Maintaing State while using HttpInvoker

**shaby775** · Oct 9th, 2004, 08:20 AM

Hi,
I am working on a project which is rich client based (Swing) connecting to server side using http protocol. So i am using spring on server side and remoting using HttpInvoker and it is working fine and i feel i dont need EJB right now (great work spring team!). Now i am facing a problem, we want to maintain some state on server side (preferably using web http session) as we donot want to use SFSB ejb's here. I certainly want to pass that state information to my remotely exposed service object, but i donot know how to do that. I am pasting my code here so please can anybody help me?

Code:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http&#58;//www.springframework.org/dtd/spring-beans.dtd">

<!--
  - Application context definition for Petclinic on Hibernate.
	-->
<beans>
	<!-- ========================= RESOURCE DEFINITIONS ========================= -->
	<!-- JNDI DataSource for J2EE environments -->
	<bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
		<property name="jndiName"><value>java&#58;/OracleDS</value></property>
	</bean>

	<!-- Hibernate SessionFactory -->
	<bean id="sessionFactory" class="org.springframework.orm.hibernate.LocalSessionFactoryBean">
		<property name="dataSource"><ref local="dataSource"/></property>
		<property name="mappingResources">
			<value>com/sequelsys/common/model/scheduling/HolidaysSchedule.hbm.xml</value>
		</property>
		<property name="hibernateProperties">
			<props>
				<prop key="hibernate.dialect">net.sf.hibernate.dialect.Oracle9Dialect</prop>
                                <prop key="hibernate.show_sql">true</prop>
			</props>
		</property>
	</bean>

	<!-- Transaction manager for a single Hibernate SessionFactory &#40;alternative to JTA&#41; -->
	<bean id="transactionManager" class="org.springframework.orm.hibernate.HibernateTransactionManager">
		<property name="sessionFactory"><ref local="sessionFactory"/></property>
	</bean>

        <bean id="holidayScheduleDAO" class="com.sequelsys.server.scheduling.dao.HolidayScheduleDAO">
          <property name="sessionFactory"><ref local="sessionFactory"/></property>
        </bean>

	<!-- ========================= BUSINESS OBJECT DEFINITIONS ========================= -->

	<!--
		- A parent bean definition which is a base definition for transaction proxies.
		- It is markes as abstract, since it is never supposed to be instantiated itself.
		- We set shared transaction attributes here, following our naming patterns.
		- The attributes can still be overridden in child bean definitions.
		-->
	<bean id="baseTransactionProxy" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean"	abstract="true">
		<property name="transactionManager"><ref bean="transactionManager"/></property>
		<property name="transactionAttributes">
			<props>
				<prop key="get*">PROPAGATION_REQUIRED,readOnly</prop>
				<prop key="find*">PROPAGATION_REQUIRED,readOnly</prop>
				<prop key="load*">PROPAGATION_REQUIRED,readOnly</prop>
				<prop key="create*">PROPAGATION_REQUIRED</prop>
			</props>
		</property>
	</bean>

	<bean id="holidayScheduleService" parent="baseTransactionProxy">
		<property name="target">
			<bean class="com.sequelsys.server.scheduling.service.HolidayScheduleService">
                          <property name="holidayScheduleDAO"><ref local="holidayScheduleDAO"/></property>
                        </bean>
               </property>
	</bean>
</beans>

Code:

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http&#58;//www.springframework.org/dtd/spring-beans.dtd">
<beans>
  <bean name="/HolidayScheduleService" class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter">
	<property name="service"><ref bean="holidayScheduleService"/></property>
	<property name="serviceInterface">
		<value>com.sequelsys.server.scheduling.service.IHolidayScheduleService</value>
       </property>
  </bean>
</beans>

So i want something (prefeably in web layer) taht can maintain state on user behalf and pass it to teh same object that is remotely exposed for swing side.

**Ben Alex** · Oct 9th, 2004, 05:32 PM

http://article.gmane.org/gmane.comp....ork.user/3652/

**shaby775** · Oct 10th, 2004, 02:10 AM

Hi,
Thanks Ben for u r prompt reply but i am afraid that it is not the solution of my problem. Their are some requirements which need HttpSession atleast , i know spring philosophy is against SFSB but that doest mean that there should be no state at all. And by the way when u r using http for remoting it means u have web servers and all the web structure is already in place so why do not we should benefit to the available infrastructure i think instead of denying a very legitimate problem the people at spring should provide solution. I hope u people will not mind my boldness and i always agree that Spring is the best J2ee framework i have ever seen and i love it and i want to use it whenever possible but this Http sesson is causing problems for my cause of convincing my upper management and also i ma not using acegi security and we have some other things also to store in session.So kindly please help me. Looking forward with great hope from great people who wrote a great framework

**oliverhutchison** · Oct 10th, 2004, 06:15 PM

Shoaib,

are you absolutely sure that you need to maintain state on the server? If you post your use case perhaps we can suggest an alternative implementation that uses the existing (stateless) remoting support.

Ollie

**katentim** · Oct 23rd, 2004, 05:57 PM

I think adding Session support would be very useful. What if you need to get through a security product like Siteminder that is setup to use session cookies.

While there may be reasons not to use it, shouldn't that be the architect's decision, not a limitation of Spring?

**katentim** · Oct 24th, 2004, 07:26 AM

Shoaib,

You can use the session in the following way. For your client context, use the commons remote executor to maintain the same session:

Code:

	<bean id="httpInvokerProxy" class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean">
		<property name="serviceUrl">
			<value>http&#58;//$&#123;serverName&#125;&#58;$&#123;httpPort&#125;$&#123;contextPath&#125;/remoting/RemoteService-httpinvoker</value>
		</property>
		<property name="serviceInterface">
			<value>org.timnolan.springsample.domain.logic.RemoteService</value>
		</property>
		<property name="httpInvokerRequestExecutor">
			<ref bean="httpInvokerExecutor"/>
		</property>
	</bean>

	<bean id="httpInvokerExecutor" class="org.springframework.remoting.httpinvoker.CommonsHttpInvokerRequestExecutor"/>

To use the session, you can attach it to a ThreadLocal in some way (I've done this by subclassing the Dispatcher servlet, and using ThreadLocals inside a custom class, CurrentThread).

Code:

        CurrentThread.setSessionHolder&#40;new SessionHolderImpl&#40;request&#41;&#41;;
        super.doService&#40;request, response&#41;;
        CurrentThread.cleanUp&#40;&#41;;

SessionHolderImpl implements SessionHolder interface to hide the Web dependencies.

Code:

public class SessionHolderImpl implements SessionHolder &#123;
    private HttpSession session;

    public SessionHolderImpl&#40;HttpServletRequest request&#41; &#123;
        session = request.getSession&#40;&#41;;
    &#125;

    public Object getAttribute&#40;String name&#41; &#123;
        return session.getAttribute&#40;name&#41;;
    &#125;

    public void setAttribute&#40;String name, Object value&#41; &#123;
        session.setAttribute&#40;name, value&#41;;
    &#125;

&#125;

Your code can then access the Session.

Code:

    public Employee login&#40;String username, String password&#41; &#123;
        if &#40;password==null&#41; &#123;
            return null;
        &#125;
        Employee employeeFound = findEmployeeByUsername&#40;username&#41;;
        if &#40;employeeFound!=null && employeeFound.isActive&#40;&#41; && password.equals&#40;employeeFound.getPassword&#40;&#41;&#41;&#41; &#123;
            CurrentThread.getSessionHolder&#40;&#41;.setAttribute&#40;Constants.EMPLOYEE, employeeFound&#41;;
            return employeeFound;
        &#125;
        return null;
    &#125;

Having done I wouldn't recommend spreading this code everywhere. I've used it in one case to verify login which works very well. My Web and Remoting clients now use the same custom authentication.

**shaby775** · Oct 24th, 2004, 11:52 PM

Hi katentim,
Thanks for your solution i will try it soon ( can you send me the code for it) . Though i still believe that spring should have this support built in as it is handy in many cases and also not everybody can use the excellent acegi security system (you know the politics). So i rquest to developer of spring of addition of HttpSession .

Regards,
Shoaib Akhtar

**katentim** · Oct 25th, 2004, 07:23 AM

It shouldn't be too much to fill in the gaps from here, but anyway... CurrentThread looks like:

Code:

    private static ThreadLocal sessionHolder = new ThreadLocal&#40;&#41;;

    public static void setSessionHolder&#40;SessionHolder session&#41; &#123;
        CurrentThread.sessionHolder.set&#40;session&#41;;
    &#125;

    public static SessionHolder getSessionHolder&#40;&#41; &#123;
        if &#40;sessionHolder.get&#40;&#41;==null&#41; &#123;
            return null;
        &#125;
        return &#40;SessionHolder&#41; sessionHolder.get&#40;&#41;;
    &#125;

   public static void cleanUp&#40;&#41; &#123;
       //Clear all thread locals here
       CurrentThread.sessionHolder.set&#40;null&#41;;
    &#125;

And SessionHolder:

Code:

public interface SessionHolder &#123;
    public abstract Object getAttribute&#40;String name&#41;;
    public abstract void setAttribute&#40;String name, Object value&#41;;
&#125;

Good luck.

**oliverhutchison** · Oct 25th, 2004, 06:02 PM

Tim,

do you mind elaborating how you deal with things like session timeout? Also why do you need to store this employee object in the session for remoting requests (you use session holder elsewhere to check it)?

In our application we login on every request and place the "user" object into a thread local. This gives us the flexibility to use any kind of remoting protocol not just HTTP. To save out web clients having to login on every requrest we have filter that checks for a validated "user" in the session and if it's present does the login again using the details from the session.

Ollie

**katentim** · Oct 26th, 2004, 03:08 AM

how you deal with things like session timeout

Any request after a session timeout will be rejected and the remote application will have to login again (the remote application could automate this).

why do you need to store this employee object in the session for remoting requests

It contains roles and information for security checking and auditing.

...we login on every request...This gives us the flexibility to use any kind of remoting protocol not just HTTP

True. My approach was just useful for my scenario. Browser and remote client use exactly the same authentication and authorisation code.

Thread: Maintaing State while using HttpInvoker

Thread Tools

Display

Maintaing State while using HttpInvoker

Re

Re

Similar Threads

Hibernate Long Session Per Flow?

Events That Don't Match Sent To Default State??

CommitException ??

Spring and Quartz with unstable crontriggers.

Somethings to think about

Posting Permissions