Tomcat / Glassfish Session Synchronization and JAAS
Hi there!
How does session synchronzation between Tomcat and Glassfish work?
For example, if there are two users at the same time, each one has it's own webserver session and both are working on the same stateful java bean (e.g. a simple shop cart), how are both sessions - the webserver and application server session - synchronized? Any form of synchronization has to take place, otherwise a cart bean would be senseless, as there were unwanted interactions between both clients. Are there any hidden tokens that are send via JNDI Lookup?
It's the same with JAAS: If there's a programmatic login on the application server, how does the application memorize the user's privileges and principal, in particular if there's a server cluster? Is there intern a simple stateful bean? And how does the mapping between websession and application server session work? Is it really reliable?
Hope you can help me. It's quite hard to find detailed and solid documentation concerning this topic.
Thanks!
Hi,
Can you provide a solution that does not include JSTL, as I can not use this technology as it is not in scope for the DEV environment defined for these projects I am working on.
regards,
Pravash
Similar Messages
-
HTTP Error 400 on Tomcat 5.0.28 and JAAS
Hi
I have this problem every time I send an Authentication Request using JAAS. I've a login form and, after I send my request, LoginModule starts to process it. The problem is that, viewing the tomcat log output, the authentication goes well, but Tomcat send me a HTTP error code 400 which means "Invalid direct reference to form login page".
If I reload the login form, not back button, and retype my credentials, I reach to enter in my website. Tomcat send me a HTTP code 302, then load my home page.
This is the login HTTP message:
POST /j_security_check HTTP/1.1
Host: localhost:1999
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://localhost/xxxx/index
Cookie: JSESSIONID=8F91E0B617B45C1BC772E370481C8FCF
Content-Type: application/x-www-form-urlencoded
Content-Length: 65
j_username=user&j_password=pass&Submit=LoginAnd this is the login form:
<form method="post" action ="j_security_check" name="loginform" >
<table width="100%" cellpadding="2" cellspacing="0" class="corpo">
<tr>
<td><div align="right">Username</div></td>
<td width="20%"><input type="text" class="corpo" name="j_username" /></td>
</tr>
<tr>
<td><div align="right">Password</div></td>
<td width="20%"><input type="password" class="corpo" name="j_password" /></td>
</tr>
<tr>
<td> </td>
<td><div align="right">
<input type="submit" class="bottone" name="Submit" value="Login" /><br />
<a href="javascript:apriFinestra('<%= request.getContextPath() %>/jsp/password.jsp', '', '400px', '400px');" class="corpo"><%=lu.resource(rb, "HOME.forgot") %> </a>
</div></td>
</tr>
</table>
</form>There've been issues when running in the embedded OC4J server where logged messages don't appear at all - I suspect this is happening on both environments, but you're only seeing the message on Tomcat.
If you look in the HTML, you'll see a <!-- ILLEGAL HTML: --> comment where the problem occurs, and you should be able to trace that content back to the components you're using at that spot. Could you let us know what combination of components produces this error? (The problem is exactly what the error message says: HTML does not allow <img> directly inside of <table>, but that's what got produced.) -
Glassfish v3, BlazeDS, and authentication.
Hi,
I'm looking for documentation about how to configure BlazeDS security with Glassfish v3. I've found this:
http://anachronymous.com/2009/01/flex-blazeds-and-glassfish-part-1.html
...but it's for Glassfish v2. Most of it should be the same, but some of the TomcatValve stuff has changed for Glassfish v3:
http://blogs.sun.com/jluehe/entry/glassfish_v3_adds_support_for
Should I be able to ignore the valve configuration and simply use TomcatLoginCommand since Glassfish v3 is supposed to support Tomcat style valves? I tried adding the following to services-config.xml:
<security>
<login-command class="flex.messaging.security.TomcatLoginCommand" server="all"/>
</security>
...but upon deployment I get the following error:
javax.servlet.UnavailableException: Cannot create class of type 'flex.messaging.security.TomcatLoginCommand'.
Can anyone point me in the right direction?
RyanI'll assume you've got Glassfish using the default 'file' realm for authentication. If not you'll have to adapt my instructions to the realm you're using.
1) Load the glassfish admin console.
2) Navigate to 'Configuration -- Security -- Realms -- file'.
3) Select 'Manage Users' near the top left.
4) Select 'New'
5) Add the user 'tech'. In the 'Group List' put 'tech'. Use any password you like.
6) Select 'OK' to save your user.
7) Navigate to 'Configuration -- Security'.
8) Enable 'Default Principal To Role Mapping'. I can't remember why I have this enabled, so feel free to research it a bit.
9) Select 'Save' to save the changes.
Here is a complete copy of a simple web.xml that I've used:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<display-name>ITMA Web App</display-name>
<!-- Http Flex Session attribute and binding listener support -->
<listener>
<listener-class>flex.messaging.HttpFlexSession</listener-class>
</listener>
<!-- MessageBroker Servlet -->
<servlet>
<display-name>MessageBrokerServlet</display-name>
<servlet-name>MessageBrokerServlet</servlet-name>
<servlet-class>flex.messaging.MessageBrokerServlet</servlet-class>
<init-param>
<param-name>services.configuration.file</param-name>
<param-value>/WEB-INF/flex/services-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>MessageBrokerServlet</servlet-name>
<url-pattern>/messagebroker/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>itma-flex-ui-blazeds.swf</welcome-file>
</welcome-file-list>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>file</realm-name>
</login-config>
<security-role>
<role-name>tech</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Flex UI</web-resource-name>
<url-pattern>/messagebroker/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>tech</role-name>
</auth-constraint>
</security-constraint>
</web-app>
Note the MessageBrokerServlet configuration, specifically the <servlet-name>. You probably have something similar. The <servlet-mapping> means all requests to urls like 'http://my.domain.com/contextroot/messagebroker/amf' will be processed by the MessageBrokerServlet. The <security-constraint> configuration restricts all requests to '/messagebroker/*'. Basically all requests to the MessageBrokerServlet will require authentication.
All of the roles in your application need to get listed in the <security-role> section. Each role needs to be mapped to a 'Principal' on the Glassfish server. I'm not positive, but I think the 'Default Principal To Role Mapping' will automatically map users defined as being of the role 'tech' to the 'tech' user (principal) or possibly the 'tech' group. I'm a little unclear on how it works with the group list.
The final parts are the <login-config> and <auth-constraint> sections. The login config defines the realm to use (file in this example). The auth-constraint section says that access to the listed resources should be restricted to users in the 'tech' role.
The whole process is something like this:
1) Only users in the role 'tech' can access urls that match /messagebroker/*.
2) The role of tech is defined and mapped to a principal (or group of principals) within the file realm on the server.
3) The 'Default Principal To Role Mapping' option in glassfish automatically maps the tech role to the tech principal (user) or group (I'm not actually sure which one). I think you'd normall need to configure this somewhere and map the roles in your flex application to groups in your security realm.
Try creating a configuration like the above. Ignore the BlazeDS portion of the configuration to start with and see if you can get it working with just web.xml. After you get that working and know you can actually authenticate to the container (Glassfish), then you can go back to trying to get the BlazeDS side of things configured / mapped.
I hope that helps,
Ryan -
EJB3 + Tomcat + Glassfish Question
Guys, I'm a new comer of this EJB 3. I just learned how to create a session ejb for the past few weeks.
My first try was to create a local session ejb deployed on the same container (glassfish), and it was run perfectly.
My second try was to create a remote session ejb and deployed on different container, and it could not work.
I already spent about 1 week to find answers for this problem, and I have not found any, and this is frustrating me.
I use these:
Eclipse Europe 3.3.1.1
Glassfish V2
Tomcat 5.5
I created 2 projects for this, the first one is the Enterprise Application Project includes the EJB Project.
The second one is the Dynamic Web Project.
Inside the EJB project, I created an interface and an implementation class.
Inside the Web Project, I added a servlet and put all the calling code inside the servlet.
I tried to running the code within the eclipse, I have already installed the server inside the eclipse.
I followed all the instructions in the EJB Glassfish FAQ and still not working.
This is my ejb interface:
package com.ejb3;
import javax.ejb.Remote;
@Remote
public interface HelloWorldRemote {
public String sayHello(String name);
}This is my ejb bean class
package com.ejb3;
import javax.ejb.Stateless;
@Stateless
public class HelloWorldRemoteBean implements HelloWorldRemote {
public String sayHello(String name) {
String output = "Hello " + name;
return output;
}This is my servlet code:
private void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
RequestDispatcher rd = null;
try {
Properties props = new Properties();
props.setProperty("java.naming.factory.initial", "com.sun.enterprise.naming.SerialInitContextFactory");
props.setProperty("java.naming.factory.url.pkgs", "com.sun.enterprise.naming");
props.setProperty("java.naming.factory.state", "com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl");
props.setProperty("org.omg.CORBA.ORBInitialHost", "localhost");
props.setProperty("org.omg.CORBA.ORBInitialPort", "3700");
InitialContext ic = new InitialContext(props);
HelloWorldRemote helloWorld = (HelloWorldRemote)ic.lookup("HelloWorldRemoteEJB");
String input = request.getParameter("myname");
String output = helloWorld.sayHello(input);
request.setAttribute("result", output);
rd = getServletContext().getRequestDispatcher("/result.jsp");
catch(NamingException e) {
e.printStackTrace();
if(rd != null)
rd.forward(request, response);
}I had this error:
javax.naming.NoInitialContextException: Cannot instantiate class: com.sun.enterprise.naming.SerialInitContextFactory [Root exception is java.lang.ClassNotFoundException: com.sun.enterprise.naming.SerialInitContextFactory]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:657)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at com.controller.HelloWorldController.processRequest(HelloWorldController.java:55)
at com.controller.HelloWorldController.doPost(HelloWorldController.java:40)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.ClassNotFoundException: com.sun.enterprise.naming.SerialInitContextFactory
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1363)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1209)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:242)
at com.sun.naming.internal.VersionHelper12.loadClass(VersionHelper12.java:42)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:654)
... 21 moreI have spent 1 week to find the answers for this problem, but still have not found any answer.
I also tried to search on google, but I got no answer.
Can anyone help me please?
Thanks.I have the same problem. Remove the instructions from the EJB3 FAQ until it has you can take a plain tomcat tarball, add the jars and have it work.
Without javaee and appserv-rt jars:
java.lang.NoClassDefFoundError: javax/ejb/EJBObject
With jars in $TOMCAT_HOME/lib
May 5, 2008 2:33:52 PM org.apache.catalina.mbeans.GlobalResourcesLifecycleListener createMBeans
SEVERE: Exception processing Global JNDI Resources
javax.naming.NamingException: Cannot create resource instance
at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:156)
at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304)
May 5, 2008 2:33:52 PM org.apache.catalina.core.StandardService start
INFO: PWC1377: Starting service Catalina
javax.naming.NamingException: Cannot create resource instance
at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:156)
at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304) -
Session timeout and custom sso
Hi,
can anyone tell me how the session and idle timeout feature in Apex exactly works?
I built several applications in a workspace and do a sso authorization by setting a common cookie name. In addition to that i set the values for session length and idle timeout and assumed that the session length would be synchronized over all applications. But this doesn't seem to work. For instance, i set the idle timeout to 10 minutes in all applications and now i work for 15 minutes continously in application A and after that i switch over to application B (using the same session id!), the session is already expired in B.
Is this behavior correct? And, if yes, how can i set up a synchronization over all applications?
JensAnyone?
-
Session timeout and Custon login module
Hi,
Dev Platform: Jdev 10.1.3.4.0, Oracle 10.2.4
I'm trying to trap the session timeout and display a page. I'm using the code below from Frank Nimphius. I've also provided a console log of what is happening when the application times out. Instead of the filter being called the system is calling the dblogin module and attempting to login the anonymous user. I renamed the anonymous user and I just see log entries where the system attempted to find the anonymous user.
If I use the application to logout I get a Logout page with a button to confirm the logout. When I press the button the session is invalidated and the filter code brings up my "Session Timeout" notification page. This isn't what will happen in the end but I just wanted to tell you that the filter does work in certain instances.
How can I make the system not attempt to login the anonymous user and have the filter code run?
TIA, Dave
package isdbs.view.security;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class ApplicationSessionExpiryFilter implements Filter {
private FilterConfig _filterConfig = null;
public void init(FilterConfig filterConfig) throws ServletException {
_filterConfig = filterConfig;
public void destroy() {
_filterConfig = null;
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
String requestedSession = ((HttpServletRequest)request).getRequestedSessionId();
String currentWebSession = ((HttpServletRequest)request).getSession().getId();
boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
// if the requested session is null then this is the first application
// request and "false" is acceptable
if (!sessionOk && requestedSession != null){
// the session has expired or renewed. Redirect request
((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
else{
chain.doFilter(request, response);
}Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymous
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option debug = true
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option log level = log all
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option logger class = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option data_source_name = jdbc/elearnDS
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user table = TBL_LOGIN
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles table = XREF_LOGIN_ROLE
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option username column = LOGIN_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password column = PASSWORD
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles column = ROLE_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user pk column = LOGIN_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles fk column = LOGIN_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password encoding class = oracle.sample.dbloginmodule.util.DBLoginModuleClearTextEncoder
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option realm_column = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option application_realm = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] login called on DBTableLoginModule
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Calling callbackhandler ...
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Username returned by callback = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] User query string: select LOGIN_NM,PASSWORD, LOGIN_ATTEMPTS, ACTIVE_IND from TBL_LOGIN where lower(LOGIN_NM)= lower((?))
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Logon Successful = false
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Abort called on LoginModule
Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.OC4JUtil doJAASLogin
WARNING: Login Failure: all modules ignored
javax.security.auth.login.LoginException: Login Failure: all modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at oracle.security.jazn.oc4j.OC4JUtil.doJAASLogin(OC4JUtil.java:241)
at oracle.security.jazn.oc4j.GenericUser$1.run(JAZNUserManager.java:818)
at oracle.security.jazn.oc4j.OC4JUtil.doWithJAZNClsLdr(OC4JUtil.java:173)
at oracle.security.jazn.oc4j.GenericUser.authenticate(JAZNUserManager.java:814)
at oracle.security.jazn.oc4j.FilterUser.authenticate(JAZNUserManager.java:1143)
at com.evermind.server.http.EvermindHttpServletRequest.checkAndSetRemoteUser(EvermindHttpServletRequest.java:3760)
at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:706)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.GenericUser authenticate
FINE: JAAS-OC4J: Authentication failure for user: null
Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymousI added an HttpSessionListener upon login here's what I get:
09/03/31 08:21:25 Inside sessionCreated
09/03/31 08:21:25 Before New session createb = 0
09/03/31 08:21:25 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
09/03/31 08:21:25 After New session count = 1
At session timeout here's what I get:
09/03/31 08:23:27 Count before destroyed = 1
09/03/31 08:23:27 Destroyed session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
09/03/31 08:23:27 Count after destroyed = 0
09/03/31 08:23:27 Inside sessionCreated
09/03/31 08:23:27 Before New session createb = 0
09/03/31 08:23:27 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
09/03/31 08:23:27 After New session count = 1
Notice that the session Id in each case is IDENTICAL. That is why the Filter code isn't doing what it is intended to do. Whay is the same session ID being created after it is destroyed? Is there a configuration parameter that controls it?
Thanks,
Dave -
Huge volume of records are routing to the remote user other than his position and organization records. Synchronization and DB initialization taking more time around 36 hours.
Actual accounts & contacts need to be route around 2000 & 3000 but we have observed lakhs of records routing into local DB.
We have verified all the Assignment Rules, Views.
We ran docking object visibility rules and we have observed that some other accounts are routing due to Organization rule passing. (these records are not supposed to route).
Version Siebel 7.7.2.12,
OS Solaris.let me know what would be the reason that 1st million takes only 15 minuts and the time goes on increasing gradually with the increase of dataYes that's a little strange. I only can guess:
1. You are in archivelog mode and the Archiver is not able to archive the redo logs fast enough
2. You don't use Direct Load and DBWR ist not able to write the direty block to disk fast enough. You could create more DBWR processes in that case.
3. Make a snapshot of v$system_event:
create table begin as select * from v$system_event;After the import run
create table end as select * from v$system_event;Now compare the values:
select * from begin order by TIME_WAITED_MICRO descwith the values given you by
select * from end order by TIME_WAITED_MICRO descSo you can look where your DB spent so much time waiting for something.
Alternativly, you could start a 10046 trace on the loading session and use tkprof.
Dim -
How to combine Session Facade and Transfer object?
Hello All!
I'm working on an enterprise application. Presentation layer is a stand alone client, business logic is build on the Glassfish v2.1 and MySQL is used as a database. The client is connection to the GlassFishj server remotely using EJBs.
I have problems with business logic architecture.
Here is the brief description of backend application architecture design:
1. Session Facade pattern is used to simplify the client and application server interface and to provide application layers between backend (http://java.sun.com/blueprints/corej2eepatterns/Patterns/SessionFacade.html).
2.Transfer Object pattern to define update transfer objects strategy in order to decrease network overhead during client and application server interactions and to provide version control for objects. Transfer objects are designed as simple java business serializable objects. (http://java.sun.com/blueprints/corej2eepatterns/Patterns/TransferObject.html)
3. Originally the backend application consisted of three modules: users, storage and orders, but at the end I have decided to divide my application into the following parts - assortments, map, menu, orders, transactions, users.
4. All MySQL database transactions are via JDBC using procedures. No use of entity beans.
Questions:
1. I have some doubts about using Session Facade and Transfer object patterns at the same time. At first I'd mike to cite the definitions of the patters from the SUN official web site.
* Use a session bean as a facade to encapsulate the complexity of interactions between the business objects participating in a workflow. The Session Facade manages the business objects, and provides a uniform coarse-grained service access layer to clients.
* Use a Transfer Object to encapsulate the business data. A single method call is used to send and retrieve the Transfer Object. When the client requests the enterprise bean for the business data, the enterprise bean can construct the Transfer Object, populate it with its attribute values, and pass it by value to the client.
* So, if I use Transfer Object along with Session Facade, it makes some difficulties with object version control, because I 2 or
3 transfer objects controls with the 1 bean class. The best option for Transfer object Pattern is that each transfer object should have its own bean class to provide ability of object's version control. In the case it can bring the network overhead because of frequent remote calls caused by the large number of the bean classes.
* So, should I use the both patterns? If yes, how to manage the interaction the patterns. If no, which one to use.
2. E.g. I have a huge list of the Order objects and each Order object consists of other complicated objects. So, would I have trouble to transfer that list over network? If yes, how to manage it.
Thank you!
AstghikAstghik wrote:
Hello All!
I'm working on an enterprise application. Presentation layer is a stand alone client, business logic is build on the Glassfish v2.1 and MySQL is used as a database. The client is connection to the GlassFishj server remotely using EJBs.
I have problems with business logic architecture.
Here is the brief description of backend application architecture design:
1. Session Facade pattern is used to simplify the client and application server interface and to provide application layers between backend (http://java.sun.com/blueprints/corej2eepatterns/Patterns/SessionFacade.html).
I would simply recommend establishing a service tier. Your services should be stateless. You can go the extra mile and have a session facade, but in the majority of cases, coding to an interface for your service accomplishes the same goals.
2.Transfer Object pattern to define update transfer objects strategy in order to decrease network overhead during client and application server interactions and to provide version control for objects. Transfer objects are designed as simple java business serializable objects. (http://java.sun.com/blueprints/corej2eepatterns/Patterns/TransferObject.html)
The idea of the transfer object is very similar to the Command pattern. I think if you investigate that pattern, it will be more obvious. The transfer object reduces network latency by consolidating all the parameters into an object, ideally, this also consolidates multiple method calls. If you combine a transfer object (or command object) with a service tier, you get the best of both worlds. The service can delegate calls to helper objects (or other services or components) using the data in the transfer / command object.
3. Originally the backend application consisted of three modules: users, storage and orders, but at the end I have decided to divide my application into the following parts - assortments, map, menu, orders, transactions, users.
The is your domain. It will vary from application to application. The principles above are more general (e.g., patterns and architectural tiers) and should apply to most domains. However, your actual use case may require something different.
4. All MySQL database transactions are via JDBC using procedures. No use of entity beans.
Consider using something like iBatis or Spring's JDBC templating to make your life easier with JDBC.
Questions:
1. I have some doubts about using Session Facade and Transfer object patterns at the same time. At first I'd mike to cite the definitions of the patters from the SUN official web site.
* Use a session bean as a facade to encapsulate the complexity of interactions between the business objects participating in a workflow. The Session Facade manages the business objects, and provides a uniform coarse-grained service access layer to clients.
* Use a Transfer Object to encapsulate the business data. A single method call is used to send and retrieve the Transfer Object. When the client requests the enterprise bean for the business data, the enterprise bean can construct the Transfer Object, populate it with its attribute values, and pass it by value to the client.
* So, if I use Transfer Object along with Session Facade, it makes some difficulties with object version control, because I 2 or
3 transfer objects controls with the 1 bean class. The best option for Transfer object Pattern is that each transfer object should have its own bean class to provide ability of object's version control. In the case it can bring the network overhead because of frequent remote calls caused by the large number of the bean classes.
* So, should I use the both patterns? If yes, how to manage the interaction the patterns. If no, which one to use.
Versioning is a separate issue. Generally, the more coarsely grained your transfer / command object is, the more changes are likely to impact dependent objects.
Your command or transfer object does not have to be a vanilla JavaBean, where you are basically creating a bean that has data from other objects. You can simply use your command / transfer object to encapsulate already existing domain objects. I see no need to map to a JavaBean with what you have described.
Generally, a method signature should be understandable. This means that many times it is better to pass the method, say, two coarsely grained objects than a signature with a dozen primitives. There are no hard and fast rules here. If you find a method signature getting large, consider a transfer / command object. If you want one service to delegate calls to a number of other services, you can also create a transfer / command object to furnish the controlling service with the data it needs to invoke the dependent services.
2. E.g. I have a huge list of the Order objects and each Order object consists of other complicated objects. So, would I have trouble to transfer that list over network? If yes, how to manage it.
This is a large, open-ended question. If you are going to display it to a user on a screen, I do not see how you avoid a network transfer with the data. The general answer is to not pass the data itself but rather a token (such as a primary key, or a primary key and a start and stop range such as you see on a Google search result). You do want to limit the data over the network, but this comes at a cost. Usually, the database will receive additional load. Once that becomes unacceptable, you might start putting things into session. Then you worry about memory concerns, etc. There is no silver bullet to the problem. It depends on what issues you are trying to address and what trade-offs are acceptable in your environment.
Thank you!
AstghikBest of luck.
- Saish -
I am having a problem with my users clicking on a link which kicks off
a database intensive task. The user then gets frustrated if the
response is not back right away and they click on the link again and
again and again kicking off this database intensive task each time.
My question is, can I stop this behaviour by simply doing:
synchronize session { do database task } ?? Will this work or is
there a better way to do this? I've been told that some applications
will display an hour glass after a link is clicked but I don't know
how to do this. Any help would be greatly appreciated.
In addition to Dimitri's note, you can store the fact that an active request
is occurring for the user in the HTTP session object, and label that task
such that subsequent requests can return the same answer (i.e. "still
working") and will not start another process. Upon completion, the same
request would show the result.
Peace,
Cameron Purdy
Tangosol, Inc.
http://www.tangosol.com
Tangosol Server: Enabling enterprise application customization
"housecube" <[email protected]> wrote in message
news:[email protected]..
> I am having a problem with my users clicking on a link which kicks off
> a database intensive task. The user then gets frustrated if the
> response is not back right away and they click on the link again and
> again and again kicking off this database intensive task each time.
> My question is, can I stop this behaviour by simply doing:
> synchronize session { do database task } ?? Will this work or is
> there a better way to do this? I've been told that some applications
> will display an hour glass after a link is clicked but I don't know
> how to do this. Any help would be greatly appreciated.
-
Under Excel Service Application --> session management; what is the difference between Session timeout and Short Session timeout?
Any call made from the API will automatically be set to the “Session Timeout” period, no matter
what. Calls made from EWA (Excel Web Access) will get the “Short Session Timeout” period assigned to it initially.
Short Session Timeout and Session Timeout in Excel Services
Short Session Timeout and Session Timeout in Excel Services - Part 2
Sessions and session time-outs in Excel Services
above links are from old version but still applies to all.
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog -
How to open a URL without session ID and reuse the current browser session?
Hi All,
I have a question about HTMLDB 2.0
How to open a URL without session ID and reuse the current browser session?
That was the behaviour in HTMLDB 1.6 ...
My usecase for this is the following:
We have written an issue tracking application, which sends e-mail to the interested users, when something happens.
In these email we've put a link to some page, with some parameters in the URL.
The idea is for the user to be easy to click on the hyperlink and to see the details of the ticket.
When the user clicks on such a link he is directed to a login screen (page 101) and he enters his Username and password, and is then forwarded to the details for the ticket.
Then he receives another email (e.g. for another ticked). He clicks on the link and :
a) in HTMLDB 1.6 he goes to the details as he didn't close his browser and session is remembered
b) in HTMLDB 2.0 he is prompted to enter username, password with the username populated
Please tell me how can I achieve the same behaviour in HTMLDB2.0 as it was in HTMLDB 1.6.
I understand this change is somehow security related, althogh I don't understand how. If you can explain this either I would be very happy?
Best regards,
Mihail DaskalovMihail - I detailed a couple of approaches here: Re: Application Link
Scott -
Session variable and initialization block issues
We are using OBIEE 10.1.3.3 and utilizes built in security features. (No LDAP or other single sign on). The user or group names are not stored in any external table. I have a need to supplement Group info of the user to the usage tracking we implemented recently as the NQ_LOGIN_GROUP.RESP column contains username instead of group name. So I created a session variable and associated with a new initialization block and also had a junk default value set to the variable. In the initialization block, I wrote the following query and as a result it inserted correct values into the table when the TEST button was clicked from the initialization block form.
insert into stra_login_data (username, groupname, login_time) values ('VALUEOF(NQ_SESSION.USER)', 'VALUEOF(NQ_SESSION.GROUP)', SYSDATE)
My intention is to make this execute whenever any user logs on. The nqserver.log reports the following error and it doesn?t insert values into the table.
[nQSError: 13011] Query for Initialization Block 'SET_USER_LOGIN_BLOCK' has failed.
[nQSError: 23006] The session variable, NQ_SESSION.USER, has no value definition.
[nQSError: 13011] Query for Initialization Block 'SET_USER_LOGIN_BLOCK' has failed.
[nQSError: 23006] The session variable, NQ_SESSION.GROUP, has no value definition.
When I changed the insert statement as below, this does get populated whenever someone logs in. But I need the values of GROUP associated with the user as defined in the repository.
insert into stra_login_data (username, groupname, login_time) values ('TEST_USER', TEST_GROUP', SYSDATE)
Could someone help me out! As I mentioned above, I need the GROUP info into the usage tracking. So, if there is another successful approach, could you please share?
Thank you
AminHi Amin,
See [this thread|http://forums.oracle.com/forums/thread.jspa?messageID=3376946�]. You can't use the GROUP session variable in an Init Block unless it has been seeded from an Init Block first. There isn't an easy solution for what you want, but here are some options:
1) Create a copy of your User => Groups assignments in your RPD in an table so you can use it in your Usage Tracking Subject Area. But this means you will have to replicate the changes in two places so it's not a good solution.
2) As the GROUP session variable is populated when you login you could theoretically use it a Dashboard and pass it a parameter to write the value to the database. But as I am not sure how can you make fire only once when the user logins it sounds like a bad idea.
3) Move your User => Groups assignments from your RPD to a DB table. Use OBIEE Write Back or something like Oracle APEX to maintain them.
I think 3) is the best solution to be honest. -
Session variable and Tracking in Header file
Is there a way for me to keep track of the session and use a variable in my Header to pass around for this?
I have a login.jsp, validate_login.jsp and other jsp's that have the same header file. Instead of me using the same code in all of the jsp's I thought it would be easier to put it in the header Please look at the example code below:
// validate_login.jsp is passed username and password from the login.jsp.
// validate_login then calls the logIn method in my Session class.
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="uom.edu.rd.session.Session"%>
<html>
<head><title>Validate Login</title></head>
<body>
<jsp:include page="header.jsp" />
<%
String username = request.getParameter("username");
String password = request.getParameter("password");
this_session.logIn(username, password);
boolean b = this_session.getLoggedIn();
%>
==================================================================
// The logIn method in Session class
public void logIn(String userName, String password) {
Connection con = null;
Statement stmt = null;
ResultSet rs = null;
try{
con = db.getConnection();
stmt = con.createStatement();
String sql = "SELECT * FROM RD_USER WHERE USER_NAME = '" + userName +"' AND USER_PASSWORD = '" + password + "'";
rs = stmt.executeQuery(sql);
if(rs.next()){
loggedIn=true;
}else{
loggedIn=false;
catch(Exception e){
// If something goes wrong, make sure
// the user is not logged in.
loggedIn=false;
}finally{
try{
rs.close();
stmt.close();
con.close();
}catch(Exception e){
* Log the user out.
public void logOut() {
loggedIn = false;
* Get the login status.
* @return boolean
public boolean getLoggedIn() {
return loggedIn;
==================================================================
// and this is part of my header.jsp
<%@page import="uom.edu.rd.session.Session"%>
<%
Session this_session = Session.findSession(request);
if ( this_session==null ) {
/* Now, instead of redirecting, create a new Session
* object and initialize it.
this_session = new Session();
this_session.makeSession(request);
this_session.createQueryBuilder(config);
%>
// This is the part I would like to pass around
<!-- Session logged_in = new Session(); -->
<%
boolean loggedIn = this_session.getLoggedIn();
if (loggedIn == false)
{ %>
<A STYLE="color:#FFFFFF;text-decoration:none;" HREF="./login.jsp"><FONT COLOR="#FFFFFF">LOG IN</font></a> <FONT COLOR="#FFFFFF"></font>
<% } else { %>
<A STYLE="color:#FFFFFF;text-decoration:none;" HREF="./logout.jsp"><FONT COLOR="#FFFFFF">LOG OUT</font></a> <FONT COLOR="#FFFFFF"></font>
<% }
%>
// so if you are logged in then you are able to view certain things on the jsp's if you are not logged in
// then of course you cannot. I want to pass around this loggedIn variable to all the jsp's
// after it checks loggIn Status for each page I have tried running this but I keep getting an error: cannot resolve symbol this_sessionUse <%@ include file="header.jsp" %> instead
-
Session Login and Logout in jsp page
hi
i am developing jsp page
i completed except logout.jsp page
my login page is in Jsp format and then business Logic in servlet and then get method & set method in bean.java
i have login and then it sucess page there i have singout button
if i sign out it should go to login page
how to do
how to make session invalidate
how to get session id
i have one more doubt i should check session invalidate each jsp page
regarding session login and logout in jsp
if anybody knows please give me a piece of code regarding login and logout
Regards
AkshathaThis is part of your filter class now you need login.jsp page
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="Stylesheet" type="text/css" href="/PAS/css/site.css"/>
<title>Automation System | Login Page</title>
</head>
<body>
<div align="center">
<h1>Photint Automation System</h1>
</div>
<br/><br/><br/>
<center>
<table border="1" cellpadding="0" cellspacing="0" width="40%" bgcolor="FFFFFFFF">
<thead>
<tr>
<th align="left" height="30"> <h3> Login</h3></th>
</tr>
</thead>
<tbody>
<tr>
<td>
<div align="center">
<form name="LOGIN" action="/PAS/LoginServlet" method="POST">
<table border="0">
<tbody>
<tr>
<td height="15"></td>
<td height="15"></td>
<td height="15"></td>
<td height="15"></td>
</tr>
<tr>
<td height="30"></td>
<td align="right" height="30">User Name : </td>
<td align="left" height="30"><input type="text" name="USERNAME" value="" size="35" /></td>
<td height="30"></td>
</tr>
<tr>
<td height="30"></td>
<td align="right" height="30">Password : </td>
<td align="left" height="30"><input type="password" name="PASSWORD" value="" size="35" /></td>
<td height="30"></td>
</tr>
<tr>
<td height="50"></td>
<td height="50"></td>
<td align="center" height="50"><input type="submit" value="Login" name="Login" /> <input type="reset" value="Reset" name="Reset" /></td>
<td height="50"></td>
</tr>
</tbody>
</table>
</form>
</div>
</td>
</tr>
</tbody>
</table>
</center>
<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
<br/><br/><br/>
<center>Copyright © 2009 Photint FZ LLC</center>
<center>Powered by Ali Jamali</center>
<center>Version : 1.0</center>
</body>
</html>And you need loginServlet.java
package com.ali.util.filter;
import com.ali.entity.user.UserEntity;
import com.ali.util.HibernateUtil;
import java.io.IOException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("USERNAME");
String password = request.getParameter("PASSWORD");
if (username == null || username.length() == 0) {
System.err.println(" Username textfeild is empty ..... !");
RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
dispatcher.forward(request, response);
return;
if (UserRegistry.isUserLoggedIn(username)) {
System.out.printf("User [%s] is already logged in. \n", username);
RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
dispatcher.forward(request, response);
return;
UserEntity user = null;
try {
user = (UserEntity) HibernateUtil.load(UserEntity.class, username);
if (user == null || !user.getPassword().equals(password)) {
RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
dispatcher.forward(request, response);
System.err.println(" Password or username is not valid ..... !");
return;
} catch (Exception e) {
e.printStackTrace();
RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
dispatcher.forward(request, response);
return;
HttpSession session = request.getSession();
System.err.println(request.getRemoteAddr());
session.setAttribute("username", user.getFirstName());
session.setAttribute("userType", user.isAdmin());
UserRegistry.logInUser(username);
response.sendRedirect("/PAS/index.jsp");
}finally is you need to just one user can be online at time or need to know how many user & who is online you should at this class also
package com.ali.util.filter;
import java.util.ArrayList;
import java.util.List;
public class UserRegistry {
private static final List loggedInUsers = new ArrayList();
public static void logInUser(String username) {
loggedInUsers.add(username);
public static void logoutUser(String username) {
if (isUserLoggedIn(username)) {
loggedInUsers.remove(username);
public static boolean isUserLoggedIn(String username) {
return loggedInUsers.contains(username);
}If you have any more Q. or any comment , Most welcome
Thanks
Ali Jamali -
Session pooling and statement handles
Hi there,
I have a large multi-threaded application (perhaps >100 threads). Each thread is continuously processing events (very high volumes) which involves some manipulation and some database operations (from a fixed set of possible operations).
I am using session pooling but what I want to know is, Should I:
(a) Prepare my fixed set of statement handles up front at program start-up when I'm creating the session pool and then reuse the statement handles in each event processing thread (also, is this thread safe ? even if it is, all threads would be contending on the same statement handles)
or
(b) Prepare the statement handle for each event which presumably will exploit the statement cache on the session pool. This would also mean not having statement handles shared between threads thus removing any thread contention issues.
I think (b) is the option for me, but does anyone have any thoughts ?With a), one would think it's OK, but I would hate to find out that it's not thread safe by accident.
But anyway, with b) the cost of allocating private statement handles in each thread seems very low. The memory required for the statement handle plus its bind and define handles could very well be below 8k per statement. If you've got say, 5 statements * 100 threads, you're only looking at around 4MB overall.
Finally, you might want to make sure that the session pool statement cache is working by checking the values for 'executions' and 'parse_calls' in V$SQL for your statements.
Maybe you are looking for
-
i cant open my ipad after i turned on the voice in accessibility i have a passcode and i tried to enter my password but it not working. help me please.. i updated my ipad in ios 6
-
External HD Folder Disappear During Transfer
I was transferring files into my external HD last night and this morning when I checked on the folder, It had disappeared. I looked at the free space estimate for the drive, and it seems that the content may still be written on the drive, but I canno
-
Fileter value not displaying in web
Hi all, I have a issue with selecting the filter value for a unit. The problem is I can find the value when I run the query in BEx, but same value is not displaying in webreport. Can anyone tell me, what might be the problem. (Actually I have to filt
-
Customer Account Clearing for Trading Partner
Hii, While clearing customer account system shows following error messege of Consolidation Consolidated companies 1300 and 001100 are different The number of the affiliated company must be clear for the selected document type for all line items. In t
-
WRT610N incompatible with Bonjour
I read an earlier posting about an issue between SPI on the latest WRT610N Version 1.0 firmware and a user's Apple TV. This pointed me to a "solution" to a perplexing problem I was having. I have 4 machines, 3 connected via WiFi and 1 on one of the w