Solved

Stateful EJB remove problem

Posted on 2007-03-22
9
418 Views
Last Modified: 2013-11-24
Hi folks,

One of my colleagues has been facing issues with a J2EE 1.3 application deployed on Weblogic. The basic flow of the application is:

JSP -> Servlet -> EJB (Stateful session bean) -> CORBA (Visibroker 6.0) -> Toplink -> Oracle/ DB2

Don't ask me why the CORBA layer is there :) it seems quite redundant to me but when they designed it 8 years back they probably wanted to use it as it was more mature than J2EE.

Anyway, the issue is that when the user logs out and tries to log in again, he gets an exception saying "EJB session context could not be released". Any idea why it is trying to release the EJB on login?

I see that on logout, the attributes are being removed from the HttpSession (one of the attributes is the EJB handle and that is also being removed by a call to remove ()). Also - how does this work in case the user closes the window by clicking on the X button on the browser instead of logging out?

Thanks,
Mayank.
0
Comment
Question by:mayankeagle
  • 5
  • 4
9 Comments
 
LVL 9

Expert Comment

by:owenli27
ID: 18773568
>>Also - how does this work in case the user closes the window by clicking on the X button on the browser instead of logging out?
The server side may never know when a client closed his broswer.  I guess that it has to wait for HttpSession time out, then start to remove EJB object instance and release resource for cleaning up.   You can create a class to implements HttpSessionBindingListener in web tier. then implement valueUnbound() for getting EJB reference.

>>gets an exception saying "EJB session context could not be released".
I don't know why the msg come out after user relogin.  I guess that EJB session context never been released yet although the remove() called from from EJBObject or remove(Handle handle) called from EJBHome because a call to one of these remove() method does not necessarily remove the actual Access EJB instance;  It just notify the EJB container that the instance can be removed if no other client components are currently using it. But it is not guaranteed.
0
 
LVL 30

Author Comment

by:mayankeagle
ID: 18774453
>> You can create a class to implements HttpSessionBindingListener in web tier.

Yeah I checked - they are doing that.

>>  But it is not guaranteed.

Is that so? Do you have any documentation/ link which explains this?
0
 
LVL 9

Expert Comment

by:owenli27
ID: 18774679
Sorry, I should change it to: "it is not guaranteed to be happened right after called removed()"  :)
0
 
LVL 9

Expert Comment

by:owenli27
ID: 18774712
http://publib.boulder.ibm.com/infocenter/wbihelp/v6rxmx/index.jsp?topic=/com.ibm.wics_developer.doc/doc/access_dev_ejb/access_dev_ejb26.htm

"The client component is responsible for requesting that an Access EJB instance be created or removed. However, the EJB container within the application server determines when such activities actually occur."
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 30

Author Comment

by:mayankeagle
ID: 18774724
Ok. I noticed something more in the login.jsp. It has a scriptlet:

<%
  if ( ! session.isNew () )
  {
    // loops through all session parameters and removes them

  }

%>

Any idea why the session would not be new if it is going there after a logout?
0
 
LVL 9

Accepted Solution

by:
owenli27 earned 500 total points
ID: 18774936
Did you actually invaliad session before user logout?
BTW, when HttpSession timeout and unbind the HttpSessionBindingListener from session attribute,  the user identity(principal-name) may become anonymous. If the related EJB method has access permission, you may need to define new <security-role> and setup <security-role-assignment> for <principal-name>.  Also, in ejb-jar DD that stateful session bean, you may need to add something like:
     <security-identity>
      <run-as>
          <role-name>abcdefg-role</role-name>
      </run-as>
      </security-identity>
0
 
LVL 30

Author Comment

by:mayankeagle
ID: 18776159
>> Did you actually invaliad session before user logout?

It is being invalidated upon logout using session.invalidate ()
0
 
LVL 30

Author Comment

by:mayankeagle
ID: 18776162
>> If the related EJB method has access permission

No, it doesn't.
0
 
LVL 30

Author Comment

by:mayankeagle
ID: 18776167
I found a solution - the ejbRemove () method was throwing a NullPointerException because of bad coding - a null check was not being done there for an object which could be null on some circumstances.... so the EJB was not being properly released. I'll give you points for the help though.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
Viewers learn about the scanner class in this video and are introduced to receiving user input for their programs. Additionally, objects, conditional statements, and loops are used to help reinforce the concepts. Introduce Scanner class: Importing…
This video teaches viewers about errors in exception handling.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now