Re: How to serialize user principal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mohammad, On 9/13/2010 3:29 PM, Mohammad M. AbuZer wrote: > Thanks to note about disadvantages of using JDBCRealm, but about tomcat > login-surviving, I still see login-page, after web-app reload or tomcat > restart... even default configuration presents Hmm. What's in the session, then? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyOfOsACgkQ9CaO5/Lv0PBLLACdFQ954KDF5Z27XUO44DsJlyXQ oWgAoJf4k4atY0UC7L23tMTeuS4+dCQ+ =+ZnD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to serialize user principal
Thanks to note about disadvantages of using JDBCRealm, but about tomcat login-surviving, I still see login-page, after web-app reload or tomcat restart... even default configuration presents On Mon, Sep 13, 2010 at 9:20 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Mohammad, > > (Note the change in spelling of "principal". Principle is a notion or > laws or morals.) > > On 9/13/2010 2:37 PM, Mohammad M. AbuZer wrote: > > I'm using tomcat 7.0.2 BETA, I used JDBCRealm, and I think it uses by > > default GenericPrinciple at org.apache.catalina.realm, which do not > > implement Serializable interface, > > Note that the Principal itself is not stored as a session attribute, and > is therefore not "serialized" in the way you are thinking. Tomcat should > be able to persist the user's session information across a Tomcat > restart. I happen to witness that capability several times per day > personally (though in Tomcat 5.5 and 6.0, not 7.0). > > Also, note that JDBCRealm has long bees associated with poor performance > due to it's use of a single Connection object for all authentication. > Consider using DataSourceRealm along with a connection pool instead. > > Are you getting any errors in your log files? Usually, when a user's > session seems to expire "during" a Tomcat restart, it's because the > session itself is not serializable due to an object that application > code has carelessly inserted into the session. That usually emits an > error during session saving or re-loading. > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkyOeW0ACgkQ9CaO5/Lv0PBVtQCeI+2STfjSCp3F650XsyL0WX2V > CnsAoKUJLGCrv+VkMTdcvinr4k+J7Nen > =J0Vx > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- * Best Regards Mohammad M. AbuZer* Junior Java Developer Mobile: +962-78-5416416
Re: How to serialize user principal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mohammad, (Note the change in spelling of "principal". Principle is a notion or laws or morals.) On 9/13/2010 2:37 PM, Mohammad M. AbuZer wrote: > I'm using tomcat 7.0.2 BETA, I used JDBCRealm, and I think it uses by > default GenericPrinciple at org.apache.catalina.realm, which do not > implement Serializable interface, Note that the Principal itself is not stored as a session attribute, and is therefore not "serialized" in the way you are thinking. Tomcat should be able to persist the user's session information across a Tomcat restart. I happen to witness that capability several times per day personally (though in Tomcat 5.5 and 6.0, not 7.0). Also, note that JDBCRealm has long bees associated with poor performance due to it's use of a single Connection object for all authentication. Consider using DataSourceRealm along with a connection pool instead. Are you getting any errors in your log files? Usually, when a user's session seems to expire "during" a Tomcat restart, it's because the session itself is not serializable due to an object that application code has carelessly inserted into the session. That usually emits an error during session saving or re-loading. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyOeW0ACgkQ9CaO5/Lv0PBVtQCeI+2STfjSCp3F650XsyL0WX2V CnsAoKUJLGCrv+VkMTdcvinr4k+J7Nen =J0Vx -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org