We take a fundamentally different approach. We define the session in the
EJB world. In other words, we have a UserSession Entity Bean. This bean
is used much the way that HttpSessions are used, but it exists within the
container world. We then store the UID (primary key) of the UserSession
entity bean in the HttpSession. Then *every* call to our Session Beans,
which are all stateless, includes the UserSessionPK as the first parameter.
This way, the SB's can grab the UserSession when they need it, as can the
servlet commands if need be. We do not care if HttpSessions "disappear",
since UserSession have their own timeout management, and we simply intend
to "sweep" them periodically with a simple cron task. And it is a trivial
matter to have the servlet register a listener on HttpSession timeouts and
have that listener tell the UserSession manager to expire the UserSession.
The other advantage here is that we could easily abandon HttpSession all
together, and simply store the UserSession Primary Key in a cookie or in
the URL itself, since it is just a 16 char string.
tim.
> Yes, that would work, except that I cannot obtain a reference to a
> RoleManager or a UserManager. When, in my valueUnbound() method, I do the
> lookup that you illustrated, I get the exception:
>
> javax.naming.NamingException: Not in an application scope - start Orion with
> the -userThreads switch if using user-created threads
> at com.evermind.server.g3.bi(JAX)
> at com.evermind.naming.jx.lookup(JAX)
> at javax.naming.InitialContext.lookup(Unknown Source)
> ...
>
> This problem of wanting to get rid of EJBs when HttpSessions expire must be
> quite fundamental when developing J2EE applications, mustn't it? If people
> are not binding their EJBs to HttpSessions, how're they maintaining
> references to SBs from the servlet layer???
>
>
> Gerald.
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Juan Lorandi
> (Chile)
> Sent: Thursday, March 22, 2001 12:35 PM
> To: Orion-Interest
> Subject: RE: Removing SBs when expiring HttpSessions ... the challenge
> continues.
>
>
> Just a tought: impersonate a role within the SB's method remove instead of
> reliying on interactive login:
>
> public void remove() .... {
> //get UserManager
> UserManager um = ic.lookup("java:comp/UserManager");
> um.login("mySecuritySafeUser","thePassWd");
> this.myejbref.remove();
> }
>
> I haven't tried this, but I guess it should work, specially if auto-sessions
> are on...
>
> HTH,
>
> JP
>
> > -----Original Message-----
> > From: Gerald Gutierrez [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, March 22, 2001 3:05 PM
> > To: Orion-Interest
> > Subject: Removing SBs when expiring HttpSessions ... the challenge
> > continues.
> >
> >
> >
> > When an HttpSession expires, it calls valueUnbound() on all
> > session-bound
> > variables that implement the HttpSessionBindingListener
> > interface. So this
> > provides a way for expiring HTTP sessions to remove session
> > beans that would
> > otherwise stay active and eventually consume all resources
> > and cause the
> > server to crash.
> >
> > The reasonable thing to do is to call ejb.remove() (and whatever other
> > methods) within the valueUnbound() method so that the SB can
> > clean up and be
> > removed on the event.
> >
> > HOWEVER, if the SB is protected by security constraints,
> > calling methods on
> > the SB causes either NullPointerExceptions, or SecurityExceptions.
> >
> > In my case, I have a HttpSession which has bound an SB, which
> > in turn has a
> > reference to an EB. When the session expires, I need to
> > remove the SB, which
> > in turn must call a method on the EB. If I attempt to just
> > call sb.remove(),
> > the ejbRemove() method is called but a NullPointerException
> > is thrown in the
> > EB's wrapper. If I call getCallerPrincipal() in the SB first
> > (which returns
> > me the "guest" user), then call the EB, a SecurityException is thrown.
> > Ignoring the fact that the different exceptions may be an
> > Orion bug, the
> > fact still remains that the "guest" user is calling the SB
> > when calling
> > through the valueUnbound() method.
> >
> > SO, the question, once again, is: When an HttpSession
> > expires, what's the
> > proper way to cleanup and remove the EJBs that are bound to
> > that session?
> >
> >
> >
> > Gerald.
> >
> >
>
>
