SOAPConnection and HTTP Session ID
Hi,
I have a problem.
I have a HTTPServlet, and a client that sends soap messages to the servlet, I need to keep trace of the session id, with the http connection i could use the setRequestproperty with cookie, but now I don't know how I can do with soap messages.
Is there a method to use the session ID to connect at a particular http session with soap?
Thanks in advance.
Regards
It depends upon which SOAP API you are using as to how you will achieve this but in any case this has to happen on the underlying HTTPURLConnection object...
once you get to this you will need to do something like:
connection.setRequestProperty("Cookie","sessionId=" + sessionId);
where connection is the connection object and [ "sessionId=" + sessionId ] is the name of the cookie you want to set with the associated value.
Remeber though... the important bit with this is the SOAP API that you are using - check the docs for it and you will find out how to do it!!
Similar Messages
-
Is there anyway to share a HTTP session between 2 web contexts?
Both web contexts are running on the same server.
I wanted to redirect a user from one web context to another and the share
session so that
i don't have ask the user to authenticate again and share the session
content from the
previous web context.
Thanks
/selvan
Captura Software, IncTHanks for the info.
I am using WLS 6.1 version.
/selvan
"Cameron Purdy" <[email protected]> wrote in message
news:3ba0b484$[email protected]..
Look at the J2EE / Servlet specs for "single sign on" discussions. I've
never tried it specifically, and I know from others that various releases
either did it by default or didn't seem to support it at all. What WL
version are you using?
Peace,
Cameron Purdy
Tangosol Inc.
<< Tangosol Server: How Weblogic applications are customized >>
<< Download now from http://www.tangosol.com/download.jsp >>
"Selvan Ramasamy" <[email protected]> wrote in message
news:[email protected]..
Is there anyway to share a HTTP session between 2 web contexts?
Both web contexts are running on the same server.
I wanted to redirect a user from one web context to another and the
share
session so that
i don't have ask the user to authenticate again and share the session
content from the
previous web context.
Thanks
/selvan
Captura Software, Inc -
Scope of component session and http session
Hi,
I wish multiple iviews to share the same information. I am unsure however of the scope of portalcomponentsession, as opposed to http session. I have read the docs, and they are unclear as to the life and scope of these 2 sessions within portal. Which one is tied to the user? And which one is available over multiple iviews.
I would appreciate any help with this
Thanks
MarianaHi Mariana,
> I am sorry
No problem at all
> I did not want to close the topic by mistake
Just for explanation: If you give ten points (they call it blue, my eyes say black), this star is marked in the overview and somehow displaying "solved". In addtion, if you have marked a question as question, you can mark it as answered. As long as you don't do one of both things, you can reward points (2, 6) also in between without trimming your chances to get additional answers.
> I did not de-mark the question,
> I just replied to the post.
When you initially opened the thread (that was no reply), it <i>seems</i> that you've de-marked this thread as question (the standard is: it is a question).
Anyhow, some people seem to have made the experience that they definitely did not de-mark the thread as question, but it wasn't marked as question, anyhow.
In this case, a short and friendly mail to [email protected] with the problem stated and alink to the thread concernced will help to repair everything...
Best regards
Detlev -
Maintaining Sessions between http and https
I have a web application in which I want my users to view the login page over SSL and send the login request via SSL also, but then I want to revert back to http://
My problem is, and i've seen this problem on loads of boards with no real resolution, during the login I set some objects with in the session that are used to display information in other parts of the site... but the session object is being lost!!!
I am using Tomcat as my web server, I saw an article on JavaWorld titled "mix protocols transparently in web applications", and apparently to over come this problem if you are using WebLogic 6.1 there is a parameter in the weblogic.xml file that must be configured, but I cant find a similar one on Tomcat!!!
Thanks in advanceThanks a million for the answer, I have got it working now, but I had to do something a little different for any one else who experiances this problem I'll go through it... I set an attribute in the context which was named the the value of the current session id and contianed the session object. Then when leaving the login handeling in my dispatcher servlet I apended the session id to the url of the next jsp called. In this jsp then I retrived the "secure session" object from the context, this so far is what you suggested.
But then I had to loop through "non secure session" object's attributes and set them in the "non secure session" object, that is I was not just able to reset the "non secure session" object equal to the "secure session" object as when I went on to the next page it was reset to the "non secure session" object again!
The fact that the session object is changed when moving between http and https is (according to Tomcat buglist) a bug of Tomcat 4.1 and did not occur in tomcat 3.2 -
How to view and change HTTP Session Size
For the SAP Web AS Java, how can i check what size is set for the http session object?
Thanks,
HarisHey Vincert,
Is that parameter maintained on the ABAP stack or the Java stack.
Specifically i would like to know if the HTTP session object size is viewable/modifiable for Portal (hence standalone Java stack). I believe Portal does not have ICM.
Thanks,
Haris -
Https front end and http backend
Hi there....I am having a small issue....I have a web app that is https based....I have installed the cert on the CSS, and DNS for this app points to the VIP....the client is wanting to have an https front end, and then load balance in http to the backend servers....the issue I am running into is that this only works if I have an active port 80 rule on that same VIP....if I suspend the port 80 rule and only leave the port 443 rule active on that VIP, it doesn't work....please see appropriate config portions below....Thanks in advance!
Sandeep
ANy suggestions? I have been trying this for a couple of days now...it works fine if the backend sessions are also https, but the client has changed their requirement....
ssl-proxy-list SSL1
ssl-server 1
ssl-server 1 rsakey app1-test
ssl-server 1 rsacert app1-test
ssl-server 1 vip address 10.19.55.10
ssl-server 1 cipher rsa-with-rc4-128-md5 10.19.55.10 81
backend-server 1
backend-server 1 port 81
backend-server 1 server-ip 10.19.55.132
backend-server 1 ip address 10.19.55.132
backend-server 2
backend-server 2 port 81
backend-server 2 server-ip 10.19.55.133
backend-server 2 ip address 10.19.55.133
backend-server 3
backend-server 3 port 83
backend-server 3 server-ip 10.19.55.132
backend-server 3 ip address 10.19.55.132
backend-server 4
backend-server 4 port 83
backend-server 4 server-ip 10.19.55.133
backend-server 4 ip address 10.19.55.133
backend-server 5
backend-server 5 port 85
backend-server 5 server-ip 10.19.55.132
backend-server 5 ip address 10.19.55.132
backend-server 6
backend-server 6 port 85
backend-server 6 server-ip 10.19.55.133
backend-server 6 ip address 10.19.55.133
active
service webserver002:81
ip address 10.19.55.132
port 81
keepalive port 2199
keepalive type tcp
protocol tcp
active
service webserver003:81
ip address 10.19.55.133
port 81
keepalive port 2199
keepalive type tcp
protocol tcp
add ssl-proxy-list SSL1
active
service webserver002:83
ip address 10.19.55.132
port 83
add ssl-proxy-list SSL1
keepalive port 2399
keepalive type tcp
protocol tcp
active
service webserver003:83
ip address 10.19.55.133
port 83
keepalive port 2399
keepalive type tcp
protocol tcp
add ssl-proxy-list SSL1
active
service webserver002:85
ip address 10.19.55.132
port 85
add ssl-proxy-list SSL1
keepalive port 2599
keepalive type tcp
protocol tcp
active
service webserver003:85
ip address 10.19.55.133
port 85
keepalive port 2599
keepalive type tcp
protocol tcp
add ssl-proxy-list SSL1
active
service SSL_Front
slot 2
type ssl-accel
keepalive type none
add ssl-proxy-list SSL1
active
owner app1-test
content app-test_back
vip address 10.19.55.10
add service webserver002:81
add service webserver003:81
add service webserver002:83
add service webserver003:83
add service webserver002:85
add service webserver003:85
balance aca
protocol tcp
port 81
active
content app1-test_front
vip address 10.19.55.10
application ssl
add service SSL_Front
protocol tcp
port 443
advanced-balance ssl
balance aca
activeThanks for the quick reply....there is another port 80 rule setup for that vip....I was using that to test with the app until I got the front end https rules working....
my port 80 rules just says listen to 10.19.55.10 on port 80 and load balance btwn the webervers on port 8x in the back end...
I am trying to do https front end and http backend....
no where in my SSL config have I configured port 80....but when I suspend that rule it all fails....
I am wondering if the backend server sessions are happening properly?
I don't fully get what you mean by "You need to have the rule in port 443 to match traffic coming from the client and the clear text rule (port 81) to match traffic already decrypted coming from the SSL module"
Haven'tI done that?
Thanks again!
Sandeep -
Under Excel Service Application --> session management; what is the difference between Session timeout and Short Session timeout?
Any call made from the API will automatically be set to the “Session Timeout” period, no matter
what. Calls made from EWA (Excel Web Access) will get the “Short Session Timeout” period assigned to it initially.
Short Session Timeout and Session Timeout in Excel Services
Short Session Timeout and Session Timeout in Excel Services - Part 2
Sessions and session time-outs in Excel Services
above links are from old version but still applies to all.
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog -
How to close a HTTP session when a user closes the window
Hi,
I am having problems when closing the browser of a BW web report. After I closed the browser by going File->close, I ran SM04 and found out the Plugin HTTP session hangs at the server side.
How can we terminate the Plugin HTTP session at the server side when user closes the internet browser?
I did implement a logoff function at my web template and this was implimented on the Menu page, if user clicks on the logoff, the Plugin HTTP session is terminated at server side correctly.
If user navigates to the other pages from the main page... then the logoff function was not implimented in the other pages. So many of the users are closing the windows directly. Eevn if we impliment logoff in all the subpages, As you know, 50% of time user will close the report by closing the internet browser instead of clicking the logoff. That leaves lots of hanging Plugin HTTP sessions at our server side.
Regards,
TonyHi,
And also take a look on the Genral property of the web template. We solved this problem by changing only this property (no extra things).
<b>Property: Value</b>
Automatic Session Management: Active
With rgds,
Anil Kumar Sharma .P
Message was edited by: Anil Kumar Sharma -
Bw web report plugin http session hangs at the server side
Hi,
I am having problems when closing the browser of a BW web report. After I closed the browser by going File->close, I ran SM04 and found out the Plugin HTTP session hangs at the server side.
How can we terminate the Plugin HTTP session at the server side when user closes the internet browser?
I did implement a logoff function at my web template, if user clicks on the logoff, the Plugin HTTP session is terminated at server side correctly. But As you know, 50% of time user will close the report by closing the internet browser instead of clicking the logoff. That leaves lots of hanging Plugin HTTP sessions at our server side.
By the way, we actived our BEX service at the SICF.
Thanks for help!
JAHi
If you want to avoid a blank page with logoff button, add opener=0
<a href="<SAP_BW_URL CMD='LOG_OFF' ~command='logoff'
>" onClick="javascript:window.close(opener=0);">Log off</a>
If you want to close the session via X, use this code:
create a sapscript function
function closeSession()
logoff()
window.unload=CloseSession()
However, the Plugin HTTP session isn't killed.
Regards -
In-memory replication of http session is not working in BEA7 cluster
Hi everyone,
I have 3 managed servers in Bea7.0 SP4 in a cluster. The client requests are sent
through apache web server. I have given cluster address as URL in httpd.conf of
apache server which sends the client requests for dynamic pages such as JSPs and
servlets to the weblogic cluster.
Load balancing is working fine. I ensured this from the log files of all the 3
servers. All the 3 servers are getting different client requests and thus load
balancing is working.
Now, I wanted to achieve Fail-over. I do not think that i should use proxy plug-in
for this. I feel the cluster itself will handle fail-over provided i make the
http session as memory replicated.
I updated the weblogic.xml with the following entry :
<session-descriptor>
<param-name>PersistentStoreType</param-name>
<param-value>replicated</param-value>
</session-param>
</session-descriptor>
I guess this is sufficient to make the http session as cluster aware.
But when I shutdown server1, the user connected to server1 will be kicked out
of the session and come to login page through server2 or server3 which are running
fine.
Could anyone help me to achieve http session as cluster aware. Does it indicate
that I have to go for WLS proxy – HttpClusterServlet to achieve fail over for
http session ?
BTW, for your info, i am using setAttribute() and getAttribute() while manipulating
the session.
thanks in advance.
Hi Ryan,
Thanks for ur valuable input.
I can see failover working.
But, I can not continue with the same session in my application.
I printed session Ids before and after failover, I found both are different.
I guess session replication is a responsibility of weblogic/apache plugin.
If not please let me know which all settings I should do to make failover working?
Thanks again.
Plad
"ryan upton" <ryanjupton at learningvoyage dot com> wrote:
>Plad,
>
>Are you trying to gracefully shut down the server? If you are then the
>problem that you say you can't identify is simply the server's default
>behavior which is to wait for all non-replicated sessions to be dropped
>or
>timed out before killing the process. Try forcing the shutdown: kill
>-9 the
>PID or CTRL-C if you started the server from the command line. You can
>also
>check the ``Ignore Sessions During Shutdown" checkbox under the server's
>control tab in the admin console, this should allow you to shut down
>gracefully without waiting for session timeout. BTW your sequence is
>off
>in #5 below, the replication doesn't occur upon failure, the replication
>has
>already happened once you created the session object on the first server,
>I
>think maybe you're confusing replication with failover.
>
>~RU
>
>"Plad" <[email protected]> wrote in message
>news:[email protected]...
>>
>> Hi,
>> I have 2 managed servers in a cluster.
>>
>> 1. I have got a DNS name configured which maps to these 2 managed server's
>IP
>> addresses.
>> 2. I can browse my site using this DNS name.
>> In HTTPD.conf I have :
>>
>> ServerName dev.a.b.net
>>
>> <IfModule mod_weblogic.c>
>> WebLogicCluster 10.1.38.232:7023,10.1.34.51:7023
>> MatchExpression *.*
>> </IfModule>
>>
>> LoadModule weblogic_module modules/mod_wl_20.so
>>
>> 3. I have adeded session descriptor in weblogic.xml , also enabled
>proxy
>plugin
>> in weblogic console.
>>
>> 4. I tested accessing my application using DNS url after shutting down
>alternatively
>> each manaed server. I can access application.
>>
>> 5. Now, problem comes when I access a managed server1 , keeping server2
>down.
>> I am able to access my application.
>> Now, I start the server2.
>> (Here I am supposing that replication should occur)
>> Then I am shutting down server1.
>> But, this time the server log shows me following:
>>
>>
>> 9:58:51 AM GMT+05:30 NOTICE Web application(s) chlist still have
>non-replicated
>> sessions after 2 minutes of initiating SUSPEND. Waiting for non-replicated
>sessions
>> to finish.
>> 10:00:51 AM GMT+05:30 NOTICE Web application(s) chlist still have
>non-replicated
>> sessions after 4 minutes of initiating SUSPEND. Waiting for non-replicated
>sessions
>> to finish.
>>
>> I am unable to make out where the problem is?
>> Can it be a problem of Liecense? Is there any specialcluster liecense
>for
>weblogic8?
>>
>> Hoping to get replies.
>> Thanx.
>> Plad
>>
>> "ryan upton" <ryanjupton at learningvoyage dot com> wrote:
>> >See my reply to your first post, but I've also added a few comments
>here.
>> >
>> >"jyothi" <[email protected]> wrote in message
>> >news:[email protected]...
>> >>
>> >> I guess someone from bea support team only can answer both your
>question
>> >and mine.
>> >> As per my knowledge, we do not need to do any setup at Apache
>side
>> >regarding
>> >> cluster other than mentioning cluster address as URL while
>contacting
>> >WLS
>> >> from apache.
>> >>
>> >> I hope someone from Bea, will help us. I do not think that we
>> >go for
>> >WLS
>> >> proxy plug-in using HttpClusterServlet for making session replication.
>> > I
>> >strongly
>> >> feel that the cluster itself be able to manage the fail-over of
>> >http
>> >sessions
>> >> provided we put the entry "PersistentStoreType" in weblogic.xml
>> >regarding
>> >> the session replication.
>> >>
>> >
>> >The cluster does handle the management of Sessions. The clustered
>> >applications still create the Session objects and the cluster manages
>> >them
>> >as per your deployment descriptor settings (replicated, JDBC, File)
>however
>> >the proxy has to be aware of which server the client has an affinity
>> >for
>> >(only with replicated sessions) and it does that by reading a cookie
>> >passed
>> >back from the server that handled the initial request and created
>the
>> >primary session object. The proxy has a list of both the primary
>and
>> >secondary server locations from this cookie that it can use to failover
>> >the
>> >request if the primary server fails. Clusters _DO NOT_ failover nor
>> >do they
>> >load balance, that's the job of your proxy, whether you're using the
>> >HTTPClusterServlet, WLS Plug-in or a more sophisticated hardware load
>> >balancer like Big IPs F5
>> >
>> >> jyothi
>> >>
>> >
>> >~RU
>> >
>> >
>>
>
>
-
Redirect service from http to https, session is lost
I have setup two web sites using NT 4.0 IIS so that both
"http://nossl/mybeanbeans" and "https://ssltest/mybeanbeans"
can execute the commerce server mybuybeans example.
Then I modify the shoppingCartDetail.jsp and commandAssembler.jsp
(files attached) hoping that when I click the "Checkout" button
on the Shopping Cart screen, it will redirect the service from
http to https.
The URL is redirected to "https" but it depicts the welcome page
instead of showing the Order Check Out page.
Previous session information is lost.
Can anyone help me?
Thanks
<!-- Copyright (c) 2000 by BEA Systems, Inc. All Rights Reserved. -->
<%@ page errorPage="../error.jsp" %>
<%@ page import="java.lang.reflect.*" %>
<%@ page import="theory.smartx.command.*" %>
<%@ page import="examples.buybeans.client.*" %>
<%@ page extends="com.beasys.commerce.portal.admin.PortalJspBase" %>
<%@ page implements="BuyBeansJspConstants" %>
<pt:monitorsession />
<%@ include file="monitorSessionTracker.jsp" %>
<%
// Get the Command class name to instantiate
String commandClassName = request.getParameter(COMMAND_CLASS_NAME_PARAM);
System.out.println("COMMAND_CLASS_NAME_PARAM : " + commandClassName);
if (commandClassName != null) {
// Get the BuyBeansSessionTracker
BuyBeansSessionTracker sessionTracker = (BuyBeansSessionTracker)session.getValue(com.beasys.commerce.portal.admin.PortalAdminHelper.qualifiedName(BUYBEANS_SESSION_TRACKER_KEY ,request));
// Construct an array of 1 element to hold the BuyBeansSessionTracker
// parameter type that the constructor takes.
Class constructorParamTypes[] = new Class[1];
constructorParamTypes[0] = sessionTracker.getClass();
try {
// Get the Class for the concrete Command
Class commandClass = Class.forName(commandClassName);
// Get constructor that takes the BuyBeansSessionTracker as argument
Constructor commandClassCtor = commandClass.getConstructor(constructorParamTypes);
// Set the BuyBeansSessionTracker argument for the constructor
Object ctorParams[] = new Object[1];
ctorParams[0] = sessionTracker;
// Create the instance of the concrete Command
Command command = (Command) commandClassCtor.newInstance(ctorParams);
// Pass the HttpRequest to the command so that it can
// read the parameter and then execute it.
command.assemble(request);
// Store the outstanding command in the session tracker so that
// the main portal page can execute it.
sessionTracker.setCommand(command);
setOverrideDestination(request, getHomePage(request));
%>
<%-- Added by Warren --%>
<%
String queryString = request.getQueryString();
String encodeURL=response.encodeURL(getTrafficURI(request));
String redirectURL=response.encodeRedirectURL("https://ssltest"+encodeURL);
System.out.println("====================");
System.out.println("queryString:" + queryString);
System.out.println("encodeURL:" + encodeURL);
System.out.println("redirectURL:" + redirectURL);
System.out.println("========before sendRedirect============");
response.sendRedirect(redirectURL);
System.out.println("========after sendRedirect============");
%>
<%
System.out.println("======== end commandAssemblerSSL ============");
catch (ClassNotFoundException cnfe) {
throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, cnfe);
catch (NoSuchMethodException nsme) {
throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, nsme);
catch (IllegalAccessException illegalAccessEx) {
throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, illegalAccessEx);
catch (IllegalArgumentException illegalArgEx) {
throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, illegalArgEx);
catch (InstantiationException ie) {
throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, ie);
catch (InvocationTargetException ite) {
throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, ite);
%>
<!-- Copyright (c) 2000 by BEA Systems, Inc. All Rights Reserved. -->
<%@ taglib uri="lib/wljsp.jar" prefix="wl" %>
<%@ taglib uri="lib/esportal.jar" prefix="pt" %>
<%@ page errorPage="../error.jsp" %>
<%@ page import="com.beasys.commerce.portal.Portlet" %>
<%@ page import="examples.buybeans.client.*" %>
<%@ page import="theory.smart.ebusiness.item.*" %>
<%@ page import="theory.smart.ebusiness.order.*" %>
<%@ page import="theory.smart.axiom.units.*" %>
<%@ page import="com.beasys.commerce.portal.tags.PortalTagConstants" %>
<%@ page extends="com.beasys.commerce.portal.admin.PortalJspBase"%>
<%@ page implements="BuyBeansJspConstants"%>
<pt:monitorsession />
<%@ include file="monitorSessionTracker.jsp" %>
<SCRIPT LANGUAGE="JavaScript">
<!--
function submitShoppingCartDetailsForm(commandClassName, bbContent)
document.ShoppingCartDetailForm.<%= COMMAND_CLASS_NAME_PARAM %>.value = commandClassName;
document.ShoppingCartDetailForm.<%= BUYBEANS_CONTENT_PARAM %>.value = bbContent;
document.ShoppingCartDetailForm.submit();
//-->
</SCRIPT>
<%
BuyBeansSessionTracker sessionTracker = (BuyBeansSessionTracker)getSessionValue( BUYBEANS_SESSION_TRACKER_KEY, request );
// Get the current Order
Order currOrder = sessionTracker.getEBusinessSession().getOrder();
// Get all the items in the cart as a Vector of orderlines from the session tracker
java.util.Vector orderLines = sessionTracker.getCartOrderLines();
%>
<!-- Display the items from the shopping cart -->
<table width="99%" border="0" cellspacing="0" cellpadding="0" align="center">
<tr bgcolor=FFFFFF>
<td> </td>
<tr bgcolor="#FFFFFF">
<td>
<table width="95%" border="0" cellspacing="0" cellpadding="3" align="center" dwcopytype="CopyTableRow">
<tr>
<td colspan="6"><font face="Arial, Helvetica, Verdana, sans-serif"><%@ include file="contentMessages.jsp" %></font></td>
</tr>
<tr>
<td colspan="6"> <%= JspHelperBase.formatAsTitle("Shopping Cart - SSL*** ") %> </td>
</tr>
<tr>
<td><font face="Arial,Helvetica,sans-serif" color="#666600" size="2"><b>Product ID</b></font></td>
<td><font face="Arial,Helvetica,sans-serif" color="#666600" size="2"><b>Description</b></font></td>
<td><font face="Arial,Helvetica,sans-serif" color="#666600" size="2"><b>Quantity</b></font></td>
<td align="right"><font face="Arial,Helvetica,sans-serif" color="#666600" size="2"><b>Price</b></font></td>
<td align="right"><font face="Arial,Helvetica,sans-serif" color="#666600" size="2"><b>Subtotal</b></font></td>
<td></td>
</tr>
<form method="get" name="ShoppingCartDetailForm" action="<%= response.encodeURL(getTrafficURI(request)) %>" >
<%
// Declare a currency format type
Quantity one = QuantityHome.create();
one.setCount(1);
// Print out all the items in the cart
for(int i = 0; i<orderLines.size(); i++ ) {
OrderLine currOrderLine = (OrderLine)orderLines.elementAt(i);
Item myItem = currOrderLine.getItem();
ItemValue iv = myItem.getItemByValue();
String desc = iv.description;
String id = iv.identifier;
// Specify the color of the row
String rowColor = (i%2 == 0) ? ROW_BACKGROUND_COLOR_1 : ROW_BACKGROUND_COLOR_2 ;
// Specify the name of the quantity text field - name it as qty+i
String qtyInputName = ORDER_QUANTITY + i;
// Specify the name of the remove checkbox
String removeInputName = REMOVE_CHECKED + i;
%>
<!-- print out the details of each item -->
<tr bgcolor="<%= rowColor %>">
<td><%= id %></td>
<td><%= desc %></td>
<td>
<input type="text" name="<%= qtyInputName %>" size=3 maxlength=3 value= "<%= JspHelperBase.formatQuantityAsInteger(currOrderLine.getQuantity()) %>" >
</td>
<td align="right"><%= JspHelperBase.formatPriceAsCurrency(myItem.calculatePrice(one, null)) %></td>
<td align="right"><%= JspHelperBase.formatPriceAsCurrency(currOrderLine.getLinePrice(null)) %></td>
<td><input type="checkbox" name="<%= removeInputName %>" value="<%=REMOVE_CHECKED %>" > Remove </td>
</tr>
<%
%>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td align="right"> <font face="Arial,Helvetica,sans-serif" size="3" color="#666600"><b>Total:</b></font></td>
<td>
<div align="right"><font face="Arial, Helvetica, sans-serif" size="3" color="#990000"><b><%= JspHelperBase.formatPriceAsCurrency(currOrder.getTotalPrice()) %>
</b> </font> </div>
</td>
<td>
<input type="button" name="<%=UPDATE_CART_BUTTON %>"
onClick="submitShoppingCartDetailsForm('examples.buybeans.client.UpdateShoppingCartCommand', '<%= SHOPPING_CART_DETAILS_JSP %>')"
value="Update">
</td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td>
<input type="button" name="<%=CHECKOUT_BUTTON %>"
onClick="submitShoppingCartDetailsForm('examples.buybeans.client.CheckOutCommand', '<%= CHECKOUT_JSP %>')"
value="Checkout">
</td>
</tr>
<tr colspan="6">
<td> </td>
</tr>
<%-- DESTINATION_TAG is required because the form action goes to getTrafficURI() --%>
<%-- In this case, the destination is the command assembler --%>
<%-- <input type=hidden name="<%= DESTINATION_TAG %>" value="<%= COMMAND_ASSEMBLER_JSP %>"> --%>
<%-- The following line is used for testing SSL redirect --%>
<input type=hidden name="<%= DESTINATION_TAG %>" value="/portals/buybeans/portlets/commandAssemblerSSL.jsp" >
<%-- The following two parameters are set by the JavaScript function based --%>
<%-- on the button that the user presses (default value are provided ) --%>
<input type=hidden name="<%= BUYBEANS_CONTENT_PARAM %>" value="<%= SHOPPING_CART_DETAILS_JSP %>">
<input type=hidden name="<%= COMMAND_CLASS_NAME_PARAM %>" value="examples.buybeans.client.UpdateShoppingCartCommand">
</form>
</table>
</td>
</tr>
<tr>
<td> </td>
</tr>
</table>
the problem is when the cookie is exchanged between the browser
and the app server IE treats request coming from http://bc.com:7001
and http://bc.com:7002 as one and the same : so the browser maintains
the same session but netscape treats this as responses coming from two
different servers and hence u lost the session.
I assume u are having this problem with netscape and not IE.
the solution is set this property in the weblogic.properties file
weblogic.httpd.session.cookie.domain=.bc.com
-Sumanth
"senthil ramiah" <[email protected]> wrote in message
news:[email protected]...
>
> Hi,
> Did you receive any replies for this question.
> thanx
> senthil
>
> Warren Li <[email protected]> wrote:
> >
> >I have setup two web sites using NT 4.0 IIS so that both
> > "http://nossl/mybeanbeans" and "https://ssltest/mybeanbeans"
> >can execute the commerce server mybuybeans example.
> >
> > Then I modify the shoppingCartDetail.jsp and commandAssembler.jsp
> > (files attached) hoping that when I click the "Checkout" button
> > on the Shopping Cart screen, it will redirect the service from
> > http to https.
> >
> >The URL is redirected to "https" but it depicts the welcome page
> > instead of showing the Order Check Out page.
> > Previous session information is lost.
> >
> >Can anyone help me?
> >
> >Thanks
> >
> >
> >
> ><!-- Copyright (c) 2000 by BEA Systems, Inc. All Rights Reserved. -->
> >
> ><%@ page errorPage="../error.jsp" %>
> ><%@ page import="java.lang.reflect.*" %>
> ><%@ page import="theory.smartx.command.*" %>
> ><%@ page import="examples.buybeans.client.*" %>
> >
> ><%@ page extends="com.beasys.commerce.portal.admin.PortalJspBase" %>
> ><%@ page implements="BuyBeansJspConstants" %>
> >
> ><pt:monitorsession />
> >
> ><%@ include file="monitorSessionTracker.jsp" %>
> >
> ><%
> > // Get the Command class name to instantiate
> > String commandClassName =
request.getParameter(COMMAND_CLASS_NAME_PARAM);
> > System.out.println("COMMAND_CLASS_NAME_PARAM : " + commandClassName);
> > if (commandClassName != null) {
> >
> > // Get the BuyBeansSessionTracker
> > BuyBeansSessionTracker sessionTracker =
(BuyBeansSessionTracker)session.getValue(com.beasys.commerce.portal.admin.Po
rtalAdminHelper.qualifiedName(BUYBEANS_SESSION_TRACKER_KEY ,request));
> >
> > // Construct an array of 1 element to hold the
BuyBeansSessionTracker
> > // parameter type that the constructor takes.
> > Class constructorParamTypes[] = new Class[1];
> > constructorParamTypes[0] = sessionTracker.getClass();
> >
> > try {
> > // Get the Class for the concrete Command
> > Class commandClass = Class.forName(commandClassName);
> >
> > // Get constructor that takes the BuyBeansSessionTracker as
argument
> > Constructor commandClassCtor =
commandClass.getConstructor(constructorParamTypes);
> >
> > // Set the BuyBeansSessionTracker argument for the constructor
> > Object ctorParams[] = new Object[1];
> > ctorParams[0] = sessionTracker;
> >
> > // Create the instance of the concrete Command
> > Command command = (Command)
commandClassCtor.newInstance(ctorParams);
> >
> > // Pass the HttpRequest to the command so that it can
> > // read the parameter and then execute it.
> > command.assemble(request);
> >
> > // Store the outstanding command in the session tracker so that
> > // the main portal page can execute it.
> > sessionTracker.setCommand(command);
> > setOverrideDestination(request, getHomePage(request));
> >%>
> >
> ><%-- Added by Warren --%>
> ><%
> > String queryString = request.getQueryString();
> > String encodeURL=response.encodeURL(getTrafficURI(request));
> > String
redirectURL=response.encodeRedirectURL("https://ssltest"+encodeURL);
> > System.out.println("====================");
> > System.out.println("queryString:" + queryString);
> > System.out.println("encodeURL:" + encodeURL);
> > System.out.println("redirectURL:" + redirectURL);
> > System.out.println("========before sendRedirect============");
> > response.sendRedirect(redirectURL);
> > System.out.println("========after sendRedirect============");
> >%>
> >
> ><%
> > System.out.println("======== end commandAssemblerSSL ============");
> > }
> > catch (ClassNotFoundException cnfe) {
> > throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, cnfe);
> > }
> > catch (NoSuchMethodException nsme) {
> > throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, nsme);
> > }
> > catch (IllegalAccessException illegalAccessEx) {
> > throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600,
illegalAccessEx);
> > }
> > catch (IllegalArgumentException illegalArgEx) {
> > throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600,
illegalArgEx);
> > }
> > catch (InstantiationException ie) {
> > throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, ie);
> > }
> > catch (InvocationTargetException ite) {
> > throw new ApplicationException(BUYBEANS_CATALOG_NAME, 600, ite);
> > }
> > }
> >
> >%>
> >
> >
> ><!-- Copyright (c) 2000 by BEA Systems, Inc. All Rights Reserved. -->
> >
> ><%@ taglib uri="lib/wljsp.jar" prefix="wl" %>
> ><%@ taglib uri="lib/esportal.jar" prefix="pt" %>
> >
> ><%@ page errorPage="../error.jsp" %>
> ><%@ page import="com.beasys.commerce.portal.Portlet" %>
> ><%@ page import="examples.buybeans.client.*" %>
> ><%@ page import="theory.smart.ebusiness.item.*" %>
> ><%@ page import="theory.smart.ebusiness.order.*" %>
> ><%@ page import="theory.smart.axiom.units.*" %>
> ><%@ page import="com.beasys.commerce.portal.tags.PortalTagConstants" %>
> >
> ><%@ page extends="com.beasys.commerce.portal.admin.PortalJspBase"%>
> ><%@ page implements="BuyBeansJspConstants"%>
> >
> >
> ><pt:monitorsession />
> >
> ><%@ include file="monitorSessionTracker.jsp" %>
> >
> ><SCRIPT LANGUAGE="JavaScript">
> ><!--
> >function submitShoppingCartDetailsForm(commandClassName, bbContent)
> >{
> > document.ShoppingCartDetailForm.<%= COMMAND_CLASS_NAME_PARAM %>.value
= commandClassName;
> > document.ShoppingCartDetailForm.<%= BUYBEANS_CONTENT_PARAM %>.value =
bbContent;
> > document.ShoppingCartDetailForm.submit();
> >}
> >//-->
> ></SCRIPT>
> >
> ><%
> > BuyBeansSessionTracker sessionTracker =
(BuyBeansSessionTracker)getSessionValue( BUYBEANS_SESSION_TRACKER_KEY,
request );
> >
> > // Get the current Order
> > Order currOrder = sessionTracker.getEBusinessSession().getOrder();
> >
> > // Get all the items in the cart as a Vector of orderlines from the
session tracker
> > java.util.Vector orderLines = sessionTracker.getCartOrderLines();
> >%>
> >
> >
> ><!-- Display the items from the shopping cart -->
> > <table width="99%" border="0" cellspacing="0" cellpadding="0"
align="center">
> > <tr bgcolor=FFFFFF>
> > <td> </td>
> > <tr bgcolor="#FFFFFF">
> > <td>
> > <table width="95%" border="0" cellspacing="0" cellpadding="3"
align="center" dwcopytype="CopyTableRow">
> > <tr>
> > <td colspan="6"><font face="Arial, Helvetica, Verdana,
sans-serif"><%@ include file="contentMessages.jsp" %></font></td>
> > </tr>
> > <tr>
> > <td colspan="6"> <%= JspHelperBase.formatAsTitle("Shopping
Cart - SSL*** ") %> </td>
> > </tr>
> > <tr>
> > <td><font face="Arial,Helvetica,sans-serif" color="#666600"
size="2"><b>Product ID</b></font></td>
> > <td><font face="Arial,Helvetica,sans-serif" color="#666600"
size="2"><b>Description</b></font></td>
> > <td><font face="Arial,Helvetica,sans-serif" color="#666600"
size="2"><b>Quantity</b></font></td>
> > <td align="right"><font face="Arial,Helvetica,sans-serif"
color="#666600" size="2"><b>Price</b></font></td>
> > <td align="right"><font face="Arial,Helvetica,sans-serif"
color="#666600" size="2"><b>Subtotal</b></font></td>
> > <td></td>
> > </tr>
> >
> > <form method="get" name="ShoppingCartDetailForm" action="<%=
response.encodeURL(getTrafficURI(request)) %>" >
> > <%
> > // Declare a currency format type
> > Quantity one = QuantityHome.create();
> > one.setCount(1);
> >
> > // Print out all the items in the cart
> > for(int i = 0; i<orderLines.size(); i++ ) {
> > OrderLine currOrderLine =
(OrderLine)orderLines.elementAt(i);
> > Item myItem = currOrderLine.getItem();
> > ItemValue iv = myItem.getItemByValue();
> > String desc = iv.description;
> > String id = iv.identifier;
> >
> > // Specify the color of the row
> > String rowColor = (i%2 == 0) ? ROW_BACKGROUND_COLOR_1 :
ROW_BACKGROUND_COLOR_2 ;
> >
> > // Specify the name of the quantity text field - name
it as qty+i
> > String qtyInputName = ORDER_QUANTITY + i;
> >
> > // Specify the name of the remove checkbox
> > String removeInputName = REMOVE_CHECKED + i;
> >
> >
> > %>
> > <!-- print out the details of each item -->
> > <tr bgcolor="<%= rowColor %>">
> > <td><%= id %></td>
> > <td><%= desc %></td>
> > <td>
> > <input type="text" name="<%= qtyInputName %>" size=3
maxlength=3 value= "<%=
JspHelperBase.formatQuantityAsInteger(currOrderLine.getQuantity()) %>" >
> > </td>
> > <td align="right"><%=
JspHelperBase.formatPriceAsCurrency(myItem.calculatePrice(one, null))
%></td>
> > <td align="right"><%=
JspHelperBase.formatPriceAsCurrency(currOrderLine.getLinePrice(null))
%></td>
> > <td><input type="checkbox" name="<%= removeInputName %>"
value="<%=REMOVE_CHECKED %>" > Remove </td>
> > </tr>
> > <%
> > }
> > %>
> > <tr>
> > <td> </td>
> > <td> </td>
> > <td> </td>
> > <td align="right"> <font face="Arial,Helvetica,sans-serif"
size="3" color="#666600"><b>Total:</b></font></td>
> > <td>
> > <div align="right"><font face="Arial, Helvetica,
sans-serif" size="3" color="#990000"><b><%=
JspHelperBase.formatPriceAsCurrency(currOrder.getTotalPrice()) %>
> > </b> </font> </div>
> > </td>
> > <td>
> > <input type="button" name="<%=UPDATE_CART_BUTTON %>"
> >
onClick="submitShoppingCartDetailsForm('examples.buybeans.client.UpdateShopp
ingCartCommand', '<%= SHOPPING_CART_DETAILS_JSP %>')"
> > value="Update">
> > </td>
> > </tr>
> > <tr>
> > <td> </td>
> > <td> </td>
> > <td> </td>
> > <td> </td>
> > <td> </td>
> > <td>
> > <input type="button" name="<%=CHECKOUT_BUTTON %>"
> >
onClick="submitShoppingCartDetailsForm('examples.buybeans.client.CheckOutCom
mand', '<%= CHECKOUT_JSP %>')"
> > value="Checkout">
> > </td>
> > </tr>
> > <tr colspan="6">
> > <td> </td>
> > </tr>
> >
> > <%-- DESTINATION_TAG is required because the form action goes
to getTrafficURI() --%>
> > <%-- In this case, the destination is the command
--%>
> ><%-- <input type=hidden name="<%= DESTINATION_TAG %>" value="<%=
COMMAND_ASSEMBLER_JSP %>"> --%>
> >
> > <%-- The following line is used for testing SSL redirect --%>
> > <input type=hidden name="<%= DESTINATION_TAG %>"
value="/portals/buybeans/portlets/commandAssemblerSSL.jsp" >
> >
> > <%-- The following two parameters are set by the JavaScript
function based --%>
> > <%-- on the button that the user presses (default value are
provided ) --%>
> > <input type=hidden name="<%= BUYBEANS_CONTENT_PARAM %>"
value="<%= SHOPPING_CART_DETAILS_JSP %>">
> > <input type=hidden name="<%= COMMAND_CLASS_NAME_PARAM %>"
value="examples.buybeans.client.UpdateShoppingCartCommand">
> >
> > </form>
> > </table>
> > </td>
> > </tr>
> > <tr>
> > <td> </td>
> > </tr>
> ></table>
> >
>
-
Dynamic reloading in iWS 6.0 causes my http session to be lost
Hi,
I have a problem with dynamic reloading in iWS 6.0 Sp2 on Solaris 8. I have not set the reload-interval for the class-loader, in fact i haven't included anything related to the classloader in the web-apps.xml file.
The default behaviour is observed, the classes are reloaded every 30 seconds. So far, so good.
I have seen that if a change a class, iWS reloads the entire application, destroying all the servlets in it. This destroys my HTTP session.
The same behaviour is observed in a redeployment, and in a reloading of config files.
Is there any way of avoiding this?
Thanks.
By the way, could anyone describe the classloader architecture of iWS.
JuanScott,
Does the problem only occur on MSIE clients? Do this work properly on Communicator? If so, you may be running into a problem with how MSIE determines the maxage for a cookie.
The criteria that IE uses for creating a new session is the length of time that a session has been alive. For this reason, when a user tries to connect to a web application on the iWS webserver through IE, the time on the client server and on the webserver must be set correctly. Otherwise, the user could experience problems with session data getting lost or discarded by the client.
This problem does not occur on Netscape browsers, as Netscape browsers set the cookie using the client-side clock and the maxage sent by the server.
Refer to this technote and see if the helps:
http://knowledgebase.iplanet.com/ikb/kb/articles/4704.html -
How can lifetime of a secure session be controlled in OC4J 9.0.3-9.0.4?
Is "session-timeout" parameter in web.xml valid or is the SSL session controlled by other parameters?
We are migrating to https an application that worked properly in http mode, and sessions expire now after just a few seconds. We can't find where to config https session timeout. OC4J documentation is very vague regarding to secure applications.
Thanks,
Modulab TeamHaving the same problem for more than 1 week, couldn't find a solution. Session expires in a very short time in https. We're using standalone OC4J (9.0.3). Do I have to change it with AS now ? Isn't there any other solution, patch or something like that ?
Any kind of your help would be greatly appreciated since thousands of WEB users of our institution CAN NOT use all of our https WEB apps.
Regards, -
JSF / Switch between HTTP and HTTPS
Hello!
I want to switch between HTTP and HTTPS using JSF.
Under Apache Struts framework I can use struts extension "sslext.jar" to configure switching between http and https in one web application.
e.g. Login-jsp should be secured, all other jsp's should run unsecured.
Any ideas?
regards
Harald.Thanks,
I made the necessary enhancement for the second phase, password confirmation required when return to SSL zone after leaving it after a succesful login.
I did the following:
1) create a class in the application scope and/or singleton class with the servlet paths that require SSL
2) create a plugin that reads ActionConfigs from the ModuleConfig
3) create a filter that sets a request scope flag that says that password must re-entered.
Code Extracts:
1) MainshopContainer application level parameter singleton class:
private static HashMap sslZoneMap = new HashMap(50); // key = servlet path of request, example /login.do
public boolean isInSSLZone(String servletPath)
return this.sslZoneMap.containsKey(servletPath);
public void addToSSLZone(String servletPath)
this.sslZoneMap.put(servletPath,null);
public int getNumberOfActionsInSSLZone()
return this.sslZoneMap.size();
2) Struts plugin
add a call to loadSSLZoneMap in plugin init method:
loadSSLZoneMap(config, mainshopContainer);
private void loadSSLZoneMap(ModuleConfig config, MainshopContainer mainshopContainer)
throws ServletException
try {
ActionConfig[] actionConfigs = config.findActionConfigs();
for (int i = 0; i < actionConfigs.length; i++)
if (actionConfigs.getParameter().indexOf("/jsp/account/") < 0) // /account/* = URL path for SSL zone
// not found = not ssl zone
System.out.println("loadSSLZoneMap, following actionConfigs excluded from SSL Zone: "+actionConfigs[i].getPath());
else
// found = ssl zone
String servletPath = actionConfigs[i].getPath()+".do";
mainshopContainer.addToSSLZone(servletPath);
System.out.println("loadSSLZoneMap, following servletPath added to SSL Zone: "+servletPath);
System.out.println("loadSSLZoneMap, number of actions in SSL Zone: "+mainshopContainer.getNumberOfActionsInSSLZone());
catch (Exception ex)
ex.printStackTrace();
throw new ServletException("Exception caught in loadSSLZoneMap: "+ex.toString()+" Initialization aborted.",ex);
3)
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String servletPath = req.getServletPath();
boolean secure= this.mainshopContainer.isInSSLZone(servletPath);
The wole picture:
The filter adds a RequestDTO object that includes all request parameters, one of them is the secure flag.
I have a session scope class UserContainer that includes all the session parameters, one of them is the lastRequestDTO.(last made request)
At the end of all my jsp's I set the lastRequestDTO variable.
In that method I set the passwordConfirmationRequired flag if needed:
public void setLastRequestDTO(RequestDTO _lastRequestDTO)
if (this.lastRequestDTO != null && this.lastRequestDTO.isSecure() != _lastRequestDTO.isSecure())
this.setPasswordConfirmationRequired(true);
this.lastRequestDTO = _lastRequestDTO;
I read the passwordConfirmationRequired in all my jsp's in the SSL zone that allow editing or deleting and if that flag is true, a valid password must be re-entered in order to make the updates.
When the password is OK I reset the passwordConfirmationRequired to false.
I need some help for the first phase, that is SSL setup for all actions related to jsp's with url path /account/*
I tought I could define it in the web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>All Account Related Pages</web-resource-name>
<url-pattern>/account/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
but that doesn't work and finnaly understood why:
Example: /WEB-INF/jsp/account/login.jsp corresponds to /login.do
The url pattern /account/* at the container level is never encountered.
Is it allowed to declare the following action path: /account/login instead of /login?
If yes I could add following prefix /account to all my action paths and forward paths and this could resolve my problem.
What's your opinion?
If no, would your library resolve this?
Will all the Struts/JSP/JSTL url generating tags pick-up the required protocol (http/https) according to your configuration file?
Regards
Fred -
Model session not in sync with Http Session
Hi All,
I have an application developed in JDev 11.1.1.4 and we are not using ADF Security for login.
The problem occurring is randomly some of the LOV on my home page are getting null (having no data). These LOVs are populated using the values passed as bind parameter from the login values (basically HTTP session values at web layer). So i added a method in all the task flow to set the session value at the model layer (default method) . Also on each call to the Am Impl call i am setting the value in the HTTP session and then invoking the method, but some how what happens is the Model level session value is not in sync with HTTP session and the list gets empty.
Any inputs what i can do to get out of this prblm ?
thnkIn this case you need to overwrite the activateState/passivateState method of your am and store/reads the values from the xml structure you get as parameters to this methods.
For more detailed information check the docs http://download.oracle.com/docs/cd/E12839_01/web.1111/b31974/bcstatemgmt.htm#sm0495
By the way, this is nothing you need to open an SR on as it's working as designed.
Timo
Maybe you are looking for
-
Not able to get the attributes from HttpSession
hi all, i'm using session.setAttribute() in a jsp to put an attribute in the session and when i try to get that attribute in another jsp it's not giving the value. But the getAttribute() mehods is giving the value in the same jsp page where i used th
-
Service packs and hot fixes for BusinessObjects Enterprise XI 3.1
Hello Experts. Which is the cronology or order of the service packs and hot fixes for BusinessObjects Enterprise XI 3.1, or which are tha latest? thanks
-
How do I close a program or app?
I have an iPad Air 2. This is my first Apple product. How can I close a program or app? It seems like once I open a program or app like Chrome it remains open and I can not close it. In Windows I am used to clicking on an "X" at the top right hand
-
How to disable Wifi for one user account?
Hi. I am setting up very restricted user account in Lion that I want to use on gigs when using Ableton Live 8 on stage. Basically, my user account should just allow to run Live 8 and nothing else. Is it possible that the airport get switched off when
-
Best way to clean dock connector area
I got chocolate (don't ask) in the dock connector area of my iPod Touch 4g. Now now the heck do I clean it out?!