Session Timeout and Url Redirect in BlazeDS?
We have a JSF2 Webapp and Flex 4 integreated.
Question
1. How can we pass the parameters in web.xml to make FLEX4 redirect to login page when the session timeouts instead of giving a AMF Communication Error?
Thanks,
User.
hi, i am also struggling with the same problem, have you got any solution
Similar Messages
-
Session Timeout and Dynamic Actions
Did anybody ever use the Session Timeout feature in APEX successfully?
I have set an idle session timeout and provided an url to redirect to once the session is expired: Home > Application Builder > Application nnn > Shared Components > Edit Security Attributes > Session Timeout
It works so far during the page rendering and page processing phase. But I have major problems with dynamic actions and custom ajax requests.
Dynamic actions will just hang and simply don't return. Even worse, when I execute the dynamic action once the session is expired, the session seems to be physically deleted and thus the next click on a tab will not redirect to the expiration page but go straight to the login page.
Did anybody make it work or is the best way to implement a custom session timeout?
Thanks,
Dietmar.Hi All,
Check out the Session Timeout plug-in available here:
http://skillbuilders.com/plugins
Let me know if that helps.
Regards,
Dan
blog: http://DanielMcghan.us/
work: http://SkillBuilders.com/APEX/ -
Session timeout and Custon login module
Hi,
Dev Platform: Jdev 10.1.3.4.0, Oracle 10.2.4
I'm trying to trap the session timeout and display a page. I'm using the code below from Frank Nimphius. I've also provided a console log of what is happening when the application times out. Instead of the filter being called the system is calling the dblogin module and attempting to login the anonymous user. I renamed the anonymous user and I just see log entries where the system attempted to find the anonymous user.
If I use the application to logout I get a Logout page with a button to confirm the logout. When I press the button the session is invalidated and the filter code brings up my "Session Timeout" notification page. This isn't what will happen in the end but I just wanted to tell you that the filter does work in certain instances.
How can I make the system not attempt to login the anonymous user and have the filter code run?
TIA, Dave
package isdbs.view.security;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class ApplicationSessionExpiryFilter implements Filter {
private FilterConfig _filterConfig = null;
public void init(FilterConfig filterConfig) throws ServletException {
_filterConfig = filterConfig;
public void destroy() {
_filterConfig = null;
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
String requestedSession = ((HttpServletRequest)request).getRequestedSessionId();
String currentWebSession = ((HttpServletRequest)request).getSession().getId();
boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
// if the requested session is null then this is the first application
// request and "false" is acceptable
if (!sessionOk && requestedSession != null){
// the session has expired or renewed. Redirect request
((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
else{
chain.doFilter(request, response);
}Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymous
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option debug = true
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option log level = log all
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option logger class = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option data_source_name = jdbc/elearnDS
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user table = TBL_LOGIN
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles table = XREF_LOGIN_ROLE
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option username column = LOGIN_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password column = PASSWORD
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles column = ROLE_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user pk column = LOGIN_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles fk column = LOGIN_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password encoding class = oracle.sample.dbloginmodule.util.DBLoginModuleClearTextEncoder
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option realm_column = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option application_realm = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] login called on DBTableLoginModule
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Calling callbackhandler ...
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Username returned by callback = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] User query string: select LOGIN_NM,PASSWORD, LOGIN_ATTEMPTS, ACTIVE_IND from TBL_LOGIN where lower(LOGIN_NM)= lower((?))
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Logon Successful = false
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Abort called on LoginModule
Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.OC4JUtil doJAASLogin
WARNING: Login Failure: all modules ignored
javax.security.auth.login.LoginException: Login Failure: all modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at oracle.security.jazn.oc4j.OC4JUtil.doJAASLogin(OC4JUtil.java:241)
at oracle.security.jazn.oc4j.GenericUser$1.run(JAZNUserManager.java:818)
at oracle.security.jazn.oc4j.OC4JUtil.doWithJAZNClsLdr(OC4JUtil.java:173)
at oracle.security.jazn.oc4j.GenericUser.authenticate(JAZNUserManager.java:814)
at oracle.security.jazn.oc4j.FilterUser.authenticate(JAZNUserManager.java:1143)
at com.evermind.server.http.EvermindHttpServletRequest.checkAndSetRemoteUser(EvermindHttpServletRequest.java:3760)
at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:706)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.GenericUser authenticate
FINE: JAAS-OC4J: Authentication failure for user: null
Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymousI added an HttpSessionListener upon login here's what I get:
09/03/31 08:21:25 Inside sessionCreated
09/03/31 08:21:25 Before New session createb = 0
09/03/31 08:21:25 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
09/03/31 08:21:25 After New session count = 1
At session timeout here's what I get:
09/03/31 08:23:27 Count before destroyed = 1
09/03/31 08:23:27 Destroyed session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
09/03/31 08:23:27 Count after destroyed = 0
09/03/31 08:23:27 Inside sessionCreated
09/03/31 08:23:27 Before New session createb = 0
09/03/31 08:23:27 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
09/03/31 08:23:27 After New session count = 1
Notice that the session Id in each case is IDENTICAL. That is why the Filter code isn't doing what it is intended to do. Whay is the same session ID being created after it is destroyed? Is there a configuration parameter that controls it?
Thanks,
Dave -
Under Excel Service Application --> session management; what is the difference between Session timeout and Short Session timeout?
Any call made from the API will automatically be set to the “Session Timeout” period, no matter
what. Calls made from EWA (Excel Web Access) will get the “Short Session Timeout” period assigned to it initially.
Short Session Timeout and Session Timeout in Excel Services
Short Session Timeout and Session Timeout in Excel Services - Part 2
Sessions and session time-outs in Excel Services
above links are from old version but still applies to all.
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog -
Cisco ISE guest portal redirect not working after successful authentiation and URL redirect.
Hi to all,
I am having difficulties with an ISE deployment which I am scratching my head over and can't fathom out why this isn't working.
I have an ISE 3315 doing a captive webportal for my guest users who are on an SSID. The users are successfully redirected by the WLC to the following URL:https://x.x.x.x:8443/guestportal/Login.action?portalname=XXX_Guest_Portal
Now when the user passes through the user authentication splash screen they get redirected to https://x.x.x.x:8443/guestportal/guest/redir.html and recieve the following error:
Error: Resource not found.
Resource: /guestportal/
Does anyone have any ideas why the portal is doing this?
Thanks
PaulHello,
As you are not able to get the guest portal, then you need to assure the following things:-
1) Ensure that the two Cisco av-pairs that are configured on the authorization profile should exactly match the example below. (Note: Do not replace the "IP" with the actual Cisco ISE IP address.)
–url-redirect=https://ip:8443/guestportal/gateway?...lue&action=cpp
–url-redirect-acl=ACL-WEBAUTH-REDIRECT (ensure that this ACL is also defined on the access switch)
2) Ensure that the URL redirection portion of the ACL have been applied to the session by entering the show epm session ip command on the switch. (Where the session IP is the IP address that is passed to the client machine by the DHCP server.)
Admission feature : DOT1X
AAA Policies : #ACSACL#-IP-Limitedaccess-4cb2976e
URL Redirect ACL : ACL-WEBAUTH-REDIRECT
URL Redirect :
https://node250.cisco.com:8443/guestportal/gateway?sessionId=0A000A72
0000A45A2444BFC2&action=cpp
3) Ensure that the preposture assessment DACL that is enforced from the Cisco ISE authorization profile contains the following command lines:
remark Allow DHCP
permit udp any eq bootpc any eq bootps
remark Allow DNS
permit udp any any eq domain
remark ping
permit icmp any any
permit tcp any host 80.0.80.2 eq 443 --> This is for URL redirect
permit tcp any host 80.0.80.2 eq www --> Provides access to internet
permit tcp any host 80.0.80.2 eq 8443 --> This is for guest portal
port
permit tcp any host 80.0.80.2 eq 8905 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
permit udp any host 80.0.80.2 eq 8905 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
permit udp any host 80.0.80.2 eq 8906 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
deny ip any any
Note:- Ensure that the above URL Redirect has the proper Cisco ISE FQDN.
4) Ensure that the ACL with the name "ACL-WEBAUTH_REDIRECT" exists on the switch as follows:
ip access-list extended ACL-WEBAUTH-REDIRECT
deny ip any host 80.0.80.2
permit ip any any
5) Ensure that the http and https servers are running on the switch:
ip http server
ip http secure-server
6) Ensure that, if the client machine employs any kind of personal firewall, it is disabled.
7) Ensure that the client machine browser is not configured to use any proxies.
8) Verify connectivity between the client machine and the Cisco ISE IP address.
9) If Cisco ISE is deployed in a distributed environment, make sure that the client machines are aware of the Policy Service ISE node FQDN.
10) Ensure that the Cisco ISE FQDN is resolved and reachable from the client machine.
11) Or you need to do re-image again. -
BC4J/UIX: How to implement session timeout and logout?
Hi,
I need to implement logout function in my UIX application. We use JAZN basic authentication. So several things need to be done when user clicks 'logout'
1. Any pending transaction is rolled-back.
2. App Module - what to do with it?
3. Browser closes or redirects to other page. Any attempts to go BACK will show either 'session expired' or will redirect to login page.
Also I need a mechanism where if user is idle for say, 10 minutes, that he/she will be automatically logout (maybe after some warning message). How to do this?
Thanks
RadeWell if you search long enough, you will find your own answers. After months of not having this solved, I found the solution, in a piece of sample code from oracle that is distro with the OC4J stuff.
if (request.getRemoteUser() != null) {
// notes that the application is responsible for cleanup
//invalidate the HttpSession
HttpSession session = request.getSession();
session.invalidate();
String url=null;
oracle.security.jazn.oc4j.WebSSOUtil.globalLogout(response,url);
} else out.println("You are not logged in!");
out.println("</BODY>");
out.println("</HTML>");
This is the piece I was looking for, a way to kill off the SSO session. Now when I click logoff, the user is actually logged off the application and their HTTP session is killed off as well.
Kelly -
SSL termination and URL redirection
Hi All,
I have configured application in cisco ACE module for which i got more requirement for URL redirection.
Application setup is as below.
VIP : 10.232.92.x/24 which is pointing to 2 Web server 10.232.94.x/24 range. In addition to that app team want APP server also need to be loadbalanced hence new VIP is configured for 10.232.92.x/24 which is pointing to 2 different app server 10.232.94.x/24.
Both Web and App servers are having different IP but in same broadcastdomain. SSL termination is done on ACE.
Issue : 1) After initiating connection i am getting login page but after login its again giveing login page. After 2 to 3 trial its giving me application page but with invalid session error.
2) How to do https connection redirecting to different path.
Ex. https://apps.xyz.com to https://apps.xyz.com/abc
configuration :
probe tcp rem_app_tcp
port 2100
interval 5
passdetect interval 10
passdetect count 2
open 1
probe http rem_itsm_https
port 80
interval 5
passdetect interval 10
passdetect count 2
request method get url /keepalive/https.html
expect status 200 200
open 1
serverfarm host app_tcp
predictor leastconns
probe rem_app_tcp
rserver server1 2100
inservice
rserver server2 2100
inservice
serverfarm host rem_https
predictor leastconns
probe rem_itsm_https
rserver server3 80
inservice
rserver server4 80
inservice
action-list type modify http remurlrewrite
ssl url rewrite location "apps\.xyz\.com"
policy-map type loadbalance first-match app_tcp
class class-default
serverfarm app_tcp
policy-map type loadbalance first-match app_https
class class-default
serverfarm rem_https
action remurlrewrite
class-map match-all VIP_rem_app_tcp
2 match virtual-address 10.232.92.8 any
class-map match-all VIP_rem_itsm_https
2 match virtual-address 10.232.92.9 tcp eq https
class-map match-all real_servers_vlan273
2 match source-address 10.232.94.0 255.255.255.0
policy-map multi-match VIPS
class real_servers_vlan273
nat dynamic 1 vlan 273
class VIP_rem_app_tcp
loadbalance vip inservice
loadbalance policy rem_app_tcp
loadbalance vip icmp-reply
class VIP_rem_itsm_https
loadbalance vip inservice
loadbalance policy rem_itsm_https
loadbalance vip icmp-reply
ssl-proxy server Remedy-SSL-PROXYHi Kanwaljeet,
I have applied below config for HTTPS URL redirection. Seems it dint work for me. Redirect serverfarm and policy map was not hitted.
access-list ANY line 8 extended permit ip any any
probe tcp rem_app_tcp
port 2100
interval 5
passdetect interval 10
passdetect count 2
open 1
probe http rem_itsm_https
port 80
interval 5
passdetect interval 10
passdetect count 2
request method get url /keepalive/https.html
expect status 200 200
open 1
ip domain-name nls.jlrint.com
ip name-server 10.226.0.10
ip name-server 10.226.128.10
rserver redirect REDIRECT-TO-HTTPS
webhost-redirection https://%h/arsys 301
inservice
rserver host serv1
ip address 10.232.94.74
inservice
rserver host serv2
ip address 10.232.94.75
inservice
rserver host serv3
ip address 10.232.94.76
inservice
rserver host serv4
ip address 10.232.94.77
inservice
serverfarm redirect REDIRECT-SERVERFARM
predictor leastconns
rserver REDIRECT-TO-HTTPS
inservice
serverfarm host rem_app_tcp
predictor leastconns
probe rem_app_tcp
rserver serv1 2100
inservice
rserver serv2 2100
inservice
serverfarm host rem_itsm_https
predictor leastconns
probe rem_itsm_https
rserver serv3 80
inservice
rserver serv4 80
inservice
ssl-proxy service Remedy-SSL-PROXY
key Remkey.pem
cert Remcert.pem
class-map type management match-any MANAGEMENT_CLASS
3 match protocol ssh any
4 match protocol snmp any
5 match protocol icmp any
6 match protocol http any
7 match protocol https any
class-map match-all VIP_rem_app_tcp
2 match virtual-address 10.232.92.8 any
class-map match-all VIP_rem_itsm_http
2 match virtual-address 10.232.92.9 tcp eq www
class-map match-all VIP_rem_itsm_https
2 match virtual-address 10.232.92.9 tcp eq https
class-map match-all real_servers_vlan273
2 match source-address 10.232.94.0 255.255.255.0
policy-map type management first-match MANAGEMENT_POLICY
class MANAGEMENT_CLASS
permit
policy-map type loadbalance first-match REDIRECT-PM
class class-default
serverfarm REDIRECT-SERVERFARM
policy-map type loadbalance first-match rem_app_tcp
class class-default
serverfarm rem_app_tcp
policy-map type loadbalance first-match rem_itsm_https
class class-default
serverfarm rem_itsm_https
policy-map multi-match VIPS
class real_servers_vlan273
nat dynamic 1 vlan 273
class VIP_rem_itsm_http
loadbalance vip inservice
loadbalance policy REDIRECT-PM
class VIP_rem_itsm_https
loadbalance vip inservice
loadbalance policy rem_itsm_https
loadbalance vip icmp-reply
ssl-proxy server Remedy-SSL-PROXY
class VIP_rem_app_tcp
loadbalance vip inservice
loadbalance policy rem_app_tcp
loadbalance vip icmp-reply
interface vlan 270
description VIP
ip address 10.232.92.4 255.255.255.0
alias 10.232.92.6 255.255.255.0
peer ip address 10.232.92.5 255.255.255.0
access-group input ANY
service-policy input MANAGEMENT_POLICY
service-policy input VIPS
no shutdown
interface vlan 273
description Real server
ip address 10.232.94.66 255.255.255.192
alias 10.232.94.65 255.255.255.192
peer ip address 10.232.94.67 255.255.255.192
access-group input ANY
nat-pool 1 10.232.92.253 10.232.92.253 netmask 255.255.255.0 pat
service-policy input MANAGEMENT_POLICY
service-policy input VIPS
no shutdown -
Session Timeouts and SmbServer
Hi,
When having iFS mapped to a network drive (via SMB), the SMB server
is unable to recover from a timeout of the LibrarySession. The network
drive then seems to be empty and doing a refresh within explorer
doesn't help either. The only thing that helps, is remapping the
network drive.
Within Node.log of iFS I see this stacktrace.
7/10/02 9:02 AM SmbServer: oracle.ifs.common.IfsException
oracle.ifs.common.IfsException: IFS-21000: Session is not connected or has timed-out
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled Code)
at oracle.ifs.common.IfsException.<init>(Compiled Code)
at oracle.ifs.common.IfsException.<init>(Compiled Code)
at oracle.ifs.common.IfsException.<init>(Compiled Code)
at oracle.ifs.beans.LibraryObject.verifyConnected(Compiled Code)
at oracle.ifs.beans.Folder.findPublicObjectByPath(Compiled Code)
at oracle.ifs.beans.FolderPathResolver.findPublicObjectByPath(Compiled Code)
at oracle.ifs.beans.FolderPathResolver.findPublicObjectByPath(Compiled Code)
at oracle.ifs.protocols.smb.server.DbTree$DbQuery.<init>(Compiled Code)
at oracle.ifs.protocols.smb.server.DbTree.getQuery(Compiled Code)
at oracle.ifs.protocols.smb.server.ComTrans.trans2FindFirst(Compiled Code)
at oracle.ifs.protocols.smb.server.ComTrans.replyTransaction2(Compiled Code)
at oracle.ifs.protocols.smb.server.ComTrans.process(Compiled Code)
at oracle.ifs.protocols.smb.server.ComSmb.handleSmbMessage(Compiled Code)
at oracle.ifs.protocols.smb.server.SmbThread.handleNbMessage(Compiled Code)
at oracle.ifs.protocols.smb.server.SmbThread.readPackets(Compiled Code)
at oracle.ifs.protocols.smb.server.SmbThread.run(Compiled Code)
This behavior actually causes us big problems when editing files via MS Office.
Fortunately Office is able to still save it's data using some generated filename.
(At least until now I could not create any data loss)
But then you have to close it, remap then network drive, rename the file and then
reopen the file. This is big trouble to users, which are not familiar with mapping
network drives and renaming files with extensions.
Is there a way to make the SmbServer keep the LibrarySession alive, as long as
the network drive is mapped ?
Regards,
Jens LorenzWorkflow #2:
Login to my account
Click view all email
Open Drafts Folder
Open draft email response
Select "Send" to send email (total in session time of 30 seconds)
On screen reload, where I would expect to see some sort of indication that my email was successfully sent, instead the system throws session time out message and kicks me out.
I have no idea if my email was successfully sent or not.
Workflow #3:
Login to my account
Click view all email
Attempted to open the first new email in my inbox (total time in session <15 seconds)
System throws session timeout error and kicks me out to the main login.
There is obviously something going on with your session holding code. The session variable is not being passed correctly or something but it's very, very frustrating to spend 30-45 minutes trying to type out a couple of lines, particularly when you have multiple important activities going on that you need to respond too via email. -
Session timeout and custom sso
Hi,
can anyone tell me how the session and idle timeout feature in Apex exactly works?
I built several applications in a workspace and do a sso authorization by setting a common cookie name. In addition to that i set the values for session length and idle timeout and assumed that the session length would be synchronized over all applications. But this doesn't seem to work. For instance, i set the idle timeout to 10 minutes in all applications and now i work for 15 minutes continously in application A and after that i switch over to application B (using the same session id!), the session is already expired in B.
Is this behavior correct? And, if yes, how can i set up a synchronization over all applications?
JensAnyone?
-
Session Timeout and DAD Authentication
My application uses the authentication scheme 'No authentication (using DAD)'. The users log in from an external program and the user IDs are captured in the variable remote_user. My authorization scheme checks that the user ID exists in a database table. All this seems to work fine.
However, I need to implement a session timeout on the application. I've followed the steps described in the "Automatic Session Timeouts" utility in the Application Express Studio but when I tried to modify the authentication scheme by adding:
return auth_pkg.check_timeout;
to the Session Verify Function I got the following errors:
No functional attributes may be set when page sentry function is '-DATABASE-'.
and
Session verification function may not be specified if page sentry function is specified.
I'm new to Apex and I don't know where to go from here. Any advice please?
Thanks
MariaMaria,
The usual way to do the authentication part is to use a custom page sentry function. Many examples have been posted on the forum based on the ntlm page sentry code. Search for those keywords here (ntml page sentry) and you should find it easily. Then you can modify it by adding the session timeout logic in that function.
Scott -
Session timeout and session.invalidate() -- are they the same?
I was just wondering when a session timeout occurs (either by setting the session-timeout in web.xml or the server's default timeout), is the session automatically invalidated? Or should we call setMaxInactiveInterval() instead? Or is calling session.invalidate() the only way to invalidate a session?
Hello all,
Both are same in terms of functionality, but if you use both of them like
1: You specified the tag sessionTimeout and
2: in your program the session.maxInactiveIntervalTime( value ) here if the value is(we gave it in terms of seconds like for 40 minutes we give 2400) then the program code will override the value previously set in web.xml
Thanks
Prabhakar -
SAP webdispatcher and URL redirect?
Hi,
I just installed SAP web dispatcher with the purpose of using it (similar to saprouter for sapgui) as single point of entry for all http(s) requests to our SAP systems.
I configured parameters icm/HTTP/redirect_x to accomplish that but to only limited success:
How do I have to set this parameter if I want to accomplish a redirect of the web dispatcher URL (1) to the webgui service running on system ECC (2)?
Example:
1. web dispatcher URL:
http://sapwebdisp:85/ECC/webgui (should be routed to url:)
2. http://saperpecc:8001//sap/bc/gui/sap/its/webgui/!
Is this posssible at all?
Thanks for any hints and tips in advance!Hi
The parameter has the following syntax:
icm/HTTP/redirect_<xx> = PREFIX=<URL prefix>[, FROM=<pattern for URL>, FROMPROT=<incoming protocol>, FOR=<pattern for host name:port>,TO=<new URL prefix>, PROT=<protocol>, HOST=<host>, PORT=<port number/name>]
<xx> must be specified in ascending order from 0.
Optional Parameters
With the optional parameters FROM, FROMPORT and FOR
So your example the parameter would be:-
icm/HTTP/redirect_0 = PREFIX=/,FROM=/ECC/webgui,TO=/sap/bc/gui/sap/its/webgui/!
One point to note is that the URL you have provided has a double slash after the Hostname and Port which might be the root of your problem.
http://saperpecc:8001//sap/bc/gui/sap/its/webgui/!
Another point to note. If you are having problems with redirection via HTTP then HTTPwatch (basic version is freeware) can be used to check how requests are being directed. You can use this for testing your redirects.
Hope this helps.
Michael
Edited by: Michael Mulvey on Nov 11, 2008 5:27 PM -
Portal Session Timeout and Logon Ticket Timeout
Hi All,
Can anyone give me answers to the following:
- If my Portal session times out, but my logon ticket is still valid, will I lose my session data?
- Is there any way of determining the size of a users session information in memory (or the size of all user sessions in memory). I can see in the Monitoring service in Visual Admin the number of sessions but not their individual or total size.
I'm using EP7.
Cheers,
SteveHi,
the Logon Ticket is only used for SSO between the portal and the integrated system. Your session data is stored in the session. If the session times out or gets closed, the session data is lost.
br,
Tobias -
SAP Webdispatcher and URL redirect - 3 systems, one webdispatcher
Good day,
I have the following scenario, webdispatcher in the DMZ that redirects to Enterprise Portal internally.
There is a role in EP which is setup for webgui to 2 seperate ERP systems.
Is it possible to have 3 seperate redirects on the webdispatcher for the external address https://external:port/irj/portal, i.e for
1) host1:port/irj/portal
2) host2:port//sap/bc/gui/sap/its/webgui/!
3) host3:port//sap/bc/gui/sap/its/webgui/!
The portal content works fine, as soon as I access the webgui role, no content is displayed.
Thanks
DerekHi,
If you want to use a single web dispatcher for 3 back office systems (EP, ERP&, ERP2) you need to use release 7.2 at least.
Check
[SAP Web Dispatcher for Multiple Systems|http://help.sap.com/saphelp_nw73/helpdata/en/b0/ebfa88e9164d26bdf1d21a7ef6fc25/frameset.htm]
Regards,
Oliviier -
ADF Faces : session timeout best practice
hi
I made these small modifications to the web.xml file in the SRDemoSample application:
(a) I changed the login-config from this ...
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>infrastructure/SRLogin.jspx</form-login-page>
<form-error-page>infrastructure/SRLogin.jspx</form-error-page>
</form-login-config>
</login-config>... to this
<login-config>
<auth-method>BASIC</auth-method>
</login-config>(b) I changed the session-timeout to 1 minute.
<session-config>
<session-timeout>1</session-timeout>
</session-config>Please consider this scenario:
(1) Run the UserInterface project of the SRDemoSample application in JDeveloper.
(2) Authenticate using "sking" and password "welcome".
(3) Click on the "My Service Requests" tab.
(4) Click on a "Request Id" like "111". You should see a detail page titled "Service Request Information for SR # 111" that shows detail data on the service request.
(5) Wait for at least one minute for the session to timeout.
(6) Click on the "My Service Requests" tab again. I see the same detail page as in (4), now titled "Service Request Information for SR #" and not showing any detail data.
question
What is the best practice to detect such session timeouts and handle them in a user friendly way in an ADF Faces application?
thanks
Jan VerveckenHi,
no. Here's the content copied from a word doc:
A frequent question on the JDeveloper OTN forum, and also one that has been asked by customers directly, is how to detect and graceful handle user session expiry due to user inactivity.
The problem of user inactivity is that there is no way in JavaEE for the server to call the client when the session has expired. Though you could use JavaScript on the client display to count
down the session timeout, eventually showing an alert or redirecting the browser, this goes with a lot of overhead. The main concern raised against unhandled session invalidation due to user
inactivity is that the next user request leads to unpredictable results and errors messages. Because all information stored in the user session get lost upon session expiry, you can't recover the
session and need to start over again. The solution to this problem is a servlet filter that works on top of the Faces servlet. The web.xml file would have the servlet configured as follows
1. <filter>
2. <filter-name>ApplicationSessionExpiryFilter</filter-name>
3. <filter-class>
4. adf.sample.ApplicationSessionExpiryFilter
5. </filter-class>
6. <init-param>
7. <param-name>SessionTimeoutRedirect</param-name>
8. <param-value>SessionHasExpired.jspx</param-value>
9. </init-param>
10. </filter>
This configures the "ApplicationSessionExpiryFilter" servlet with an initialization parameter for the administrator to configure the page that the filter redirects the request to. In this
example, the page is a simple JSP page that only prints a message so the user knows what has happened. Further in the web.xml file, the filter is assigned to the JavaServer Faces
servlet as follows
1. <filter-mapping>
2. <filter-name>ApplicationSessionExpiryFilter</filter-name>
3. <servlet-name>Faces Servlet</servlet-name>
4. </filter-mapping>
The Servlet filter code compares the session Id of the request with the current session Id. This nicely handles the issue of the JavaEE container implicitly creating a new user session for the incoming request.
The only special case to be handled is where the incoming request doesn't have an associated session ID. This is the case for the initial application request.
1. package adf.sample;
2.
3. import java.io.IOException;
4.
5. import javax.servlet.Filter;
6. import javax.servlet.FilterChain;
7. import javax.servlet.FilterConfig;
8. import javax.servlet.ServletException;
9. import javax.servlet.ServletRequest;
10. import javax.servlet.ServletResponse;
11. import javax.servlet.http.HttpServletRequest;
12. import javax.servlet.http.HttpServletResponse;
13.
14.
15. public class ApplicationSessionExpiryFilter implements Filter {
16. private FilterConfig _filterConfig = null;
17.
18. public void init(FilterConfig filterConfig) throws ServletException {
19. _filterConfig = filterConfig;
20. }
21.
22. public void destroy() {
23. _filterConfig = null;
24. }
25.
26. public void doFilter(ServletRequest request, ServletResponse response,
27. FilterChain chain) throws IOException, ServletException {
28.
29.
30. String requestedSession = ((HttpServletRequest)request).getRequestedSessionId();
31. String currentWebSession = ((HttpServletRequest)request).getSession().getId();
32.
33. boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
34.
35. // if the requested session is null then this is the first application
36. // request and "false" is acceptable
37.
38. if (!sessionOk && requestedSession != null){
39. // the session has expired or renewed. Redirect request
40. ((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
41. }
42. else{
43. chain.doFilter(request, response);
44. }
45. }
46.
47. }
This servlet filter works pretty well, except for sessions that are expired because of active session invalidation e.g. when nuking the session to log out of container managed authentication. In this case my
recommendation is to extend line 39 to also include a check if security is required. This can be through another initialization parameter that holds the name of a page that the request is redirected to upon logout.
In this case you don't redirect the request to the error page but continue with a newly created session.
Ps.: For testing and development, set the following parameter in web.xml to 1 so you don't have to wait 35 minutes
1. <session-config>
2. <session-timeout>1</session-timeout>
3. </session-config> Frank
Edited by: Frank Nimphius on Jun 9, 2011 8:19 AM
Maybe you are looking for
-
PO with Overdue delivery in R/3 to test a report in BW
Hi All, I want to test Vendor Performance Report in BW against R/3. How can I identify that a particular PO has overdue delivery (Delivery of goods incomplete by the vendor and still some Qty is outstanding). Can any one suggest a TCode or table. Can
-
Please help? How can i activate second hand ipad if its asking the old apple id password?
-
How do I determine the size of an event queue?
Hi, I'd like to be able to programmatically determine how many events are in queue so that I can change how they are processed based on how far behind the loop is. Is there a way to easily do this in labview? I suppose I could create an identical pa
-
ADF JBO error JBO-25014 after upgrade to 10.1.3(.1)
Hi, We're going through the process of migration testing for our apps (struts and older JBO/BC4J). In this case it's gone pretty well however I'm getting the following error in 10.1.3 and just now, 10.1.3.1 when the app updates a row's finish date: E
-
SOP-Planning type (MC8A): copying data between different columns
Hi everyone, I would be very grateful if someone could tell me whether it is possible to define a macro instruction in a planning type (MC8A) in order to copy a value from one column to another. Thanks in advance and best regards. Ben.