Announcement Announcement Module
Collapse
No announcement yet.
many http sessions Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • many http sessions

    Welcome!

    My client in any invocation remote method create new http session on the server.
    Why?

    Code:
    		AccountService s = (AccountService) this.factory
    				.getBean("accountService");
    		for &#40;int i = 0; i < 25; i++&#41; &#123;
    			System.out.println&#40;" > " + s.getName&#40;&#41;&#41;;
    		&#125;
    clientContext.xml
    Code:
    <beans >
    	<bean id="accountService" class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean">
    		<property name="serviceUrl">
    			<value>http&#58;//10.19.16.94&#58;8080/minimal/remote/AccountService</value>
    		</property>
    		<property name="serviceInterface">
    			<value>bmalkow.AccountService</value>
    		</property>
    		<property name="httpInvokerRequestExecutor">
    			<ref local="httpInvokerRequestExecutor"/>
    		</property>
    	</bean>
    	<!--=========================================================-->
    	<!-- ACEGI CONFIGURATION -->
    	<bean id="remoteAuthenticationProvider" class="net.sf.acegisecurity.providers.rcp.RemoteAuthenticationProvider">
    		<property name="remoteAuthenticationManager">
    			<ref bean="remoteAuthenticationManager"/>
    		</property>
    	</bean>
    	<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
    		<property name="providers">
    			<list>
    				<ref bean="remoteAuthenticationProvider"/>
    			</list>
    		</property>
    	</bean>
    	<!-- <bean id="remotingSecurityConfigurer" class="org.springframework.richclient.security.RemotingSecurityConfigurer"/> -->
    	<!-- =================== SECURITY BEANS YOU WILL RARELY &#40;IF EVER&#41; CHANGE ================== -->
    	<bean id="remoteAuthenticationManager" class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean">
    		<property name="serviceInterface">
    			<value>net.sf.acegisecurity.providers.rcp.RemoteAuthenticationManager</value>
    		</property>
    		<property name="serviceUrl">
    			<value>http&#58;//10.19.16.94&#58;8080/minimal/remote/RemoteAuthenticationManager</value>
    		</property>
    		<property name="httpInvokerRequestExecutor">
    			<ref local="httpInvokerRequestExecutor"/>
    		</property>
    		
    	</bean>
    	<!-- Automatically propagates ContextHolder-managed Authentication principal
           and credentials to a HTTP invoker BASIC authentication header -->
    	<bean id="httpInvokerRequestExecutor" class="net.sf.acegisecurity.context.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor"/>
    serverContext.xml
    Code:
    <beans>
    	<!--======  FILTERS  ======-->
    	<bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy">
    		<property name="filterInvocationDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT 
    				/**=httpSessionContextIntegrationFilter,basicProcessingFilter,rememberMeProcessingFilter
    			</value>
    		</property>
    	</bean>
    
       <bean id="rememberMeProcessingFilter" class="net.sf.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
          <property name="rememberMeServices"><ref local="rememberMeServices"/></property>
       </bean>
    	<bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
    		<property name="context">
    			<value>net.sf.acegisecurity.context.security.SecureContextImpl</value>
    		</property>
    	</bean>
    	<bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
    		<property name="authenticationManager">
    			<ref bean="authenticationManager"/>
    		</property>
    		<property name="authenticationEntryPoint">
    			<ref bean="basicAuthenticationEntryPoint"/>
    		</property>
    	</bean>
    	<!--======  REMEMBER ME BEANS  ======-->
       <bean id="rememberMeAuthenticationProvider" class="net.sf.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
          <property name="key"><value>springRocks</value></property>
       </bean>
       <bean id="rememberMeServices" class="net.sf.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
          <property name="authenticationDao"><ref bean="authenticationDao"/></property>
          <property name="key"><value>springRocks</value></property>
       </bean>	
    	<!--======  APPLICATION BEANS  ======-->
    	<bean id="accountService" class="bmalkow.AccountServiceImpl" >
    		<property name="xxx">
    			<value>tara</value>
    		</property>
    	</bean>
    	<bean id="accountServiceSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
    		<property name="authenticationManager">
    			<ref local="authenticationManager"/>
    		</property>
    		<property name="accessDecisionManager">
    			<ref local="accessDecisionManager"/>
    		</property>
    		<property name="objectDefinitionSource">
    			<value><!&#91;CDATA&#91;
    				bmalkow.AccountService.getName=ROLE_SUPERVISOR
    			&#93;&#93;></value>
    		</property>
    	</bean>
    	<!--======  LOGGER LISTENER  ======-->
    	<bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/>
    	<!--======  AUTO PROXY CREATOR  ======-->
    	<bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
    		<property name="interceptorNames">
    			<list>
    				<value>accountServiceSecurity</value>
    			</list>
    		</property>
    		<property name="beanNames">
    			<list>
    				<value>accountService</value>
    			</list>
    		</property>
    	</bean>
    	<!--======  ACCESS DECISION MANAGER  ======-->
    	<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
    		<property name="allowIfAllAbstainDecisions">
    			<value>true</value>
    		</property>
    		<property name="decisionVoters">
    			<list>
    				<ref bean="roleVoter"/>
    			</list>
    		</property>
    	</bean>
    	<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
    	<!--======  AUTHENTICATION DAO  ======-->
    	<bean id="authenticationDao" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
    		<property name="userMap">
    			<value><!&#91;CDATA&#91;
    					marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
    					dianne=emu,ROLE_TELLER
    					scott=wombat,ROLE_TELLER
    				&#93;&#93;></value>
    		</property>
    	</bean>
    	<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
    		<property name="authenticationDao">
    			<ref bean="authenticationDao"/>
    		</property>
    	</bean>
    	<!--======  REMOTE AUTHENTICATION MANAGER  ======-->
    	<bean id="remoteAuthenticationManager" class="net.sf.acegisecurity.providers.rcp.RemoteAuthenticationManagerImpl">
    		<property name="authenticationManager">
    			<ref bean="authenticationManager"/>
    		</property>
    	</bean>
    	<!--======  AUTHENTICATION MANAGER  ======-->
    	<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
    		<property name="providers">
    			<list>
    				<ref bean="daoAuthenticationProvider"/>
    				<ref local="rememberMeAuthenticationProvider"/>				
    			</list>
    		</property>
    	</bean>
    	<!--======  AUTHENTICATION ENTRY POINT  ======-->
    	<bean id="basicAuthenticationEntryPoint" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
    		<property name="realmName">
    			<value>Name Of Your Realm</value>
    		</property>
    	</bean>
    </beans>

  • #2
    This seems to me like an issue with the Acegi request executor.

    Ben, any idea?

    rgds,
    Alef

    Comment


    • #3
      I believe the HTTP Invoker form of remoting is HttpSession unaware. So a "jsessionid" is never presented by the same web services client in the HTTP Invoker HTTP request.

      This probably isn't a problem in a non-Acegi Security environment. Acegi Security is probably causing a HttpSession to be created because its HttpSessionContextIntegrationFilter is designed to use a HttpSession (creating one if one isn't already present) to store the Context between requests.

      All you need to do is remove HttpSessionContextIntegrationFilter from your request chain. With remoting you'll probably be using BASIC authentication, which directly sets the ContextHolder with the correct Authentication based on the HTTP request headers. As such, HttpSessionContextIntegrationFilter is redundent. This is discussed in more detail in the reference guide at http://acegisecurity.sourceforge.net...lterchainproxy.

      Comment

      Working...
      X