Hi,
On 11/21/06, Edgar Poce <[EMAIL PROTECTED]> wrote:
On 11/21/06, Jukka Zitting <[EMAIL PROTECTED]> wrote:
> The problem with associating the JCR session with the HTTP session is
> that the servlet container may allow multiple concurrent request
> within the same session.
yes. It was an issue I was aware and wanted to discuss the fix.
If I understand you correctly, in your previous post you proposed to
store the credentials and create a new connection on each request, I'd
prefer to keep a single jcr session.
You're right, a single JCR session per HTTP session is probably the
best in this case.
The background for my original idea was a read-only webapp I did a
while ago that maintains a session pool keyed by the login
credentials. The credentials are stored in the HTTP session and the
JCR sessions can very quickly be acquired and released by a
ServletRequestListener using calls like
SessionPool.acquireSession(Credentials) and
SessionPool.releaseSession(Session).
This however only works well for read-only applications and
applications where transient changes are never kept across multiple
requests. Thus it's probably not a good fit for the JCR Navigator.
What do you think about storing the jcr session in the servlet session
and use a requestlistener to synchronize the access to the jcr session?.
On each request a lock would be acquired on the jcr session and released
only when the request is over. This wouldn't allow two request to access
the session simultaneously.
Sounds good. A Filter like the following is in fact probably the
easiest way to achieve synchronization:
public void doFilter(
ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpSession httpSession = ((HttpServletRequest) request).getSession();
Session jcrSession = httpSession.getAttribute(SESSION_KEY);
synchronized (jcrSession) {
request.setAttribute(SESSION_KEY, jcrSession);
try {
chain.doFilter(request, response);
} finally {
request.removeAttribute(SESSION_KEY);
}
}
}
Perhaps this could be combined with the current LoginFilter functionality?
BR,
Jukka Zitting
