Java web application object dispatching
Question
Is HttpSession object available to all the applications that is running in the same java enterprise application server?
For my work, i have login application which does the authentication and then it will be forwarded to another application.In Second application, filter is added to prevent the direct access to the URL
ServletContext - gets only the context of the current webapplication.
What is the correct approach to handle this scenario?
3 answers
solution1
1 ACCPTED 2013-09-06 14:55:04
The HttpSession objects are scoped at the application (or servlet context) level.
An excerpt from Java™ Servlet Specification :
HttpSession objects must be scoped at the application (or servlet context) level. The underlying mechanism, such as the cookie used to establish the session, can be the same for different contexts, but the object referenced, including the attributes in that object, must never be shared between contexts by the container.
To illustrate this requirement with an example: if a servlet uses the RequestDispatcher to call a servlet in another Web application, any sessions created for and visible to the servlet being called must be different from those visible to the calling servlet.
An approach to handle this scenario:
You can get access to the resources available for one servlet context from the other by using servletContext.getContext("/otherWebappContext") method as below:
request.setAttribute("userToken", <token>);
RequestDispatcher requestDispatcher = getServletContext().getContext(
"/otherWebappContext").getRequestDispatcher("/resource");
requestDispatcher.forward(request, response);
But any session created for the servlet being called is different from that of the calling servlet . Once the request is forwarded to the second application, it can create a new session with the data received through the request attributes.
But for security reasons, servlet containers normally prevent these cross-context operations. So you need to change the default behavior. For example, in Tomcat 6 you need to set the crossContext attribute to "true" for <Context> element in TOMCAT_HOME/conf/context.xml file as below:
<?xml version='1.0' encoding='utf-8'?>
<Context crossContext="true">
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
</Context>
solution2
0 2013-09-06 06:37:58
No HttpSession Object is not available to all the applications present in the same server. To verify,
create 2 apps, In one app use seesion.setAttribute("hello","hello"); Now run second app
if(session.getAttribute("hello")==null)
{
//some codes to check
}
else
{
//some codes to check
}
You will see if part will be executed
solution3
0 2013-09-06 06:48:35
No HttpSession objects are not shared among applications. The standard way of sharing an information among different applications in a container is to use ServletContext. The only limitation with ServletContext is that if a web applicationa is distributed between multiple JVM this will not work because context info is within one JVM.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.