Wrox Programmer Forums
Go Back   Wrox Programmer Forums > Java > Java and JDK > J2EE
| Search | Today's Posts | Mark Forums Read
J2EE General J2EE (Java 2 Enterprise Edition) discussions. Questions not specific to EE will be redirected elsewhere.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the J2EE section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
  #1 (permalink)  
Old February 5th, 2008, 08:33 AM
Authorized User
 
Join Date: Feb 2008
Location: chennai, tn, India.
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Session Out Problem

Hi Friends,
In my project I'm using frames for web pages and technologies are java, jsp, struts, Filter, LDAP, DB2,Ajax. My problem is whenever the session is timed out, If I tried to access any page, I'm getting the login page in the child frame. The upper frame remains the same. I'm doing session checking in Request processor. whenever the request comes from any page, it will goto reqprocessor and it will go to the subsequent page. This flow is working fine, when the is session true. Whenever the session is timed out, the request is not at all going to request processor. It's gone to login page. the login page shows in the child frame. I would have redirected the page to login page if I have a control. but I don't have any control if the session is timed out. I want to know the flow if the session is timed out. And Is there any way control if the session is out. I'm setting username in a session and I'm checking the username is null or not null in request processor. If it's null, it should go to session expired page otherwise continue. I'm sure every request is going to req processor except session out request. Can you please help how to get the session control. I think the the session timed out request taking the page from web.xml. If this is true, how to handle it manually. And I'm using Filter, j_security_check, LDAP for security. Is these things will affect the session flow? Is there any way to get the control of the session? here I mentined the web.xml file details.

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.4" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

    <filter>
        <filter-name>FormLoginFilter</filter-name>
        <filter-class>com.authentication.FormLoginFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>FormLoginFilter</filter-name>
        <url-pattern>/j_security_check</url-pattern>
    </filter-mapping>

    <servlet>
          <servlet-name>action</servlet-name>
          <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
          <init-param>
            <param-name>config</param-name>
            <param-value>/WEB-INF/struts-config.xml</param-value>
          </init-param>
          <init-param>
            <param-name>debug</param-name>
            <param-value>3</param-value>
         </init-param>
          <init-param>
            <param-name>detail</param-name>
            <param-value>3</param-value>
          </init-param>
          <load-on-startup>2</load-on-startup>
          <security-role-ref>
            <role-name>iadmin</role-name>
            <role-link>iadmin</role-link>
        </security-role-ref>
        <security-role-ref>
            <role-name>iuser</role-name>
            <role-link>iuser</role-link>
        </security-role-ref>
    </servlet>
        <session-config>
            <session-timeout>60</session-timeout>
      </session-config>
      <welcome-file-list>
        <welcome-file>/loginRedirect.jsp</welcome-file>
      </welcome-file-list>

      <security-constraint>
        <web-resource-collection>
            <web-resource-name>VendorPayment</web-resource-name>
            <description></description>
            <url-pattern>*.jsp</url-pattern>
            <url-pattern>*.do</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description>Restrict Main app to admin users</description>
            <role-name>iadmin</role-name>
            <role-name>iuser</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/login.jsp</form-error-page>
         </form-login-config>
    </login-config>

    <security-role>
        <description>Admin users are assigned to this role.</description>
        <role-name>iadmin</role-name>
    </security-role>
    <security-role>
        <description>General users are assigned to this role.</description>
        <role-name>iuser</role-name>
    </security-role>
    <resource-ref>
      <res-ref-name>Vptables</res-ref-name>
        <res-type>javax.sql.DataSource</res-type>
        <res-auth>Container</res-auth>
        <res-sharing-scope>Shareable</res-sharing-scope>
      </resource-ref>
</web-app>




Regards
Kasi
__________________
Regards
Kasi
  #2 (permalink)  
Old February 9th, 2008, 03:15 PM
Authorized User
 
Join Date: Apr 2005
Location: , , India.
Posts: 71
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hello Kasi,

I think this is happening as you have configured the contaner security to be used for the application. In this case the security component of the server kicks in before the request reaches your application. When the user is not authenticated, the server will intercept the request then present the user with the login page. For further susequent requests, the container intercept the requests to check if the user is authenticated and will forward the calls to the application. When the session times out, the container will know that the session has expired and will present with the login page again.

I fear I am not able to understand your requirement here. If you do not want Container authentication to intercept, then I think you can always send the request to particular page which will redirect to the page of your choice and this partcular page where the request is being made should not be configured as protected resource. As per me, it is really a bad idea as every call would have a overhead.

Or other option is to disable container authentication and manage authentication/authorization in your application.

-eNJay
  #3 (permalink)  
Old February 18th, 2008, 09:30 AM
Authorized User
 
Join Date: Feb 2008
Location: chennai, tn, India.
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for your response. some how I have done it. But they way I'm doing is bad(I think). I put a condition in login page like. If the login page has frames redirect to logout page. otherwise continue the flow.The body onload I'm calling the function.Now it's working. I don't know the impact in future.
function urlCheck(){
  if(parent.frames.content!=null){
  document.parentWindow.frames['parent'].frames['parent'].location. href = "<%=request.getContextPath()%>/logout.jsp"
 }
}
<body onload="urlCheck();">
Can you please tell me if this is fine or not


Regards
Kasi
  #4 (permalink)  
Old March 21st, 2008, 03:35 PM
Registered User
 
Join Date: Mar 2008
Location: , , .
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

what i usually do to work on the same problem i have a custom AJAX class that will first check the returning string text that is returned and if it contains a string called "Login_form" (or something along those lines) then use javascript to redirect to the login page.
E.g

if(responseText.contains('loginForm'){
   window.location=login.jsp
}

something along these lines.
hope that helps



Similar Threads
Thread Thread Starter Forum Replies Last Post
session problem MunishBhatia ASP.NET 2.0 Professional 9 October 6th, 2007 04:06 AM
Session problem abdulweb General .NET 3 August 27th, 2007 08:01 PM
session problem smsone PHP Databases 1 May 17th, 2006 05:34 PM
session and cookie problem (empty session file) msincan BOOK: Beginning PHP, Apache, MySQL Web Development ISBN: 978-0-7645-5744-6 0 February 27th, 2005 05:31 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.