Search Results

Search found 71 results on 3 pages for 'httpsession'.

Page 2/3 | < Previous Page | 1 2 3  | Next Page >

  • session is lost after successful login?

    - by sword101
    greetings all um using spring security 3.0.2,all the application pages are secured to see them you must be authenticated um using https protocol i have a strange problem that after successful login and got to the requested page when try to open any link to other pages in the application the session is invalidated or lost or what happened i don't know and the user become anonymous,and redirected to the login page and i got this from debugging: No HttpSession currently exists No SecurityContext was available from the HttpSession: null. A new one will be created. after reviewing the coe many times,nothing in the code is invalidating the session,any ideas why something like this might happen?

    Read the article

  • How do I keep track of the session for each servlet request, until I use it? Singletons wont work?

    - by corgrath
    For each servlet request I get, I pass, perhaps, 10 methods before I am at where I need to check something in the session and I need the HttpSession. The only way I can get the HttpSession is from the HttpServletRequest, correct? How do I keep track of the session for each servlet request? Unfortuantly I cannot simple make a singleton (ex, SessionInformation.instance().getAttribute("name")) because that session would then be used over all requests. Is there a way to store the session globally for each request without having to pass it (or it's information) down all the methods just in case I need it?

    Read the article

  • GWT : NULL Session

    - by jidma
    I'm using spring4gwt in my project. I have the following login service implementation: @Service("loginService") public class LoginServiceImpl extends RemoteServiceServlet implements LoginService { @Override @Transactional(propagation = Propagation.REQUIRED, rollbackFor = Exception.class) public UserBean checkUser(String userName, String password) throws Exception { HttpSession httpSession = getThreadLocalRequest().getSession(); } } When i call the loginService.checkUser("test","test") (In hosted mode), I get a null pointer exception, as getThreadLocalRequest() returns NULL instead of the actual session. I didn't try in web mode yet. Why would I get a null session ? Does it have something to do with spring4gwt ? Thank you

    Read the article

  • Losing sessions on GlassFish

    - by synti
    I have a web application that logs users in a @SessionScoped managed bean. It's all the basic stuff, pretty much like this: users logs in using regular http form and gets redirect to user area (wich is protected using a filter). But if any resource on that area is accessed, the request somehow uses a new session, wich has no managed bean, no user, and the filter does his job, redirecting him to login page. Here's the login form: <h:form> <h:outputLabel for="email" value="Email "/> <p:inputText id="email" size="30" value="#{loginManager.email}"/> <h:outputLabel for="password" value="Password "/> <p:password id="password" size="12" value="#{loginManager.password}"/> <p:commandButton value="Login" action="#{loginManager.login()}"/> </h:form> The loginManager managed bean: @ManagedBean @SessionScoped public class LoginManager implements Serializable { @EJB private UserService userService; private User user; private String email; private String password; public String login() { user = userService.findBy(email, password); if (user == null) { // FacesMessage stuff } else { return "/user/welcome.xhtml?faces-redirect=true"; } } public String logout() { FacesContext.getCurrentInstance().getExternalContext().invalidateSession(); return "/index.xhtml?faces-redirect=true"; } // Getters, setters (no setter for user) and serialVersionUID And then comes the filter that protects the user area: @WebFilter(urlPatterns="/user/*", displayName="UserFilter") public class UserFilter implements Filter { @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpSession session = ((HttpServletRequest)request).getSession(false); LoginManager loginManager = (LoginManager) session.getAttribute("loginManager"); if (loginManager == null || !loginManager.hasUser()) { HttpServletResponse resp = (HttpServletResponse) response; resp.sendRedirect("index.xhtml"); } final User user = loginManager.getUser(); if (user.isValid()) { chain.doFilter(request, response); } else { HttpServletResponse resp = (HttpServletResponse) response; resp.sendRedirect("index.xhtml"); } } The UserService is just a stateless EJB that handles persistence. Part of the JSF for user area: <h:form> <p:panelMenu> <p:submenu label="Items"> <p:menuitem value="Add item" action="#{userItens.addItems}" ajax="false"/> <p:menuitem value="My items" /> </p:submenu> </p:panelMenu> </h:form> And finally the userItens managed bean. @ManagedBean @RequestScoped public class UserItens { private User user; @PostConstruct private void init() { HttpSession session = (HttpSession) FacesContext.getCurrentInstance() .getExternalContext().getSession(false); LoginManager loginManager = (LoginManager) session.getAttribute("loginManager"); if (loginManager != null) user = loginManager.getUser(); } public String addItems() { // Doesn't get here. Seems like UserFilter comes first, doesn't find // an user and redirects. } I'm using glassfish and session timeout is now on 0.

    Read the article

  • Passing session between jsf backing bean and model

    - by Rachel
    Background : I am having backing bean which has upload method that listen when file is uploaded. Now I pass this file to parser and in parser am doing validation check for row present in csv file. If validation fails, I have to log information and saving in logging table in database. My end goal : Is to get session information in logging bean so that I can get initialContext and make call to ejb to save data to database. What is happening : In my upload backing bean, am getting session but when i call parser, I do not pass session information as I do not want parser to be dependent on session as I want to unit test parser individually. So in my parser, I do not have session information, from parser am making call to logging bean(just a bean with some ejb methods) but in this logging bean, i need session because i need to get initial context. Question Is there a way in JSF, that I can get the session in my logging bean that I have in my upload backing bean? I tried doing: FacesContext ctx = FacesContext.getCurrentInstance(); HttpSession session = (HttpSession) ctx.getExternalContext().getSession(false); but session value was null, more generic question would be : How can I get session information in model bean or other beans that are referenced from backing beans in which we have session? Do we have generic method in jsf using which we can access session information throughout JSF Application?

    Read the article

  • Sending a password securely using gwt and app engine?

    - by user246114
    Hi, I set up session handling on a google app project. This is supposed to allow my users to login and maintain state across pages. I just dumped it into the default greeting service to try it out: public class GreetingServiceImpl extends RemoteServiceServlet implements GreetingService { public void sessionTest(String username) { HttpSession session = getThreadLocalRequest().getSession(false); session.setAttribute("username", username); } } then attempting to pull it out in my landing project.jsp page: <% String username = null; HttpSession mysession = request.getSession(false); if (mysession.getAttribute("username") != null) { username = (String)mysession.getAttribute("username"); } else { username = "(not logged in yet)"; } <p>You are: <%= username %> </p> %> It works, but I don't know how to send the data in sessionTest() securely. If I were sending the user's password in there too, it would be in the clear. This would be ok (I think) if I was using https, but google app engine does not allow you to use https under custom domains (like www.mysite.com), they have to be under the (mysite.appspot.com) domain. I'm kind of stuck here - how do we send passwords securely? If I was using php, I think I could use digest authentication (I'm not too experienced here) - can we do something like that with gwt + gae? Thanks

    Read the article

  • Jersey Rest : How to send Object to a Jersey Service class

    - by Preethi Jain
    I have this functionality in my Application implemented using Jersey Rest WebServices . Once the user is logged into the application , i am creating DTO Object and setting some User Specific Data inside it . Please let me know how can i pass this User Specific DTO Object to the Jersey Service class ?? Please note that , I dont want to use HttpSession to store Data (Because in our Application we have a facility where a User can enter with Multiple ID's in one browser as a result same sessionId will be created by the browser )

    Read the article

  • Any way to anticipate session timeout ?

    - by Tom
    Hi, Is there a way to "catch" the session timeout event, so as to retrieve data from HttpSession before its invalidated ? We're implementing the Filter Interface, and in the doFilter method, the user we stored in the session object at login is null when session times out. Thanks in advance.

    Read the article

  • Works on development server but it doesn't on Google App Engine (Sessions).

    - by grep
    Hi, I have this code that works just fine on the development server but when I deploy the application, the session isn't created. What am I doing wrong? HttpSession session = req.getSession(true); session.setAttribute("loggedIn", new String("true")); Edit: The sessions are enabled. What I realized now is that the _ah_SESSION variable is not being created, not even on the development server (although it works).

    Read the article

  • New Technical Articles on SOA, Mobile, IDM, WebLogic, Coherence

    - by OTN ArchBeat
    For your reading pleasure... In October the following items of techie goodness from members of the architect community were added to the ever-growing library of OTN technical articles. SOA in Real Life: Mobile Solutions by Jürgen Kress, Berthold Maier, Hajo Normann, Danilo Schmeidel, Guido Schmutz, Bernd Trops, Clemens Utschig-Utschig, Torsten Winterberg Consumers are no longer content to be chained to a desktop or laptop computer. This article, teh ninth chapter in the Industrial SOA series, describes ways companies can take SOA to go. [More SOA Articles] SOA and User Interfaces by Juergen Kress, Hajo Normann, Danilo Schmiedel, Guido Schmutz, Clemens Utschig-Utschig, Torsten Winterberg, and Bernd Trops The eighth chapter in the Industrial SOA series addresses the challenges of developing user interfaces in a service oriented architecture, and describes a practical application of Thomas Erl's UI Mediator pattern.[More SOA Articles] Enterprise Grade Deployment Considerations for Oracle Identity Manager AD Connector by Firdaus Fraz Oracle Fusion Middleware solution architect Firdaus Fraz illustrates provides best practice recommendations for setting up an enterprise deployment environment for the OIM connector for Microsoft Active Directory. [More Identity Management Articles] Coherence*Web: Sharing an httpSession Among Applications in Different Oracle WebLogic Clusters by Jordi Villena SOA solution architect Jordi Villena shows how easy it is to extend Coherence*Web to enable session sharing. [More SOA Articles] Multi-Factor Authentication in Oracle WebLogic by Shailesh K. Mishra Using multi-factor authentication to protect web applications deployed on Oracle WebLogic.[More Identity Management Articles] You'll find many more articles on many more topics here.

    Read the article

  • Additional new material WebLogic Community

    - by JuergenKress
    Update: Commercially Supported GlassFish VersionsAquarium blogger David Delabassee shares background information and links to where you can download the recently released GlassFish Server Bundle Patch 3.1.2.8. Read the article. Announcing WebLogic on Oracle Database Appliance 2.7Oracle WebLogic Server on Oracle Database Appliance 2.7 offers a complete solution for building and deploying enterprise Java EE applications in a fully integrated system of software, servers, storage, and networking that delivers highly available database and WebLogic services. Learn more. APAC Partner iDay: What's New in Oracle WebLogic, 8-Apr 12 noon SG/2pm AEDT/9:30 IST - Invite your Partners - Register Virtual Developer Conference:  Creating a Foundation for Cloud Applications using Oracle WebLogic and Oracle Coherence - OnDemand Webcast: WebLogic Configuration using Chef and Puppet - On-Demand Podcast Series: Part 3 - Oracle WebLogic Server and Oracle Database Integration - Podcast Coherence*Web: Sharing an httpSession Among Applications in Different Oracle WebLogic Clusters SOA solution architect Jordi Villena shows how easy it is to extend Coherence*Web to enable session sharing. Read the article. Multi-Factor Authentication in Oracle WebLogic Using multi-factor authentication to protect web applications deployed on Oracle WebLogic. Read the article. Video: Coherence Community on Java.net - 4 Projects available under CDDL-1.0 Brian Oliver (Senior Principal Solutions Architect, Oracle Coherence) and Randy Stafford (Architect At-Large, Oracle Coherence Product Development) discuss the evolution of the Oracle Coherence Community on Java.net and how you can actively participate in open source Coherence Community projects. Watch the video. Working with Oracle Security Token Service in an Architecture Involving Oracle WebLogic Server and Oracle Service Bus Oracle Fusion Middleware specialist Ronaldo Fernandes takes you step by step through the process of creating a single sign-on between Oracle WebLogic and Oracle Service Bus using Oracle Security Token Service (OSTS) to generate SAML tokens. Read the article. WebLogic Partner Community For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Wiki Technorati Tags: WebLogic,WebLogic Community,Oracle,OPN,Jürgen Kress,

    Read the article

  • Tyrus 1.3

    - by Pavel Bucek
    I’m pleased to announce that new version of Tyrus was released today. It contains some interesting features, like asynchronous handling of connectToServer method call, optimised broadcast support and lots of stability and performance improvements. As previously – I will follow with more blog posts about selected features later. Some of them are already described in updated User guide. Complete list of bugfixes and new featuresTYRUS-262: @OnOpen fails for programmatically deployed annotated endpoint.TYRUS-261: Text decoder disables Binary decoder if both are configured for the same server endpoint; endpoint cannot receive binary messages anymore.TYRUS-248: Consolidate Extension representationTYRUS-258: Tyrus always creates HTTP sessionTYRUS-251: DecodeException is not passed to @OnError methodTYRUS-252: encoder for primitive types cannot be overridden.TYRUS-250: Sec-WebSocket-Protocol header cannot be present when there is no negotiated subprotocolTYRUS-249: WebSocketContainer MaxSessionIdleTimeout is not propagated to Session (server side)TYRUS-257: Async timeout value set on WebSocketContainer is not propagated to RemoteEndpoints (Session#getAsyncRemote())TYRUS-253: DecodeException is not passed to @OnError method from session.getAsyncRemote().sendObjectTYRUS-243: WebSocketContainer.connectToServer can block for secondsTYRUS-227: Build failure : AsyncBinaryTestTYRUS-226: Tyrus build error : OnCloseTestTYRUS-247: Make all samples use TestContainer for testsTYRUS-238: Refactor WebSocketEngine (SPI and Impl)TYRUS-157: Submitting tasks to an injected ManagedExecutorService in a ServerEndpoint does not workTYRUS-137: Improve subprotocols/extensions headers parsingTYRUS-133: Some Broadcast(er) API is needed in order to opmtimize chat-like usecasesTYRUS-245: ServerEndpointConfig#getConfiigurator returns Configurator not used when getNegotiatedExtensions has been called.TYRUS-240: clean up duplicated static fields (strings)TYRUS-230: When Session is invalidated, the close reason is not 1006TYRUS-190: Remove TyrusServetServerContainer (merge with TyrusServerContainer)TYRUS-65: Implement common utilities for testingTYRUS-242: Tyrus does not run on JDK8 compact2 profileTYRUS-237: RemoteEndpoint.Async#sendBinary does not throw IllegalArgumentException when data is nullTYRUS-239: Improve WebSocketEngine ByteBuffer handlingTYRUS-232: Refactor grizzly/servlet container – Tyrus-SPITYRUS-235: Fix findbugs errors in tests/servletTYRUS-234: Remove support for older protocol versionTYRUS-229: Session#setMaxIdleTimeout() will kill the session whether or not the session actually timed outTYRUS-225: Invalidation of (Servlet) HttpSession does not invalidate WebSocket SessionTYRUS-153: Static map in TyrusRemotEndpointTYRUS-201: Wrong ServletInputStream#isReady() usage in TyrusHttpUpgradeHandlerTYRUS-224: Refactor Connection#write and ConnectionImpl to use CompletionHandler only (no Future)TYRUS-221: wss:// doesn’t appear to function correctly via a http proxy.TYRUS-146: Support request from client to secured services (“wss”)TYRUS-223: Message can be writen multiple times when running on Servlet container TYRUS-71: ErroCollector not properly used in AnnotatedEndpoint class. Tyrus 1.3 will be integrated in Glassfish trunk soon – you can download nightly build or upgrade to newer Tyrus manually (replace all Tyrus jars).

    Read the article

  • Java basic authorization with URLConnection

    - by zigomir
    Hello! I'm opening a connection to WebService with an URLConnection class. I also set request property for basic authorization like this: c.setRequestProperty("Authorization", "Basic " + usernameAndPasswordEncoded); Where c is an object of type URLConnection. So this is client side of WebService call. Now on server side I need to get username from session: User user = (User) request.getSession().getAttribute("user"); But this won't get an username. Also if I look through debug mode, I see an anonymous userName in HttpSession object. What to do to solve this problem, so that username is sent through client to WebService server for authorization? Thanks everyone!

    Read the article

  • Enabling full documentation for J2EE in eclipse

    - by maayank
    I'm new to Eclipse and am using it currently to play with J2EE. When using Ctrl+Space for types/functions from the regular Java libraries I get a full description (i.e. general description of the type, what are the arguments of the method for, etc.). However I don't get the same for J2EE types. For example, when using Ctrl+Space on methods of the HttpSession class I get only names like "arg0" or "obj" and no description. Is there some kind of a package I can install to remedy this?

    Read the article

  • Java Jersey RESTful services

    - by pHk
    Rather new to REST and Jersey, and I'm trying out some basic examples. I've got one particular question though, which I haven't really found an answer for yet (don't really know how to look for this): how would you go about storing/defining common services so that they are stateful and accessible to all/some resources? For instance, a logger instance (Log4J or whatever). Do I have to manually initialize this and store it in the HttpSession? Is there a "best practice" way of doing this so that my logger is accessible to all/some resources? Thanks a lot.

    Read the article

  • Getting Session in Http Handler ashx

    - by prakash
    Hi All, I am using Http Handler ashx file for showing the images. I was using Session object to get image and return in the response Now problem is i need to use custom Session object its nothing but the Wrapper on HttpSession State But when i am trying to get existing custom session object its creating new ... its not showing session data , i checked the session Id which is also different Please adive how can i get existing session in ashx file ? Note: When i use ASP.NET Sesssion its working fine [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] public class GetImage : IHttpHandler, System.Web.SessionState.IRequiresSessionState {

    Read the article

  • How to override j_security_check in glassfish?

    - by Alex B
    I'm currently using FORM based authentication in glassfish v2.1 to log users in and it works fine. I want to switch to ProgrammaticLogin and I want to be able to get the initially requested URL (i.e. before redirecting to login page) and use it in my programmatic login code so that the user is redirected back to the requested page after authentication. I've seen the source code for j_security_check - in my case that's FormAuthenticator (catalina codebase) and it saves the initial request in a SavedRequest object in the session but that session is a StandardSession rather than HttpSession so there's no direct way to access it. Or should I change the authentication mechanism from FORM to something else? Thanks!

    Read the article

  • How to make Requests HttpOnly in strus1.1 [on hold]

    - by WSDL
    I am using struts1.2 with jboss4 sever.I have to make my requests HttpOnly.How do I make this with jobss4 and struts1.2.Please Help me .It is urgent private void validateToken(HttpServletRequest request, HttpServletResponse response) { HttpSession session = request.getSession(true); String token = (String)session.getAttribute(TOKEN_KEY); if (token == null) { token = getRandomString(); session.setAttribute(TOKEN_KEY, token); // System.out.println("Executing the Filter............XSS1"); response.addHeader("Set-Cookie", "httpOnly"); } } private String getRandomString() { return String.valueOf(System.currentTimeMillis()); }

    Read the article

  • Using a Session Scoped Bean

    - by jboyd
    The following code is returning null: private MyAppUser getMyAppUser(HttpSession session) { MyAppUser myAppUser = (MyAppUser) session.getAttribute("myAppUserManager"); return myAppUser; } Despite the fact that I have the following in my context: <bean id="myAppUserManager" class="com.myapp.profile.MyAppUser" scope="session"/> This doesn't make any sense to me, the "myAppUser" bean is a bean that absolutely can never be null, and I need to be able to reference it from controllers, I don't need it in services or repositories, just controllers, but it doesn't seem to be getting stored in the session, the use case is extremely simple, but I haven't been able to get to the bottom of what's wrong, or come up with a good workaround

    Read the article

  • New Session is created between consecutive servlet request from an Applet and a managed bean??

    - by khue
    Hi, I want to pass parameters betweeen applet and jsf components So when a value of a input textbox changed, its binding backing bean makes connection to a servlet. The servlet create an attribute and save to HttpSession using (request.getSession(true)).setAttribute(name, value); Then at some event, applet will access another servlet. This servlet will try to retrieve the Attribute saved to Session previously. However, everytime, the attirbute returned is null as the new session is created instead. My question is: Is the session should be persist? ( I checked allowcookies, session timeout for weblogic) If yes, what might go wrong with my app? Thanks a lot for your help. Regards K.

    Read the article

  • Is there anyway to bring web @Context into JUnit (CXF+Spring)

    - by Sudheer
    I am trying to create unit test environment to test RESTFul services (cfx+spring) in my dev environemnt. To test RESTFul Services, I require @Context within JUnit test cases. @Context should contain HttpRequest, HttpSession, ServletContext, ServletConfig and all other webserver related information. I have setup the JUnit for the above, but when I run, @Context is coming as null. This could be because there is no webserver running and there is no @Context. I am just doubting whether there is a way to created sample web @Context and pass to JUnit. Any other ideas are welcome to bring web @Context into JUnit test cases. Thank you, Sudheer

    Read the article

  • how to apply filters in jsf

    - by johnbritto
    Hi I have filter code Page not Found error while any client request for Jsf Page in my Jsf application.I dont Know How to Fix this issue This is My Filter Code: HttpServletRequest req =(HttpServletRequest)request; HttpServletResponse res =(HttpServletResponse)response; HttpSession ses = req.getSession(true); String pageRequested =req.getRequestURL().toString(); if (ses.getAttribute("userDetails")!=null) { fc.doFilter(request,response); }else{ RequestDispatcher dis = request.getRequestDispatcher(LOGIN_PAGE); dis.forward(request,response); } This code inside the DoFilter Method I done all The settings in Web.xml deployment Descriptor

    Read the article

  • JSP Problem ussing implicit object (session) in a function

    - by user234666
    Can the object of type HttpSession called session be accessed from a function? In a simple jsp page I have a function(see below) defined in the header of the page, and set to an onclick handle of for a button. When I press this button, I'll never see the second alert message. If I do something in the body of the page (like Session ID: <%= session.getId() % ) I have no trouble accessing it. What newbie mistake am I making? function doTest() { alert('Preforming test 122333232'); String sessionId = session.getId(); alert('After access'); if(sessionId == null) { alert('session id is null?'); } Thanks

    Read the article

  • Android programming: Authentication and data exchange with Java EE

    - by Konsumierer
    I am having a Java application running in a Tomcat server using Spring, Hibernate, etc. and a two web interfaces, one implemented in Tapestry 5 and the other one using Flex with BlazeDS and Spring-BlazeDS. In my first android application I would now like to log in to the server and retrieve some data. I´m wondering how I could achieve this in a secure way. First of all I need to know which technology is the best to retrieve data from the server and how can I restrict the access to users only that have been successfully authenticated. With what I read until now I would try to implement a HTTPServlet on the server and make server calls via HTTP Client. In the servlet I could probably use the HTTPSession to check if the request comes from an authenticated user. And the data I would try to send serialized (JSON). Unfortunately, I´ve never done those things and maybe I´m on the wrong way and there are more comfortable solutions.

    Read the article

< Previous Page | 1 2 3  | Next Page >