[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 433
  • Last Modified:

Stateful EJB remove problem

Hi folks,

One of my colleagues has been facing issues with a J2EE 1.3 application deployed on Weblogic. The basic flow of the application is:

JSP -> Servlet -> EJB (Stateful session bean) -> CORBA (Visibroker 6.0) -> Toplink -> Oracle/ DB2

Don't ask me why the CORBA layer is there :) it seems quite redundant to me but when they designed it 8 years back they probably wanted to use it as it was more mature than J2EE.

Anyway, the issue is that when the user logs out and tries to log in again, he gets an exception saying "EJB session context could not be released". Any idea why it is trying to release the EJB on login?

I see that on logout, the attributes are being removed from the HttpSession (one of the attributes is the EJB handle and that is also being removed by a call to remove ()). Also - how does this work in case the user closes the window by clicking on the X button on the browser instead of logging out?

Thanks,
Mayank.
0
Mayank S
Asked:
Mayank S
  • 5
  • 4
1 Solution
 
Weiping DuSenior Web DeveloperCommented:
>>Also - how does this work in case the user closes the window by clicking on the X button on the browser instead of logging out?
The server side may never know when a client closed his broswer.  I guess that it has to wait for HttpSession time out, then start to remove EJB object instance and release resource for cleaning up.   You can create a class to implements HttpSessionBindingListener in web tier. then implement valueUnbound() for getting EJB reference.

>>gets an exception saying "EJB session context could not be released".
I don't know why the msg come out after user relogin.  I guess that EJB session context never been released yet although the remove() called from from EJBObject or remove(Handle handle) called from EJBHome because a call to one of these remove() method does not necessarily remove the actual Access EJB instance;  It just notify the EJB container that the instance can be removed if no other client components are currently using it. But it is not guaranteed.
0
 
Mayank SAssociate Director - Product EngineeringAuthor Commented:
>> You can create a class to implements HttpSessionBindingListener in web tier.

Yeah I checked - they are doing that.

>>  But it is not guaranteed.

Is that so? Do you have any documentation/ link which explains this?
0
 
Weiping DuSenior Web DeveloperCommented:
Sorry, I should change it to: "it is not guaranteed to be happened right after called removed()"  :)
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
Weiping DuSenior Web DeveloperCommented:
http://publib.boulder.ibm.com/infocenter/wbihelp/v6rxmx/index.jsp?topic=/com.ibm.wics_developer.doc/doc/access_dev_ejb/access_dev_ejb26.htm

"The client component is responsible for requesting that an Access EJB instance be created or removed. However, the EJB container within the application server determines when such activities actually occur."
0
 
Mayank SAssociate Director - Product EngineeringAuthor Commented:
Ok. I noticed something more in the login.jsp. It has a scriptlet:

<%
  if ( ! session.isNew () )
  {
    // loops through all session parameters and removes them

  }

%>

Any idea why the session would not be new if it is going there after a logout?
0
 
Weiping DuSenior Web DeveloperCommented:
Did you actually invaliad session before user logout?
BTW, when HttpSession timeout and unbind the HttpSessionBindingListener from session attribute,  the user identity(principal-name) may become anonymous. If the related EJB method has access permission, you may need to define new <security-role> and setup <security-role-assignment> for <principal-name>.  Also, in ejb-jar DD that stateful session bean, you may need to add something like:
     <security-identity>
      <run-as>
          <role-name>abcdefg-role</role-name>
      </run-as>
      </security-identity>
0
 
Mayank SAssociate Director - Product EngineeringAuthor Commented:
>> Did you actually invaliad session before user logout?

It is being invalidated upon logout using session.invalidate ()
0
 
Mayank SAssociate Director - Product EngineeringAuthor Commented:
>> If the related EJB method has access permission

No, it doesn't.
0
 
Mayank SAssociate Director - Product EngineeringAuthor Commented:
I found a solution - the ejbRemove () method was throwing a NullPointerException because of bad coding - a null check was not being done there for an object which could be null on some circumstances.... so the EJB was not being properly released. I'll give you points for the help though.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now