[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Create a webapp around an existing webapp for handling session control

Posted on 2005-12-02
21
Medium Priority
?
206 Views
Last Modified: 2010-04-01
Hello,

I have a customer who has an existing web application. This application is freely accessible. Now, he wants to commercialize the application.

The way to do this is by adding a system with subscriptions, so that a user has to log in to view the application. So far, no problem.

The problem comes in the fact that the existing web application was not developed by me, but by others. My client doesn't want to change the code in the existing application, he wants me, if possible, to create a new small web application around the existing one that handles session control.

This means that everytime a page of the existing application is accessed, a check needs to be performed by the new small application to see whether the user has allready a session, or not. If not, the user needs to login.

I have talked to someone who has done someting similiar, but that was in .net. It seems that on microsoft iis it is possible to configure that everytime a page of an application is accessed, a code snippet is automatcly run. This way the session check is performed.

The existing web application runs on tomcat webserver.
Can it be done? If so, how?

Thanks in advance,

Thierry
0
Comment
Question by:tcollogne
  • 10
  • 4
  • 4
  • +1
21 Comments
 
LVL 35

Expert Comment

by:TimYates
ID: 15403251
Hmmm...  I don't believe that's possible...  Not that I can think of a way anyway :-(

The best thing I can think of, is to add a Filter to the existing webapp...

But that will require changing the webapp...

(but with the minimum amount of fuss I can think of)

Tim
0
 
LVL 28

Expert Comment

by:rrz
ID: 15405554
If you really can not change the existing webapp, then maybe  you can use
http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html
I have never used a valve. So, I really don't know if I am pointing you in the right direction.     rrz
What do you think, Tim ?
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
LVL 35

Accepted Solution

by:
TimYates earned 150 total points
ID: 15405636
Ooooh...  Now that's an intriguing idea...  It *should* be possible to insert a Valve into the context of the webapp

Never used it, or tried it though...  

http://support.borland.com/entry.jspa?externalID=2592&categoryID=121

Seems to show how to write one...  Very like a Filter, but different ;-)

Tim
0
 
LVL 30

Expert Comment

by:Mayank S
ID: 15412472
What exactly does the current web app do? Does it not manage anything related to user sessions? If not, then does it have plain HTML pages? If so, you can just write your web app with a login and use HttpUrlConnection to get the current pages' content, write it back to the client.
0
 
LVL 35

Expert Comment

by:TimYates
ID: 15413651
How would that stop people accessing the current web app directly?
0
 
LVL 30

Expert Comment

by:Mayank S
ID: 15414351
Hmmm..... it won't, unless there is some kind of IP-address filtering (or a similar security imposition) on the current web-app's server to allow requests only from the new web-server to come in.
0
 
LVL 35

Expert Comment

by:TimYates
ID: 15414767
By using some sort of Valve?

(like rrz@871311 suggested? http:Q_21650462.html#15405554)

;-)
0
 
LVL 30

Expert Comment

by:Mayank S
ID: 15414878
Will read what it is.
0
 

Author Comment

by:tcollogne
ID: 15417896
The valve looks like a good solution, the only problem is that I have no idea how to check if a session is available. I know how to check it in a normal web application, but I have no idea how to do this using a valve. Any ideas?
0
 
LVL 35

Expert Comment

by:TimYates
ID: 15418079
It looks like, inside your Valve class, you will have a method like:

public void invoke(Request request, Response response, ValveContext context) throws IOException, ServletException
{
    System.out.println("Example VALVE hit");

    ServletRequest req = request.getRequest() ;
    if( req != null )
    {
        if( req instanceof HttpServletRequest )
        {
            HttpSession session = ((HttpServletRequest)req).getSession( true ) ;
            System.out.println( "GOT SESSION ID " + session.getId() ) ;
        }
    }

    // complete the chain
    context.invokeNext(request, response);
}

Maybe...  As I say, I've never tried it out :-/

Tim
0
 

Author Comment

by:tcollogne
ID: 15418378
The big problem here is that sessions are not shared. This means that when I login in one application and put the user information in the session, this information is not visible to the other application.

So when the request comes from the existing application (not the login application), the session that was created during login, is not visible.

I'm considering to put the userinformation in a database and not use the session control in the application, that way the information is visible to both.

What do you think?
0
 
LVL 35

Expert Comment

by:TimYates
ID: 15418409
Hmmm...you could do...

But if the existing application has to know what you are logged in as, then aren't you changing the existing application?

And if so, why not just add login/logout/registration to the original application...?
0
 

Author Comment

by:tcollogne
ID: 15418459
Only the valve needs to know whether someone is logged in. The valve can get this information from the database and redirect to the login page if a user is not logged in.

This brings me to another problem. How do I redirect. I have tried "response.sendRedirect". But if I do that I get "java.lang.IllegalStateException: Cannot create a session after the response has been committed". I can understand why this is thrown, but I have no idea how to fix it.
0
 
LVL 35

Expert Comment

by:TimYates
ID: 15418502
Can you post your code?
0
 

Author Comment

by:tcollogne
ID: 15418681
The redirect is fixed. I am experimenting with sharing session information now.
0
 
LVL 28

Expert Comment

by:rrz
ID: 15452915
No points for me ?  Not fair.
0
 
LVL 35

Expert Comment

by:TimYates
ID: 15452940
I agree...  tcollogne, rrz@871311 was the first to suggest using the Valve idea...  So I think he deserves the lion's share of the points

(I'd have never of thought about it)

If you post a question for 0 points here:  http:Community_Support/, you can ask for this question (http:Q_21650462.html) to be reopened, and then split the points using the "Split Points" link which will be just above the comment entry box ...

Hope you agree, and think this way is fairer!

Glad you got it solved though!

Tim
0
 
LVL 28

Expert Comment

by:rrz
ID: 15452958
No I think Tim
>deserves the lion's share of the points    
because he did all the work. I was just the idea man.      rrz
0
 
LVL 35

Expert Comment

by:TimYates
ID: 15452984
Ahhh, but without the ideas man, so many things in history wouldn't have happened...  Heh, I just had a bit more spare time than you to follow this through...and now I know about Valves ;-)  hee hee

Tim
0
 
LVL 28

Expert Comment

by:rrz
ID: 15453006
Even more valuable than points, would be to show us how the valve worked for you. We are all here to learn.   rrz
0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to move an Exchange 2013/2016 mailbox database and logs to a different drive.
If you have a smartphone, I'm sure you've noticed that web applications are changing. Yet, are you aware of how these changes are going to impact your organization or company?
Planning to migrate your EDB file(s) to a new or an existing Outlook PST file? This video will guide you how to convert EDB file(s) to PST. Besides this, it also describes, how one can easily search any item(s) from multiple folders or mailboxes…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
Suggested Courses

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question