Yes, that would work, except that I cannot obtain a reference to a
RoleManager or a UserManager. When, in my valueUnbound() method, I do the
lookup that you illustrated, I get the exception:
javax.naming.NamingException: Not in an application scope - start Orion with
the -userThreads switch if using user-created threads
at com.evermind.server.g3.bi(JAX)
at com.evermind.naming.jx.lookup(JAX)
at javax.naming.InitialContext.lookup(Unknown Source)
...
This problem of wanting to get rid of EJBs when HttpSessions expire must be
quite fundamental when developing J2EE applications, mustn't it? If people
are not binding their EJBs to HttpSessions, how're they maintaining
references to SBs from the servlet layer???
Gerald.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Juan Lorandi
(Chile)
Sent: Thursday, March 22, 2001 12:35 PM
To: Orion-Interest
Subject: RE: Removing SBs when expiring HttpSessions ... the challenge
continues.
Just a tought: impersonate a role within the SB's method remove instead of
reliying on interactive login:
public void remove() .... {
//get UserManager
UserManager um = ic.lookup("java:comp/UserManager");
um.login("mySecuritySafeUser","thePassWd");
this.myejbref.remove();
}
I haven't tried this, but I guess it should work, specially if auto-sessions
are on...
HTH,
JP
> -----Original Message-----
> From: Gerald Gutierrez [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 22, 2001 3:05 PM
> To: Orion-Interest
> Subject: Removing SBs when expiring HttpSessions ... the challenge
> continues.
>
>
>
> When an HttpSession expires, it calls valueUnbound() on all
> session-bound
> variables that implement the HttpSessionBindingListener
> interface. So this
> provides a way for expiring HTTP sessions to remove session
> beans that would
> otherwise stay active and eventually consume all resources
> and cause the
> server to crash.
>
> The reasonable thing to do is to call ejb.remove() (and whatever other
> methods) within the valueUnbound() method so that the SB can
> clean up and be
> removed on the event.
>
> HOWEVER, if the SB is protected by security constraints,
> calling methods on
> the SB causes either NullPointerExceptions, or SecurityExceptions.
>
> In my case, I have a HttpSession which has bound an SB, which
> in turn has a
> reference to an EB. When the session expires, I need to
> remove the SB, which
> in turn must call a method on the EB. If I attempt to just
> call sb.remove(),
> the ejbRemove() method is called but a NullPointerException
> is thrown in the
> EB's wrapper. If I call getCallerPrincipal() in the SB first
> (which returns
> me the "guest" user), then call the EB, a SecurityException is thrown.
> Ignoring the fact that the different exceptions may be an
> Orion bug, the
> fact still remains that the "guest" user is calling the SB
> when calling
> through the valueUnbound() method.
>
> SO, the question, once again, is: When an HttpSession
> expires, what's the
> proper way to cleanup and remove the EJBs that are bound to
> that session?
>
>
>
> Gerald.
>
>
