Create a webapp around an existing webapp for handling session control

Hello,

I have a customer who has an existing web application. This application is freely accessible. Now, he wants to commercialize the application.

The way to do this is by adding a system with subscriptions, so that a user has to log in to view the application. So far, no problem.

The problem comes in the fact that the existing web application was not developed by me, but by others. My client doesn't want to change the code in the existing application, he wants me, if possible, to create a new small web application around the existing one that handles session control.

This means that everytime a page of the existing application is accessed, a check needs to be performed by the new small application to see whether the user has allready a session, or not. If not, the user needs to login.

I have talked to someone who has done someting similiar, but that was in .net. It seems that on microsoft iis it is possible to configure that everytime a page of an application is accessed, a code snippet is automatcly run. This way the session check is performed.

The existing web application runs on tomcat webserver.
Can it be done? If so, how?

Thanks in advance,

Thierry
tcollogneAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TimYatesCommented:
Hmmm...  I don't believe that's possible...  Not that I can think of a way anyway :-(

The best thing I can think of, is to add a Filter to the existing webapp...

But that will require changing the webapp...

(but with the minimum amount of fuss I can think of)

Tim
0
rrzCommented:
If you really can not change the existing webapp, then maybe  you can use
http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html
I have never used a valve. So, I really don't know if I am pointing you in the right direction.     rrz
What do you think, Tim ?
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

TimYatesCommented:
Ooooh...  Now that's an intriguing idea...  It *should* be possible to insert a Valve into the context of the webapp

Never used it, or tried it though...  

http://support.borland.com/entry.jspa?externalID=2592&categoryID=121

Seems to show how to write one...  Very like a Filter, but different ;-)

Tim
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mayank SAssociate Director - Product EngineeringCommented:
What exactly does the current web app do? Does it not manage anything related to user sessions? If not, then does it have plain HTML pages? If so, you can just write your web app with a login and use HttpUrlConnection to get the current pages' content, write it back to the client.
0
TimYatesCommented:
How would that stop people accessing the current web app directly?
0
Mayank SAssociate Director - Product EngineeringCommented:
Hmmm..... it won't, unless there is some kind of IP-address filtering (or a similar security imposition) on the current web-app's server to allow requests only from the new web-server to come in.
0
TimYatesCommented:
By using some sort of Valve?

(like rrz@871311 suggested? http:Q_21650462.html#15405554)

;-)
0
Mayank SAssociate Director - Product EngineeringCommented:
Will read what it is.
0
tcollogneAuthor Commented:
The valve looks like a good solution, the only problem is that I have no idea how to check if a session is available. I know how to check it in a normal web application, but I have no idea how to do this using a valve. Any ideas?
0
TimYatesCommented:
It looks like, inside your Valve class, you will have a method like:

public void invoke(Request request, Response response, ValveContext context) throws IOException, ServletException
{
    System.out.println("Example VALVE hit");

    ServletRequest req = request.getRequest() ;
    if( req != null )
    {
        if( req instanceof HttpServletRequest )
        {
            HttpSession session = ((HttpServletRequest)req).getSession( true ) ;
            System.out.println( "GOT SESSION ID " + session.getId() ) ;
        }
    }

    // complete the chain
    context.invokeNext(request, response);
}

Maybe...  As I say, I've never tried it out :-/

Tim
0
tcollogneAuthor Commented:
The big problem here is that sessions are not shared. This means that when I login in one application and put the user information in the session, this information is not visible to the other application.

So when the request comes from the existing application (not the login application), the session that was created during login, is not visible.

I'm considering to put the userinformation in a database and not use the session control in the application, that way the information is visible to both.

What do you think?
0
TimYatesCommented:
Hmmm...you could do...

But if the existing application has to know what you are logged in as, then aren't you changing the existing application?

And if so, why not just add login/logout/registration to the original application...?
0
tcollogneAuthor Commented:
Only the valve needs to know whether someone is logged in. The valve can get this information from the database and redirect to the login page if a user is not logged in.

This brings me to another problem. How do I redirect. I have tried "response.sendRedirect". But if I do that I get "java.lang.IllegalStateException: Cannot create a session after the response has been committed". I can understand why this is thrown, but I have no idea how to fix it.
0
TimYatesCommented:
Can you post your code?
0
tcollogneAuthor Commented:
The redirect is fixed. I am experimenting with sharing session information now.
0
rrzCommented:
No points for me ?  Not fair.
0
TimYatesCommented:
I agree...  tcollogne, rrz@871311 was the first to suggest using the Valve idea...  So I think he deserves the lion's share of the points

(I'd have never of thought about it)

If you post a question for 0 points here:  http:Community_Support/, you can ask for this question (http:Q_21650462.html) to be reopened, and then split the points using the "Split Points" link which will be just above the comment entry box ...

Hope you agree, and think this way is fairer!

Glad you got it solved though!

Tim
0
rrzCommented:
No I think Tim
>deserves the lion's share of the points    
because he did all the work. I was just the idea man.      rrz
0
TimYatesCommented:
Ahhh, but without the ideas man, so many things in history wouldn't have happened...  Heh, I just had a bit more spare time than you to follow this through...and now I know about Valves ;-)  hee hee

Tim
0
rrzCommented:
Even more valuable than points, would be to show us how the valve worked for you. We are all here to learn.   rrz
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
JSP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.