I am using Portlet to Portlet Communication.In which I created Portlet Session in one Portlet and set attribute.Getting that attribute in second portlet.Now I want to end that session.How can I do this?
If you are catching session value in another portlet controller simply use
actionrequest.getPortletSession().removeAttribute("attributeName");
and if you are using Session scope it is better to use
actionRequest.getPortletSession().removeAttribute("attributeName",scopeId);
scopeId can be either one of them
PortletSession.APPLICATION_SCOPE or PortletSession.PORTLET_SCOPE
And now for handling session in jsp (which i rather don't),
PortletRequest portletRequest = (PortletRequest) request.getAttribute(JavaConstants.JAVAX_PORTLET_REQUEST);
portletRequest.getPortletSession().removeAttribute("attributeName");
Related
Hey guys i'm working on admin module for my project. When a person logs-in, a request is sent to login servlet. When it further ask for some other report by clicking other options a request for the report is sent to other servlet which gives the result on the page which is shown at the time of user which is of normal type. The session is lost between two servlets.
I am trying to navigate the generated report on some other page but for that i need to know user type in second servlet. This can be done by fetching value of user_type from login module bean class.
How to handle this situation? thanks
My login servlet is :
LoginService user = new LoginService();
user.setUserName(request.getParameter("username"));
user.setPassword(request.getParameter("password"));
user = UserDAO.login(user);
if (user.isValid())
{
HttpSession session = request.getSession(true);
session.setAttribute("currentSessionUser",user);
if(user.getUser_type().equalsIgnoreCase("admin")){
response.sendRedirect("administrator/homepage.jsp");
}else{
response.sendRedirect("homepage.jsp"); //logged-in page
}
}
else
response.sendRedirect("invalidlogin.jsp"); //error page
}
i tried using this in second servlet:-
LoginService session = (LoginService)request.getAttribute("currentSessionUser");
String drake = session.getUser_type();
System.out.println("usertype = " +drake);
Here LoginService is the bean class of login module. i'm get a nullpointer exception here.
I think you're trying to do stuff that your web container should handle for you... A session should automatically be maintained over the course of multiple servlet calls from the same client session. Methods from HttpServlet are given a HttpServletRequest. You can obtain the corresponding HttpSession using one of the getSession methods of that class.
You can bind stuff to the HttpSession using setAttribute and getAttribute.
EDIT: I'm taking this from the Servlet spec 2.5:
A servlet can bind an object attribute into an HttpSession implementation by name.
Any object bound into a session is available to any other servlet that belongs to the
same ServletContext and handles a request identified as being a part of the same
session.
I think you're better off getting the HttpSession object from the HttpServletRequest (at least assuming it's a HttpServlet) and setting/getting attributes through that. If you choose a proper name (it follows the same convention as Java package naming) for your attribute, you can be sure the returned object, as long as it's not null, can be cast to whatever type you put in there. Setting and getting attributes on the request itself isn't gonna help, I don't think stuff will get carried over from one servlet call to the next unless you call one servlet from the other with a RequestDispatcher, but that's not what you're after here.
So in your second code sample, do (LoginService)request.getSession().getAttribute("currentSessionUser");, that ought to work. Make sure to check for nulls and maybe choose an attribute name that uses your project's package name convention (like com.mycompany...).
I wouldn't mind a second opinion here since I'm not much of an EE/web developer.
Is posible for a portlet to read a request parameter of its surrounding page?
E.g. the URL of the page the portlet resides in is http://example.com/mygroup/mypage?foo=bar Is it possible to read the "foo" parameter from a portlet that is on that page?
Portlet Container is Liferay 6.0.5.
P.S.
I have already tried:
com.liferay.portal.util.PortalUtil.getOriginalServletRequest(com.liferay.portal.util.PortalUtil.getHttpServletRequest((javax.portlet.PortletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest())).getParameter("foo")
but I always get null for productId
Thanks!
Have you tried
ExternalContext.getRequestParameterMap()
The following code will do the trick:
javax.portlet.PortletRequest pr = (javax.portlet.PortletRequest)FacesContext.getCurrentInstance().getExternalContext().getRequestMap().get("javax.portlet.request");
java.lang.reflect.Method method = pr.getClass().getMethod("getOriginalHttpServletRequest");
HttpServletRequest httpServletRequest = (HttpServletRequest)method.invoke(pr, new Object[] {});
return httpServletRequest.getParameter(YOUR_PARAM_KEY);
In a partial submit, the icefaces ajax bridge (which replaces a usual jsf portlet bridge) is avoiding the normal portal action/render request, contacting directly the blocking servlet (in order to avoid invalidating other request-scoped portlets and in general, to be faster). Because of this, all those params/attributes which are set in a normal portal request are not set in ajax. They are set only in the initial GET type request for that page. So, actually what you should do is saving those params in the #PostConstruct or some other method of your controlling bean, and then reuse them later. (They wouldn't change in a partial submit anyway, right?).
Keep in mind though, that this will not work if you use IceFaces in conjuction with Spring (and their EL Resolver, since that eliminates your extended request scope).
if you are in JSF environment then try this:
String param = LiferayFacesContext.getInstance().getRequestQueryStringParameter("foo");
Is HttpSession in java servlet is created only after
HttpSession s = request.getSession();
?
In my code I didn't write that, but when I use if (request.getSession(false) == null) ..., it doesn't work. Why?
A HttpSession is created when calling request.getSession().
But if you access a JSP by default it will automatically create a session.This behaviour can be disabled by using: <%# page session="false">
Are you using JSP?
Read JavaDocs, it says clearly:
This says, request.getSession()
Returns the current session associated with this request, or if the request does not have a session, creates one.
And the other variant request.getSession(isCreate)
Returns the current HttpSession associated with this request or, if there is no current session and create is true, returns a new session.
If create is false and the request has no valid HttpSession, this method returns null.
To make sure the session is properly maintained, you must call this method before the response is committed. If the container is using cookies to maintain session integrity and is asked to create a new session when the response is committed, an IllegalStateException is thrown.
Update
On a bit research, I have found that Session is not created unless request.getSession() is called somewhere. Since, The servlet container uses this interface to create a session between an HTTP client and an HTTP server. There are good chances that your Servlet container creates the Session for you by default.
refer:
Java Doc HttpSession
Discussion on JavaRaunch: is HttpSession created automatically?
But, to be safer side, use request.getSession() to get session, and use request.getSession(false) only when you need to verify if a session has already been created.
In addition to Nishant's answer note that session can be created implicitly by JSP pages unless you configured them not to create a session with <%# page session = "false" %>.
To make it complete:
session is not created, unless you call request.getSession(), in your servlet, use request.getSession(false) to get existing session without creating new session
if you use JSP page, session is automatically created for you - variable session - unless you specify <%# page session="false" %>
even if your session is created automatically, you can use session.isNew() to find out, if it has been newly created
Try to remove session cookies from browser and make another test. If it does not work then some other component is creating a new session before that call.
I have my user session stored as an <aop:scoped-proxy/> proxy. how would i go about accessing it on the jsp?
i am assuming that the bean is stored somewhere in the session, correct me if i am wrong.
i found an answer:
http://digitaljoel.nerd-herders.com/2010/11/01/accessing-spring-session-beans-in-jsp/
in short:
${sessionScope['scopedTarget.userSession'].firstName}
works like a charm
Check out this thread. The issue is that session scoped beans (or beans in general) must be injected into the classes that need them and there isn't an easy way to do that with JSP pages. In addition to the solution presented in the thread I linked, you could also inject the user session into your controllers and then add the object to your model. Alternatively, if you wanted to switch to a framework like Spring Security for your user session management, you could make use of their tag library to access the user session information from a JSP.
I'm using Spring for my web app. I have used several SimpleFormControllers. I've created a session in the first SimpleFormController for the login page using:
HttpSession session = request.getSession(true);
How can I protect other SimpleFormControllers using Sessions, i.e. so that other controllers won't load if the user is not loged in.
Thank you
You probably want to use Spring Security.
It's flexible and allows restrictions based on roles.
Without it, you will need to manually check in every controller whether the user logged in or not. Or you'll have to "reinvent" a security framework by adding filter to the webapp.
If you only want to protect the operation of getting the session, you need to write a filter that wraps the original request and overrides the getSession methods. There you can check for login data using the original request's getSession().
BTW, getSession() is equivalent to getSession(true)
To protect the Controller from access outside of the intended Session, you may want to compare the Scoping rules you need with this clearly written Guide.
How to get Session Object In Spring MVC
The author gives an example of creating a Controller annotated with #Scope("session")