Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > Java > Java and JDK > J2EE
Password Reminder
Register
| FAQ | Members List | Search | Today's Posts | Mark Forums Read
J2EE General J2EE (Java 2 Enterprise Edition) discussions. Questions not specific to EE will be redirected elsewhere.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the J2EE section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old February 5th, 2008, 08:33 AM
Authorized User
 
Join Date: Feb 2008
Location: chennai, tn, India.
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Session Out Problem

Hi Friends,
In my project I'm using frames for web pages and technologies are java, jsp, struts, Filter, LDAP, DB2,Ajax. My problem is whenever the session is timed out, If I tried to access any page, I'm getting the login page in the child frame. The upper frame remains the same. I'm doing session checking in Request processor. whenever the request comes from any page, it will goto reqprocessor and it will go to the subsequent page. This flow is working fine, when the is session true. Whenever the session is timed out, the request is not at all going to request processor. It's gone to login page. the login page shows in the child frame. I would have redirected the page to login page if I have a control. but I don't have any control if the session is timed out. I want to know the flow if the session is timed out. And Is there any way control if the session is out. I'm setting username in a session and I'm checking the username is null or not null in request processor. If it's null, it should go to session expired page otherwise continue. I'm sure every request is going to req processor except session out request. Can you please help how to get the session control. I think the the session timed out request taking the page from web.xml. If this is true, how to handle it manually. And I'm using Filter, j_security_check, LDAP for security. Is these things will affect the session flow? Is there any way to get the control of the session? here I mentined the web.xml file details.

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.4" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

    <filter>
        <filter-name>FormLoginFilter</filter-name>
        <filter-class>com.authentication.FormLoginFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>FormLoginFilter</filter-name>
        <url-pattern>/j_security_check</url-pattern>
    </filter-mapping>

    <servlet>
          <servlet-name>action</servlet-name>
          <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
          <init-param>
            <param-name>config</param-name>
            <param-value>/WEB-INF/struts-config.xml</param-value>
          </init-param>
          <init-param>
            <param-name>debug</param-name>
            <param-value>3</param-value>
         </init-param>
          <init-param>
            <param-name>detail</param-name>
            <param-value>3</param-value>
          </init-param>
          <load-on-startup>2</load-on-startup>
          <security-role-ref>
            <role-name>iadmin</role-name>
            <role-link>iadmin</role-link>
        </security-role-ref>
        <security-role-ref>
            <role-name>iuser</role-name>
            <role-link>iuser</role-link>
        </security-role-ref>
    </servlet>
        <session-config>
            <session-timeout>60</session-timeout>
      </session-config>
      <welcome-file-list>
        <welcome-file>/loginRedirect.jsp</welcome-file>
      </welcome-file-list>

      <security-constraint>
        <web-resource-collection>
            <web-resource-name>VendorPayment</web-resource-name>
            <description></description>
            <url-pattern>*.jsp</url-pattern>
            <url-pattern>*.do</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description>Restrict Main app to admin users</description>
            <role-name>iadmin</role-name>
            <role-name>iuser</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/login.jsp</form-error-page>
         </form-login-config>
    </login-config>

    <security-role>
        <description>Admin users are assigned to this role.</description>
        <role-name>iadmin</role-name>
    </security-role>
    <security-role>
        <description>General users are assigned to this role.</description>
        <role-name>iuser</role-name>
    </security-role>
    <resource-ref>
      <res-ref-name>Vptables</res-ref-name>
        <res-type>javax.sql.DataSource</res-type>
        <res-auth>Container</res-auth>
        <res-sharing-scope>Shareable</res-sharing-scope>
      </resource-ref>
</web-app>




Regards
Kasi
__________________
Regards
Kasi
Reply With Quote
  #2 (permalink)  
Old February 9th, 2008, 03:15 PM
Authorized User
 
Join Date: Apr 2005
Location: , , India.
Posts: 71
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hello Kasi,

I think this is happening as you have configured the contaner security to be used for the application. In this case the security component of the server kicks in before the request reaches your application. When the user is not authenticated, the server will intercept the request then present the user with the login page. For further susequent requests, the container intercept the requests to check if the user is authenticated and will forward the calls to the application. When the session times out, the container will know that the session has expired and will present with the login page again.

I fear I am not able to understand your requirement here. If you do not want Container authentication to intercept, then I think you can always send the request to particular page which will redirect to the page of your choice and this partcular page where the request is being made should not be configured as protected resource. As per me, it is really a bad idea as every call would have a overhead.

Or other option is to disable container authentication and manage authentication/authorization in your application.

-eNJay
Reply With Quote
  #3 (permalink)  
Old February 18th, 2008, 09:30 AM
Authorized User
 
Join Date: Feb 2008
Location: chennai, tn, India.
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for your response. some how I have done it. But they way I'm doing is bad(I think). I put a condition in login page like. If the login page has frames redirect to logout page. otherwise continue the flow.The body onload I'm calling the function.Now it's working. I don't know the impact in future.
function urlCheck(){
  if(parent.frames.content!=null){
  document.parentWindow.frames['parent'].frames['parent'].location. href = "<%=request.getContextPath()%>/logout.jsp"
 }
}
<body onload="urlCheck();">
Can you please tell me if this is fine or not


Regards
Kasi
Reply With Quote
  #4 (permalink)  
Old March 21st, 2008, 03:35 PM
Registered User
 
Join Date: Mar 2008
Location: , , .
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

what i usually do to work on the same problem i have a custom AJAX class that will first check the returning string text that is returned and if it contains a string called "Login_form" (or something along those lines) then use javascript to redirect to the login page.
E.g

if(responseText.contains('loginForm'){
   window.location=login.jsp
}

something along these lines.
hope that helps

Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
session problem MunishBhatia ASP.NET 2.0 Professional 9 October 6th, 2007 04:06 AM
Session problem abdulweb General .NET 3 August 27th, 2007 08:01 PM
session problem smsone PHP Databases 1 May 17th, 2006 05:34 PM
session and cookie problem (empty session file) msincan BOOK: Beginning PHP, Apache, MySQL Web Development ISBN: 978-0-7645-5744-6 0 February 27th, 2005 05:31 PM



All times are GMT -4. The time now is 12:47 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.