Re: Valves, requests and getting the session
Mmm. It would appear I can only get the session if the value is defined in the Context in server.xml. Ie I cannot define it in the default location in server.xml (where the catalina SingleSIgnOn is commented) and expect it to work. Is this correct? And if so, can I achieve what I want to, ie a valve for all contexts? John On Sunday 30 June 2002 21:38, John Baker wrote: On Sunday 30 June 2002 9:35 pm, Craig R. McClanahan wrote: Hmm ... this is baslically how the standard form-based login implementation creates a session, except that it goes on and gets the internal Session object ... That's what I thought. I presume you're trying to create the session *before* calling context.invokeNext(), right? If you don't the response will have already been committed so creating a new session would be ineffective. Yes, I am. I need to check to see if certain objects are in the session and if not, see if they are in another session that is pointed to by the Cookie id. It's like SingleSignOn, but slightly different. However I'm a bit confused to why I can't get a session, even when the rest of the app (the jsp pages etc) are making good use of it., The headers also show the session id, but oddly enough calling HttpServletRequest.SessionIdFromCookie() returns true, but HttpServletRequest.isRequestSessionIdvalid() returns false! John -- John Baker, BSc CS. Java Developer, TEAM/Slb. http://www.teamenergy.com Views expressed in this mail are my own. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Valves, requests and getting the session
Hi, Yes, I am. I need to check to see if certain objects are in the session and if not, see if they are in another session that is pointed to by the Cookie id. It's like SingleSignOn, but slightly different. However I'm a bit confused to why I can't get a session, even when the rest of the app (the jsp pages etc) are making good use of it., The headers also show the session id, but oddly enough calling HttpServletRequest.SessionIdFromCookie() returns true, but HttpServletRequest.isRequestSessionIdvalid() returns false! Maybe this is a similar problem I had when trying to fix the bug described in my previous posting: the Context is not yet set (HttpRequestBase.setContext()) at that stage - thus HttpServletRequest.isRequestSessionIdValid() will return false (see implementation of isRequestSessionIdValid()). Henner. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Valves, requests and getting the session
On Monday 01 July 2002 10:43, Henner Zeller wrote: Hi, Yes, I am. I need to check to see if certain objects are in the session and if not, see if they are in another session that is pointed to by the Cookie id. It's like SingleSignOn, but slightly different. However I'm a bit confused to why I can't get a session, even when the rest of the app (the jsp pages etc) are making good use of it., The headers also show the session id, but oddly enough calling HttpServletRequest.SessionIdFromCookie() returns true, but HttpServletRequest.isRequestSessionIdvalid() returns false! Maybe this is a similar problem I had when trying to fix the bug described in my previous posting: the Context is not yet set (HttpRequestBase.setContext()) at that stage - thus HttpServletRequest.isRequestSessionIdValid() will return false (see implementation of isRequestSessionIdValid()). Yes, I was thinking this when I read your mail. I'm now putting a valve in each relevant Context and using a static Hashtable. Sick, I know, but it seems I have no other choice for now. John -- John Baker, BSc CS. Java Developer, TEAM/Slb. http://www.teamenergy.com Views expressed in this mail are my own. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Valves, requests and getting the session
On Mon, 1 Jul 2002, John Baker wrote: Date: Mon, 1 Jul 2002 09:20:44 +0100 From: John Baker [EMAIL PROTECTED] Reply-To: Tomcat Developers List [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Subject: Re: Valves, requests and getting the session Mmm. It would appear I can only get the session if the value is defined in the Context in server.xml. Ie I cannot define it in the default location in server.xml (where the catalina SingleSIgnOn is commented) and expect it to work. Ack, you're right ... placement is important, and I missed that subtlety in your original problem description. The SingleSignOn valve is embedded in the Host element, so that it sees all the requests for all the webapps installed on that host. As a consequence of this, the valve is invoked before the appropriate Context has been selected (which is done by StandardHostValve, which is always last on the valves used by the Host). Therefore, you won't be able to directly access the session for this request yet, because we don't yet know which webapp will process the request (and therefore what set of sessions are relevant). One workaround is to put your valve inside each Context element (either directly or -- I think this works, but have never tried it -- by embedding them in a DefaultContext that sets the properties for all contexts in that host. Is this correct? And if so, can I achieve what I want to, ie a valve for all contexts? You can see how SingleSignOn had to deal with this to identify the relevant sessions (register itself as a session event listener). I don't know how applicable this is to your specific requirements -- but placement of the SingleSignOn valve under the host is one of the considerations that led me to the use of a second cookie to carry the user identity across the webapps that it applies to. John Craig On Sunday 30 June 2002 21:38, John Baker wrote: On Sunday 30 June 2002 9:35 pm, Craig R. McClanahan wrote: Hmm ... this is baslically how the standard form-based login implementation creates a session, except that it goes on and gets the internal Session object ... That's what I thought. I presume you're trying to create the session *before* calling context.invokeNext(), right? If you don't the response will have already been committed so creating a new session would be ineffective. Yes, I am. I need to check to see if certain objects are in the session and if not, see if they are in another session that is pointed to by the Cookie id. It's like SingleSignOn, but slightly different. However I'm a bit confused to why I can't get a session, even when the rest of the app (the jsp pages etc) are making good use of it., The headers also show the session id, but oddly enough calling HttpServletRequest.SessionIdFromCookie() returns true, but HttpServletRequest.isRequestSessionIdvalid() returns false! John -- John Baker, BSc CS. Java Developer, TEAM/Slb. http://www.teamenergy.com Views expressed in this mail are my own. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Valves, requests and getting the session
I don't know if you've considered this, but why not just make a Filter (ala Servlet 2.3) instead of a valve? They are more portable to other containers and should have less quirky behavior than you see now with valves. I use a filter to do a very similar operation where I check the session for certain values and load it up with other things to send downstream to the target servlet. russ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Valves, requests and getting the session
On Monday 01 July 2002 6:49 pm, Craig R. McClanahan wrote: One workaround is to put your valve inside each Context element (either directly or -- I think this works, but have never tried it -- by embedding them in a DefaultContext that sets the properties for all contexts in that host. That's what I did, with a static Hashtable to bridge the different instances. Not perfect, but it works very nicely now! John -- John Baker, BSc CS. Java Developer, TEAM Slb. (http://www.teamenergy.com/) The views expressed in this mail are my own. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Valves, requests and getting the session
Hello. I'm am trying to write a Valve, very much like SingleSignOn but for our authetnication system that uses more than just a username and password. I want my Valve to pass login information from one Session to another when a user uses different webapps (Contexts). I am nearly there codewise, but have a small problem. I do not seem to be able to get the session from the request! I've tried calling request.getSession() and request.getSession(true) yet both return null. It's hardly worth pasting, but: public void invoke(Request request, Response response, ValveContext context) throws IOException, ServletException { System.out.println( ((HttpRequest)request).getSession(true) ); Will always print null. I assume I can get at the session from this level and I'm obviously doing something dumb. Are there any obvious things I should check? Thanks John Baker -- John Baker, BSc CS. Java Developer, TEAM Slb. (http://www.teamenergy.com/) The views expressed in this mail are my own. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Valves, requests and getting the session
--- John Baker [EMAIL PROTECTED] wrote: Hello. I'm am trying to write a Valve, very much like SingleSignOn but for our authetnication system that uses more than just a username and password. I want my Valve to pass login information from one Session to another when a user uses different webapps (Contexts). I am nearly there codewise, but have a small problem. I do not seem to be able to get the session from the request! I've tried calling request.getSession() and request.getSession(true) yet both return null. It's hardly worth pasting, but: public void invoke(Request request, Response response, ValveContext context) throws IOException, ServletException { System.out.println( ((HttpRequest)request).getSession(true) ); Will always print null. Shouldn't you be using this instead? (HttpServletRequest request, HttpServletResponse response, ValveContext context) Also, why are you casting HttpSession to HttpRequest? That should cause an exception since HttpServletRequest extends ServletRequest and HttpSession doesn't extend either interface. peter lin __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Valves, requests and getting the session
On Sunday 30 June 2002 7:32 pm, Peter Lin wrote: --- John Baker [EMAIL PROTECTED] wrote: Hello. I'm am trying to write a Valve, very much like SingleSignOn but for our authetnication system that uses more than just a username and password. I want my Valve to pass login information from one Session to another when a user uses different webapps (Contexts). I am nearly there codewise, but have a small problem. I do not seem to be able to get the session from the request! I've tried calling request.getSession() and request.getSession(true) yet both return null. It's hardly worth pasting, but: public void invoke(Request request, Response response, ValveContext context) throws IOException, ServletException { System.out.println( ((HttpRequest)request).getSession(true) ); Will always print null. Shouldn't you be using this instead? (HttpServletRequest request, HttpServletResponse response, ValveContext context) Err, the inteface Valve clearly defines: public void invoke(Request request, Response response, ValveContext context) throws IOException, ServletException; Also, why are you casting HttpSession to HttpRequest? I'm not, I'm casting request to HttpRequest so I can call getSession. I did cut some of my code but I do check to make sure request can be casted. See org.apache.catalina.authenticator.AuthenticationBase and the method getSession(HttpRequest request, boolean create); as this gives a clear example of what I'm trying to do. yet it doesnt work for me! John -- John Baker, BSc CS. Java Developer, TEAM Slb. (http://www.teamenergy.com/) The views expressed in this mail are my own. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Valves, requests and getting the session
On Sun, 30 Jun 2002, John Baker wrote: Date: Sun, 30 Jun 2002 19:00:18 +0100 From: John Baker [EMAIL PROTECTED] Reply-To: Tomcat Developers List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Valves, requests and getting the session Hello. I'm am trying to write a Valve, very much like SingleSignOn but for our authetnication system that uses more than just a username and password. I want my Valve to pass login information from one Session to another when a user uses different webapps (Contexts). I am nearly there codewise, but have a small problem. I do not seem to be able to get the session from the request! I've tried calling request.getSession() and request.getSession(true) yet both return null. It's hardly worth pasting, but: public void invoke(Request request, Response response, ValveContext context) throws IOException, ServletException { System.out.println( ((HttpRequest)request).getSession(true) ); Will always print null. I assume I can get at the session from this level and I'm obviously doing something dumb. Are there any obvious things I should check? Try this slight variation (based on what Catalina does in the getSession() method of AuthenticatorBase): HttpServletRequest hrequest = (HttpServletRequest) request.getRequest(); HttpSession session = hrequest.getSession(true); The code you quoted above shouldn't actually compile, because you're calling getSession() on the internal HttpRequest interface, but there is no getSession() method on that interface. You need the extra getRequest() call to get to the HttpServletRequest object that would be handed to a servlet -- that's the one with the getSession() method that operates as you need it to. Thanks John Baker Craig -- John Baker, BSc CS. Java Developer, TEAM Slb. (http://www.teamenergy.com/) The views expressed in this mail are my own. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Valves, requests and getting the session
On Sunday 30 June 2002 9:25 pm, Craig R. McClanahan wrote: Will always print null. I assume I can get at the session from this level and I'm obviously doing something dumb. Are there any obvious things I should check? Try this slight variation (based on what Catalina does in the getSession() method of AuthenticatorBase): HttpServletRequest hrequest = (HttpServletRequest) request.getRequest(); HttpSession session = hrequest.getSession(true); Already tried that, and sadly it didnt work :( The code you quoted above shouldn't actually compile, because you're calling getSession() on the internal HttpRequest interface, but there is no getSession() method on that interface. You need the extra getRequest() call to get to the HttpServletRequest object that would be handed to a servlet -- that's the one with the getSession() method that operates as you need it to. Yea I know, I copied rather than pasting and mistyped the casting. The mystery goes on. John -- John Baker, BSc CS. Java Developer, TEAM Slb. (http://www.teamenergy.com/) The views expressed in this mail are my own. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Valves, requests and getting the session
On Sun, 30 Jun 2002, John Baker wrote: Date: Sun, 30 Jun 2002 21:27:36 +0100 From: John Baker [EMAIL PROTECTED] Reply-To: Tomcat Developers List [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Subject: Re: Valves, requests and getting the session On Sunday 30 June 2002 9:25 pm, Craig R. McClanahan wrote: Will always print null. I assume I can get at the session from this level and I'm obviously doing something dumb. Are there any obvious things I should check? Try this slight variation (based on what Catalina does in the getSession() method of AuthenticatorBase): HttpServletRequest hrequest = (HttpServletRequest) request.getRequest(); HttpSession session = hrequest.getSession(true); Already tried that, and sadly it didnt work :( The code you quoted above shouldn't actually compile, because you're calling getSession() on the internal HttpRequest interface, but there is no getSession() method on that interface. You need the extra getRequest() call to get to the HttpServletRequest object that would be handed to a servlet -- that's the one with the getSession() method that operates as you need it to. Yea I know, I copied rather than pasting and mistyped the casting. The mystery goes on. Hmm ... this is baslically how the standard form-based login implementation creates a session, except that it goes on and gets the internal Session object ... I presume you're trying to create the session *before* calling context.invokeNext(), right? If you don't the response will have already been committed so creating a new session would be ineffective. John Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Valves, requests and getting the session
On Sunday 30 June 2002 9:35 pm, Craig R. McClanahan wrote: Hmm ... this is baslically how the standard form-based login implementation creates a session, except that it goes on and gets the internal Session object ... That's what I thought. I presume you're trying to create the session *before* calling context.invokeNext(), right? If you don't the response will have already been committed so creating a new session would be ineffective. Yes, I am. I need to check to see if certain objects are in the session and if not, see if they are in another session that is pointed to by the Cookie id. It's like SingleSignOn, but slightly different. However I'm a bit confused to why I can't get a session, even when the rest of the app (the jsp pages etc) are making good use of it., The headers also show the session id, but oddly enough calling HttpServletRequest.SessionIdFromCookie() returns true, but HttpServletRequest.isRequestSessionIdvalid() returns false! John -- John Baker, BSc CS. Java Developer, TEAM Slb. (http://www.teamenergy.com/) The views expressed in this mail are my own. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]