[Design of JCA on JBoss] - StdServerSession/StdServerSessionPool -- JmsServerSession/Jm
by weston.price@jboss.com
I just wanted to verify that the changes I have made in both the ASF implementation, as well as the JCA Inflow adapter are correct and that I understand the implications of both.
To make things a bit clearer, I created a TransactionDemarcationStrategy interface with the error() and end() methods. Depending upon the context either a LocalDemarcationStrategy or XADemarcationStrategy gets created.
Where this gets created is dependent upon the USE_OLD flag that is dependent on a system property (org.jboss.jms.asf.useold) which, by default is set to false.
So, when the run() method of StdServerSession or JmsServerSession gets executed, and based upon that flag, a TransactionDemarcation gets created. The USE_OLD == true flag requires the the Demarcation be created in the call to onMessage versus being created at Session run (ie UOW begins prior to the get of after the get has occured).
XA scenario:
In the case where the delivery is transacted (local tx false) XADemarcation gets constructed and a transaction is begun and the underlying XAResource gets enlisted. An errors thrown are handled in the demarcation error() method and as a result, the transaction is marked for rollback. The end() method then either commits or rollbacks depending upon completion of onMessage.
Local scencario:
This was the weird one in my mind and was largely prompted by the RuntimeException/BMT discussion. In this scenario local JMS transactions are used to 'dummy up' a transaction in the case of BMT to primarily handle the case where a listener throws a RunTime excpetion and the message should not be acknowledged. If the underlying JMS session is transcated the error() and end() method function like the XA scenario with the difference being that the JMS API is used to manage the transaction context.
Note the issue filed here:
http://jira.jboss.com/jira/browse/JBAS-3631
should be incorporated into this work as well.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3970328#3970328
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3970328
19 years, 7 months
[Design of Security on JBoss] - Automatic redirection after password change in Formbased Aut
by Wenzelaus
Hi,
this is my first post and I am quite new to JBOSS/J2EE... Here is my issue :)
I use formbased authentication in my jsf portal. The authentication is send to an own developed loginmodule which then calls a FoxPro webservice and gets back some different messages depending if the password is ok, expired, is wrong and has X numbers of retries. For each message a different exception is thrown by the loginmodule which is then processed by the jsp pages in the frontend jsf gui. E.g. if the password is expired an PassWordExpired exception is thrown by the loginmodule and the logon_error.jsp page (with formbased authentication) then redirects to the passwordchange.jsp page. The change of the password works fine but these pages are not secured by the formbased authentication. That?s why everybody has to enter all credentials (userid, password old, password new x 2) on this passwordchangepage. After the password was changed successfully the user is redirected to a message jsp page showing that everything is ok while changing the password. Then after pressing a button on this page the user should be redirected to the startpage (which is the page that appears after the user logged in successfully). I found a method on the web (see below) which then tries to get the startpage and enters the necessary credentials on the j_security_check page, which the method knows that comes. The method originally was created to just get the content of this page, what works fine, BUT my intention is that the method logs in (via HttpClient class) and the browser recognizes that he is already logged in. And I am afraid this does not happen. So the HttpClient is logged in but the browser is not. SO no matter what I make (redirection directly to the startpage shows then the login page, redirection to the index page which then redirects to the startpage shows the startpage with url index.faces ? I then can enter my search values but get redirected to the login page after pressing the submit button). Everything I make, everything redirects somewhen to the login page... Does somebody have any idea how to solve the problem or how to solve the problem on a different way? I really appreciate any help of you?
Here the pieces of my code:
- the method:
public void getWebPage(String baseServer, String url, String webApp, String tempUserID, String tempPWD) {
|
| //Set Cookie Policy to be generically compatible.
| String url2 = baseServer + url;
| HttpClient client = new HttpClient();
| client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
|
| //Get Method: Request secure page and get redirected to login page
|
| GetMethod authget = new GetMethod(url2);
| try {
| client.executeMethod(authget);
| InputStream responseBody = authget.getResponseBodyAsStream();
| } catch (HttpException httpe) {
| _log.error(httpe.getMessage(), httpe);
| } catch (IOException ioe) {
| _log.error(ioe.getMessage(), ioe);
| }
|
| NameValuePair[] data = new NameValuePair[2];
| data[0] = new NameValuePair("j_username", tempUserID);
| data[1] = new NameValuePair("j_password", tempPWD);
|
| //Post Method: logs into url
| String testURL = (baseServer + webApp + "j_security_check");
| PostMethod authpost = new PostMethod((baseServer + webApp + "j_security_check"));
| authpost.setRequestBody(data);
|
| // commented because causes an exception
| //authpost.setRequestHeader(authget.getRequestHeader("Cookie"));
| authpost.setRequestHeader(authget.getRequestHeader("Host"));
| authpost.setRequestHeader(authget.getRequestHeader("User-Agent"));
|
| try {
| // commented as setFollowsRedirect has no effect
| // no matter if you say true or false
| // info [HttpMethodBase] Redirect requested but followRedirects is disabled appears
| //authpost.setFollowRedirects(true);
| client.executeMethod(authpost);
| //authpost.setFollowRedirects(false);
|
| } catch (HttpException httpe) {
| System.err.println(httpe.getMessage());
| httpe.printStackTrace();
| } catch (IOException ioe) {
| System.err.println(ioe.getMessage());
| ioe.printStackTrace();
| }
| authget.setRequestHeader(authpost.getRequestHeader("Cookie"));
| authget.setRequestHeader(authpost.getRequestHeader("Host"));
| authget.setRequestHeader(authpost.getRequestHeader("User-Agent"));
|
| authpost.releaseConnection();
| authget.releaseConnection();
| }
- the entry in the faces-config.xml
<navigation-rule>
| <from-view-id>/*</from-view-id>
| <navigation-case>
| <from-outcome>GermanMoverStartPageRedirect</from-outcome>
| <to-view-id>/germanmoverstartpage.jsp</to-view-id>
| <redirect/>
| </navigation-case>
| </navigation-rule>
- the method called on the ?password successful changed? page when pressing the ?redirect to start page? button
public String goGermanMoverIndex() {
| user = gmPasswordUserIDValue.getSubmittedValue().toString();;
| String tempPassword = gmPasswordNew1Value.getSubmittedValue().toString();
| getWebPage("https://WebServer", "/startpage.faces", "/", user, tempPassword);
| return "GermanMoverStartPageRedirect";
| }
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3970295#3970295
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3970295
19 years, 7 months