Hello,
I'm just new to tomcat and using it as container implementation in
JBOSS. I have the 2 following wonders:
1. I have to implement a session management jsp module where an admin
user has to be able to logoff users at demand.
I see in the J2EE spec that getSessionContext is going to be removed and
implemented w/ dummy code in tomcat StandardSession.
I did some tries with HttpSessionListener and BindingListener, they work
fine but it still does not allow me to allow the equivalent of a
getSession(id).invalidate since tomcat only advertises the facade
session object.
So I did patch the tomcat code to do what these APIs were supposed to do
in the previous spec. 2 questions then
a. is there another cleaner way to do so ?
b. if I do so, what security breach do I expose my http server to ? I
understand it can allow a remove servlet to get all my sessions and play
with it, but if I don't allow remoting, is there any other SECurity
problem besides this one ?
2. I also have the requirement to list the JAAS user associated with
each session, so I could use some session cookies here yet I saw the
catalina.Session.getPrincipal API. am I supposed to be able to call it
on the fly to get my JAAS principal ?
rigth now I'm doing the following:
/*Http*/ Session httpSession = (Session)
sessionContext.getSession(id);
String username = httpSession.getPrincipal().getName();
and tomcat raises the following exception:
2004-08-16 17:14:33,690 INFO
[org.jboss.security.plugins.JaasSecurityManagerService] Created
[EMAIL PROTECTED]
2004-08-16 17:14:33,690 INFO
[org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy,
[EMAIL PROTECTED]
2004-08-16 17:14:33,690 INFO
[org.jboss.security.plugins.JaasSecurityManagerService] Added
gem_server, [EMAIL PROTECTED] to
map
2004-08-16 17:14:40,319 ERROR [org.jboss.web.localhost.Engine]
StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw
exception
org.apache.jasper.JasperException
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:254)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
...
2004-08-16 17:14:40,329 ERROR [org.jboss.web.localhost.Engine] -----
Root Cause -----
java.lang.NullPointerException
at org.apache.jsp.se_jsp._jspService(se_jsp.java:59)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137)
is there any way I can access this public API for a correct result ?
Thanks for help,
Sebastien.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
