Create session on Tomcat 4.1.24
Hi, I am trying to upgrade our current Tomcat 4.0.4 to Tomcat 4.1.24. After logged in our application, we store the user information as an attribute in the session. With Tomcat 4.1.24, it seems the session was not created. How can I configure tomcat 4.1.24 to create session automatically? Thanks in advance. Chiming - Do you Yahoo!? The New Yahoo! Shopping - with improved product search
RE: Create session on Tomcat 4.1.24
Howdy, Like tomcat 4.0.4, tomcat 4.1.24 creates an HttpSession when you use HttpServletRequest.getSession(). There's no magic here now, there was no magic here before. If you're running into a specific error, post details and we'll try to help ;) Yoav Shapira Millennium ChemInformatics -Original Message- From: Chiming Huang [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 10:19 AM To: Tomcat User Subject: Create session on Tomcat 4.1.24 Hi, I am trying to upgrade our current Tomcat 4.0.4 to Tomcat 4.1.24. After logged in our application, we store the user information as an attribute in the session. With Tomcat 4.1.24, it seems the session was not created. How can I configure tomcat 4.1.24 to create session automatically? Thanks in advance. Chiming - Do you Yahoo!? The New Yahoo! Shopping - with improved product search This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Create session on Tomcat 4.1.24
no magic here now, there was no magic here before. If you're running into a specific error, post details and we'll try to help ;) Yoav Shapira Millennium ChemInformatics -Original Message- From: Chiming Huang [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 10:19 AM To: Tomcat User Subject: Create session on Tomcat 4.1.24 Hi, I am trying to upgrade our current Tomcat 4.0.4 to Tomcat 4.1.24. After logged in our application, we store the user information as an attribute in the session. With Tomcat 4.1.24, it seems the session was not created. How can I configure tomcat 4.1.24 to create session automatically? Thanks in advance. Chiming - Do you Yahoo!? The New Yahoo! Shopping - with improved product search This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? The New Yahoo! Shopping - with improved product search
RE: Create session on Tomcat 4.1.24
Owdy,
And what do you see in your logs? Successful login, and then
redirection to access denied page?
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Chiming Huang [mailto:[EMAIL PROTECTED]
Sent: Friday, October 24, 2003 10:58 AM
To: Tomcat Users List
Subject: RE: Create session on Tomcat 4.1.24
Hi,
Thank you for your quick response. We are using Tomcat 4.0.4, Struts
1.0.2
for our application. In the perform() method of the logon action
class, we
get the HttpSession, say session, by calling request.getSession(). And
then store the user class by calling session.setAttribute(userinfo,
user). Also, we have a taglib to check if user has been logged on by
retrieving the session attribute userinfo. If the userinfo attribute
is
null, the taglib will forward to assess denied page. Following are the
snippets of my logon action class and the check logon taglib.
It was working fine on 4.0.4. Now with 4.1.24, after logged in, user
will
be forwarded to the access denied page.
Thanks again.
Chiming
//
public final class LogonAction extends Action
{
// Public Methods
-
/**
* Process the specified HTTP request, and create the corresponding
HTTP
* response (or forward to another web component that will create
it).
* Return an codeActionForward/code instance describing where
and
how
* control should be forwarded, or codenull/code if the
response
has
* already been completed.
*
* @param mapping The ActionMapping used to select this instance
* @param actionForm The optional ActionForm bean for this request
(if
any)
* @param request The HTTP request we are processing
* @param response The HTTP response we are creating
*
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet exception occurs
*/
public ActionForward perform(ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
Auth auth = new Auth(path);
User user = auth.authenticate(username, password);
if(user == null)
{
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError(error.password.mismatch));
}
// Report any errors we have discovered back to the original form
if (!errors.empty())
{
((LogonForm) form).setStatus(Invalid username or password);
saveErrors(request, errors);
servlet.log( ***User is not logged on in session
);
return (mapping.findForward(logon));
}
HttpSession session = request.getSession();
session.setAttribute(ConstantStrings.USER, user);
if (servlet.getDebug() = 1)
servlet.log(LogonAction: User ' + user.getUsername() +
' logged on in session + session.getId());
// Remove the obsolete form bean
if (mapping.getAttribute() != null)
{
if (request.equals(mapping.getScope()))
request.removeAttribute(mapping.getAttribute());
else
request.getSession().removeAttribute(mapping.getAttribute());
}
// Forward control to the specified success URI
return (mapping.findForward(success));
}
}
//
public final class CheckLogonTag extends TagSupport {
// - Instance Variables
/**
* The page to which we should forward for the user to log on.
*/
private String page = /logon/accessDenied.jsp;
// ---
Properties
/**
* Return the forward page.
*/
public String getPage() {
return (this.page);
}
/**
* Set the forward page.
*
* @param page The new forward page
*/
public void setPage(String page) {
this.page = page;
}
// --- Public Methods
/**
* Defer our checking until the end of this tag is encountered.
*
* @exception JspException if a JSP exception has occurred
*/
public int doStartTag() throws JspException {
return (SKIP_BODY);
}
/**
* Perform our logged-in user check by looking for the existence of
* a session scope bean under the specified name. If this bean is
not
* present, control is forwarded to the specified logon page.
*
* @exception JspException if a JSP exception has occurred
*/
public int doEndTag() throws JspException {
// Is there a valid user logged on?
boolean valid = false;
HttpSession session = pageContext.getSession();
if ((session != null) (session.getAttribute(ConstantStrings.USER)
!=
null))
valid = true;
// Forward control based on the results
if (valid)
return (EVAL_PAGE);
else {
try {
pageContext.forward(page);
} catch (Exception e) {
throw new JspException(e.toString());
}
return (SKIP_PAGE);
}
}
/**
* Release any acquired resources
Re: Create session on Tomcat 4.1.24
Hi,
In my struts-config.xml, the logon action mappings
looks like this:
action-mapping
action path=/logon
type = com.act.logon.LogonAction
name=logonForm
scope=request
input=/logon/logon.jsp
forward name=logon path=/logon/logon.jsp/
forward name=changePassword
path=/logon/changePassword.jsp/
forward name=failure
path=/logon/accessDenied.jsp/
forward name=success path=/main/main.jsp
redirect=true/
/action
The main.jsp is the page that use the check logon
taglib. If I remove the
redirect=true attribute in the forward element, it
seems to work. But why
it behaves differently (4.0.4 vs 4.1.24)? Does the
redirect=true cause a
new session to be created? Does tomcat store the
sessionid in cookie?
Thanks,
Chiming
- Original Message -
From: Shapira, Yoav [EMAIL PROTECTED]
To: Tomcat Users List
[EMAIL PROTECTED]
Sent: Friday, October 24, 2003 11:02 AM
Subject: RE: Create session on Tomcat 4.1.24
Owdy,
And what do you see in your logs? Successful login,
and then
redirection to access denied page?
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Chiming Huang [mailto:[EMAIL PROTECTED]
Sent: Friday, October 24, 2003 10:58 AM
To: Tomcat Users List
Subject: RE: Create session on Tomcat 4.1.24
Hi,
Thank you for your quick response. We are using
Tomcat 4.0.4, Struts
1.0.2
for our application. In the perform() method of
the logon action
class, we
get the HttpSession, say session, by calling
request.getSession(). And
then store the user class by calling
session.setAttribute(userinfo,
user). Also, we have a taglib to check if user has
been logged on by
retrieving the session attribute userinfo. If the
userinfo attribute
is
null, the taglib will forward to assess denied
page. Following are the
snippets of my logon action class and the check
logon taglib.
It was working fine on 4.0.4. Now with 4.1.24,
after logged in, user
will
be forwarded to the access denied page.
Thanks again.
Chiming
//
public final class LogonAction extends Action
{
// Public Methods
-
/**
* Process the specified HTTP request, and
create the corresponding
HTTP
* response (or forward to another web
component that will create
it).
* Return an codeActionForward/code
instance describing where
and
how
* control should be forwarded, or
codenull/code if the
response
has
* already been completed.
*
* @param mapping The ActionMapping used to
select this instance
* @param actionForm The optional ActionForm
bean for this request
(if
any)
* @param request The HTTP request we are
processing
* @param response The HTTP response we are
creating
*
* @exception IOException if an input/output
error occurs
* @exception ServletException if a servlet
exception occurs
*/
public ActionForward perform(ActionMapping
mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
Auth auth = new Auth(path);
User user = auth.authenticate(username,
password);
if(user == null)
{
errors.add(ActionErrors.GLOBAL_ERROR,
new
ActionError(error.password.mismatch));
}
// Report any errors we have discovered back to
the original form
if (!errors.empty())
{
((LogonForm) form).setStatus(Invalid username
or password);
saveErrors(request, errors);
servlet.log( ***User is not logged on in
session
);
return (mapping.findForward(logon));
}
HttpSession session = request.getSession();
session.setAttribute(ConstantStrings.USER, user);
if (servlet.getDebug() = 1)
servlet.log(LogonAction: User ' +
user.getUsername() +
' logged on in session + session.getId());
// Remove the obsolete form bean
if (mapping.getAttribute() != null)
{
if (request.equals(mapping.getScope()))
request.removeAttribute(mapping.getAttribute());
else
request.getSession().removeAttribute(mapping.getAttribute());
}
// Forward control to the specified success URI
return (mapping.findForward(success));
}
}
//
public final class CheckLogonTag extends TagSupport
{
// - Instance Variables
/**
* The page to which we should forward for the
user to log on.
*/
private String page =
/logon/accessDenied.jsp;
//
---
Properties
/**
* Return the forward page.
*/
public String getPage() {
return (this.page);
}
/**
* Set the forward page.
*
* @param page The new forward page
*/
public void setPage(String
