR=IE600
--Paul -
Security & Servlet engine and ejb container on different servers
When you have the servlet container and the ejb container on different physical servers,
how is the rmi connection meant to to be done while still maintaining the seucrity
propagation from servlet to ejb tier?
Assume that my user is already authenticated (forms) on the servlet tier. Do we then
create a dedicated connection (InitialContext + url/username/password properties)
to the ejb tier and store this connection in the HttpSession? (basically authenticating
a 2nd time)
OR,
can the servlet container make a generic connection to the ejb container, and pass
the users security context to the ejb tier transparantly?
-Sam
Nick Minutello <[email protected]> wrote:
> Assuming that web container security is being employed, I guess the fundamental question
> is: Is it necessary to create a "connection" (ie. an InitialConext) per user, or
> can a "global" initial context be shared (in the end, the TCP connection is shared
> anyway)?
It doesn't create a 'connection' per user - when you use JNDI authentication (specifying
principal and credentials when constructing InitialContext) it associates security info
with the current thread for the duration of the request. If you cache InitialContext and
use it later on some other thread it will not do anything.
> Does it really matter?
No ;-)
> Thanks,
> Nick
> "Dimitri I. Rakitine" <[email protected]> wrote:
>>Nick Minutello <[email protected]> wrote:
>>
>>
>>> OK, so when I create the InitialContext, I just specify the URL (to call
>>the remote
>>> EJB container). The user ID and credentials are mapped automatically.
>>
>>> I obviously also need to cache the initialContext variable in my HTTPSession
>>object?
>>
>>> What would happen if I had one InitialContext for the whole servlet engine
>>- and
>>> each thread used that. Would the thread (security) context still get passed
>>- or
>>> would the credentials for the original connection get used?
>>
>>If you use web-app security, container will associate security info with
>>the current
>>thread before invoking your servlet. If you do not use it and cache InitialContext,
>>
>>then the current user will always be 'guest' (except for the very first
>>time when
>>application calls 'new InitialContext()' with username/password.
>>
>>
>>> Thankyou.
>>> -Sam
>>
>>
>>> "Vinod Mehra" <[email protected]> wrote:
>>>>
>>>>"Sam the bad cat" <[email protected]> wrote in message
>>>>news:[email protected]...
>>>>>
>>>>>
>>>>> When you have the servlet container and the ejb container on different
>>>>physical servers,
>>>>> how is the rmi connection meant to to be done while still maintaining
>>>>the
>>>>seucrity
>>>>> propagation from servlet to ejb tier?
>>>>>
>>>>> Assume that my user is already authenticated (forms) on the servlet
>>tier.
>>>>Do we then
>>>>> create a dedicated connection (InitialContext + url/username/password
>>>>properties)
>>>>> to the ejb tier and store this connection in the HttpSession? (basically
>>>>authenticating
>>>>> a 2nd time)
>>>>>
>>>>> OR,
>>>>> can the servlet container make a generic connection to the ejb container,
>>>>and pass
>>>>> the users security context to the ejb tier transparantly?
>>>>
>>>>If the user has logged in already, ie the authenticated user is already
>>>>in
>>>>the execute
>>>>thread, the identity should be propgated to the ejb tier transparantly,
>>>>when
>>>>you create the
>>>>new initial context.
>>>>
>>>>--Vinod.
>>>>
>>>>
>>>>>
>>>>> -Sam
>>>>>
>>>>>
>>>>
>>>>
>>
>>--
>>Dimitri
>>
Dimitri
-
HttpSessionContext and HttpSession
hi,
With all the knowledge i gathered from here and there about sessions - to be frank i am very confused.
1>Can someone please explain to me why and how HTTPSEssionContext is used
2> I am using about 6 servlets, where each servlet is creating a separate dynamic web page.
The first servlet is one which creates a login page. Once i create the login page, i get the id which has to be carried through the different servlets. This is easy, as i can pass query string parameter. My problem is that in between the third and the fourth servlet, i call a static html page. Once i get the static page, then i am not able to pass the id anymore. Can someone tell me how to do it?
3>The command
HttpSession sesStore = req.getSession(true);
Is this given when i create a new session. ie) in the above example, the first servlet. When the second servlet is called,
HttpSession sesStore = req.getSession(false);
i have to change the true to false, Right
A bit confused
Please throw some light
PratibhaSessionContext is used to figure out the environment in which the servlet is running. For example, if there are configuration variables that have been set, you can call
String val = getInitParameter( "ParmName" );Going to a static HTML page is not a problem if you use cookies for storing the session key. The browser doesn't know what is dynamic and what is static so it passes the cookie along on every request, so you have no worries there.
As far as the getSession() methods, I have had no end of frustration with those. I have never seen them actually work according to documentation. As far as I can tell, getSession( true ) always creates a new session, but the docs suggest that it won't make a new one if there is already one there. I have had nothing but inconsistent results with the getSession() method (no parameters).
On my projects I have ended up doing a getSession(true) during login, and then getSession(false) for the rest of the time. -
Revision: 14330
Revision: 14330
Author: [email protected]
Date: 2010-02-22 10:03:03 -0800 (Mon, 22 Feb 2010)
Log Message:
BLZ-476 : Getting different error message in server's servlet log and console log when class is not of expected type.
QA: no
Doc: no
checkin test : pass
Ticket Links:
http://bugs.adobe.com/jira/browse/BLZ-476
Modified Paths:
blazeds/trunk/modules/core/src/flex/messaging/MessageBrokerServlet.javaHi, wbracken ,
As known, there are 2 different questions I raised.
Regarding the reply for the second one (Nothing to do with Chinese), I noticed there are several similar issues found in this forum, and it seems no response could solve my that problem. The related methods and classes were also well check, as well as the parameters put.
Any way, your reponse was appreciated.
Thank you for the help. -
Revision: 14341
Revision: 14341
Author: [email protected]
Date: 2010-02-22 13:19:46 -0800 (Mon, 22 Feb 2010)
Log Message:
BLZ-476 : Getting different error message in server's servlet log and console log when class is not of expected type.
Ticket Links:
http://bugs.adobe.com/jira/browse/BLZ-476
Modified Paths:
blazeds/trunk/modules/core/src/flex/messaging/MessageBrokerServlet.java
blazeds/trunk/modules/core/src/flex/messaging/util/ClassUtil.javaHi, wbracken ,
As known, there are 2 different questions I raised.
Regarding the reply for the second one (Nothing to do with Chinese), I noticed there are several similar issues found in this forum, and it seems no response could solve my that problem. The related methods and classes were also well check, as well as the parameters put.
Any way, your reponse was appreciated.
Thank you for the help. -
How to run servlet in and out JDev.
Hi,
I have developed a simple servlet through wizards.Since i'm new to the servlet in JDev. i'm facing problem to run the servlet in and out of JDeveloper.
Even i run as per the help documentation,
i'm getting this error
java.io.IOException: CreateProcess: cmd.exe /C start "" "C:\JDEVELOPER3.0\public_html\WebAppRunner.html" error=0
I would be gratefull if anyone assists me.
nullI am also not able to take a simple tutorial application from Jdev 3.0 and deploy it on Oracle App Server 4.0.8.1.
I ran the tutorial which creates a Jservlet accessing one database table. It runs fine on Jdev 3.0.
I used the deploy wizard to create a Jar file. I sent the Jar file to the OAS.
Updated the OAS class path to point to the
Jar file. Invoking the url
host:\vitual\mypkg.myclass gets an error msg
application error has occurred.
A snip from WRB.LOG
`JAVAWEB` 772 0 0x400fff `Exception happend in executing racle.OAS.servlet.servletrunner.main(String[])
Any detailed steps on how to do this is appreciated.
Thanks
Mike -
Where should the support classes of servlets, JSPs and EJBs be placed
Hi
Could you please tell me where the support classes (simple
java classes) used by servlets, JSPs and EJBs should be placed.
I find that my application does not work if I place all the
support classes of a servlet under $MYSERVER/clientclasses. I need to place some in $MYSERVER/clientclasses and some in
$MYSERVER/servletclasses. But I figured this out my trial and error and I could not find any logical explanation why some of them should go into $MYSERVER/clientclasses and others into
$MYSERVER/servletclasses.
Thanks
Regards
Pratima
you can put 'em in weblogic classpath
Kumar
Pratima Nambiar wrote:
> Hi
> Could you please tell me where the support classes (simple
> java classes) used by servlets, JSPs and EJBs should be placed.
> I find that my application does not work if I place all the
> support classes of a servlet under $MYSERVER/clientclasses. I need to place some in $MYSERVER/clientclasses and some in
> $MYSERVER/servletclasses. But I figured this out my trial and error and I could not find any logical explanation why some of them should go into $MYSERVER/clientclasses and others into
> $MYSERVER/servletclasses.
>
> Thanks
> Regards
> Pratima
-
I need to develop a web-based facility where I can present the contents of server-based CSV files to a thin-client user (i.e. browser only) in the form of graphs or charts. I want to stick to a Java solution, not ActiveX chart components.
I know that there are various Java-based components that I can purchase for a reasonably modest fee, but I would like to learn to do this myself.
Is JSF an appropriate technology for servlet graphing and charting ? Can anyone point me in a good direction for some code starters ?
Thanks.Hi,
please look at the sample-apps in SUN's RI for JSF.
There is a chart-component.
perhaps this is usful for you.
Regards,
Matthias -
Package javax.servlet.* and javax.xml.rpc.*
Which jar file(s) in Oracle WebLogic Server 10.3 contain these two packages: package javax.servlet.* and javax.xml.rpc.*? Where are they located? Thanks
I don't have access to my WLS installation right now, but normally I use a class finder utility like this one to answer questions like this:
http://www.inetfeedback.com/jarscan/ -
Want to run servlets, jsp and ejb
Hi there, I have just installed Oracle9iAS on my PC and want to check how to use OAS with servlets, JSPs and ejbs, so can any one tell me where can I find some worked examples and step by step deployment process, any help would be appreciated, regards, Shabbier
If you have installed Oracle9iAS, you should be able to get to the welcome page at
http://<machine_name>:7778/
You can see J2EE demos off that page.
Also, you can find info about oracle9iAS and documentation
at http://otn.oracle.com/products/ias/content.html
OC4J info can be found at
http://otn.oracle.com/tech/java/oc4j
-Prasad -
Exact functions of Servlet context and servlet Config inside web container
What is the correct(exact) function in the Servlet Context and Servlet Config inside the Web Container?.
Pls anybody response me.
-- PalaniServletConfig:
The container reads the servlet init-parameters specified in web.xml then adds them to ServletConfig. The container then passes ServletConfig to the servlet. Thereafter, the servlet can access the ServletConfig and get the servlet init-parameters. The idea is that you can avoid hard coding data that might change in your servlet code, e.g. an email address. If the email address changes, you can change it in web.xml instead of having to hunt through all your code and change the email address every place it appears and then recompiling the servlet.
Servlet init-parameters in web.xml are targeted for one servlet.
ServletContext:
The ServletContext is an app wide bulletin board where you can post data. Other parts of your app, e.g. other servlets, can then read the data on the bulletin board.
Also, similar to ServeltConfig, the container reads context-init parameters from web.xml and inserts them into ServletContext. However, in this case they are inserted into an app wide bulletin board, and therefore all servlets can read them.
An example: you might put database connection info in some context-init parameters. Then when the ServletContext is created, you can have "a listener" respond to the ServletContext creation event and get the database info, create a database connection, and attach it to the ServletContext. Then the database connection will be available to any servlet that needs it.
palanithendral wrote:
What is the correct(exact) function in the Servlet Context and Servlet Config inside the Web Container?.
The exact function of each would be determined by the group of methods each one provides. You need to check the java docs to see what each method does. -
XSQL and HttpSession object availability
Hello,
How to access the very convenient unique HttpSession unique ID?
The one we have this way within a servlet:
HttpSession session = request.getSession(true);
System.out.println(session.getId());
Thank You in advance
JRoch
nullYou can access this easily by writing a custom action handler. Here is the code for a custom action handler that sets the value of the Http Session id into a page parameter named "session-id".
import oracle.xml.xsql.*;
import java.sql.SQLException;
import org.w3c.dom.Node;
import javax.servlet.http.*;
public class GetSessionId extends XSQLActionHandlerImpl {
public void handleAction( Node rootNode ) throws SQLException {
XSQLPageRequest req = getPageRequest();
if (req.getRequestType().equals("Servlet")) {
HttpSession sess =
((XSQLServletPageRequest)req).getHttpServletRequest().getSession(true);
if (sess != null) {
req.setPageParam("session-id",sess.getId());
}Then from within your XSQL page, you can say:
<xsql:action handler="GetSessionId"/>
and then later in the page refer to the parameter named session-id to access it's value as a lexical or bind parameter. -
Hi guys, i think this is not te correct forum to ask about struts, but i realy need some help with that, i need to get the ID of a Http session and use this ID inte action class of struts for others task, can anyone help me on how to get the http session id from struts 2
thanks in advanceUse HttpSession.getId() [1]. Make it a point to read the documentation, you'll get more than enough help there and you'll learn as well.
[1] http://java.sun.com/products/servlet/2.2/javadoc/javax/servlet/http/HttpSession.html#getId()
People on the forum help others voluntarily, it's not their job.
Help them help you.
Learn how to ask questions first: http://faq.javaranch.com/java/HowToAskQuestionsOnJavaRanch
(Yes I know it's on JavaRanch but I think it applies everywhere)
----------------------------------------------------------------
Maybe you are looking for
-
LSMW file upload from presentation server
Hi, We are using LSMW to create new Document info records and will need to upload/ attach multiple files to the DIR. everything is working except in the IDOC processing stage, it errors out - "Error while checking in and storing: otlta134a\pcm\test1.
-
My iphone 3gs is not being recognized on itunes
hi i got a iphone 3gs and it fell on the floor and it turned off and now it wont turn on at all and when i try to connect it itune it doesnt come up. I have the latest version of itunes and i haave a 2.0 usb port but i dont know why it still is not w
-
Hello everybody, Is there any standard report which include the name of the vendor, the total of the credit transaction figure and the final balance (ex. for the end of 2009)? Thanks, Regards Sorin
-
Connect macbook pro and imacac shows up in the finder window under shared b
I have turned on file sharing on both. My imac shows up in the finder window under shared but the macbook won't connect. Is there something else i need to do?
-
Urgent - FileDialog behaviour in Mac OS
Hi I have a Java Swing application which should allow the user to save data in a file using the FileDialog functionality. I find that on Windows, the application works properly i.e. it opens up a FileChooser window and one can enter the name of a fil