RE: Best practice for detecting session expiration for applets?

[Klotz Jr, Dennis]

More information:

The code I'm using to get the response code always comes back with http
status 200. The very next line:

    ObjectInputStream result = new ObjectInputStream (in);

Is the one that generates the exception of EOF on stream.

Makes perfect sense... I just wish I had a reliable way of detecting at
the applet level when the session has expired...

On the server side I get an exception as it is attempting to send the
client the login form, but of course the applet is trying to send an
object and the server chokes:

-----------

Feb 16, 2006 8:35:47 AM org.apache.catalina.connector.CoyoteAdapter
service
SEVERE: An exception or error occurred in the container during the
request processing
java.lang.NullPointerException
        at
org.apache.tomcat.util.buf.ByteChunk.append(ByteChunk.java:324)
        at
org.apache.catalina.authenticator.FormAuthenticator.saveRequest(FormAuth
enticator.java:487)
        at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAut
henticator.java:236)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator
Base.java:490)
        at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541
)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:126)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:105)
        at
org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:
419)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:107)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1
48)

--------

Any ideas are greatly appreciated.

Thanks.

-Dennis

-----Original Message-----
From: Klotz Jr, Dennis [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 16, 2006 8:29 AM
To: Tomcat Users List
Subject: Best practice for detecting session expiration for applets?

This might be off topic but I am hoping someone has the time to help me
out.

I recently moved from basic to forms based authentication and I am
having some problems with session expiration and my applets.

I serialize plain old java objects back and forth from my client applet
to tomcat 5.5.15 and now I am trying to recognize at the client when a
session has expired, instead of simply getting a nasty exception about
EOF on stream etc.

I'm hoping someone can give me a couple of pointers on what I should do
to handle this from an applet.

Should I do a 'normal' GET or POST heartbeat before the serialization
attempt? (really don't like this idea)?

Should I try and use HttpURLConnections getResponseCode()? (it doesn't
seem to work as I would expect).

Should I use the jakarata commons http client project?  (Seems like
overkill)

Here is an example of the code followed by the exception I get on the
client side:

--------------------------

    HttpURLConnection con = (HttpURLConnection)servlet.openConnection
();
    Object o = null;
        
    // Prepare for both input and output
    con.setDoInput (true);
    con.setDoOutput (true);
        
    // Turn off caching
    con.setUseCaches (false);
        
    // Set the content type to be application/x-java-serialized-object
    con.setRequestProperty ("Content-Type",
"application/x-java-serialized-object");
        
    // Send headers
    sendHeaders (con);
        
    // Write the serialized object as post data
    ObjectOutputStream out = new ObjectOutputStream (con.getOutputStream
());
    out.writeObject (obj);
    out.flush ();
    out.close ();
        
    InputStream in = con.getInputStream ();

    int status = con.getResponseCode ();
    System.out.println (this.getClass ().getName () + " : INFO : " +
status);
    if ((status == con.HTTP_UNAUTHORIZED) ||
        (status == con.HTTP_NOT_AUTHORITATIVE) ||
        (status == con.HTTP_FORBIDDEN))
    {
        System.out.println (this.getClass ().getName () + " : WARNING :
Session timed out !!?? " );
        // TODO: do something useful here. Send custom exception up...
    }

    ObjectInputStream result = new ObjectInputStream (in);
    try
    {
        o = result.readObject ();
    }
    catch 
    ... (snip) ...
    finally 
    {
        in.close();
        result.close();
    }
      
    return (o);

-------------------------

java.io.EOFException
        at java.io.ObjectInputStream$PeekInputStream.readFully(Unknown
Source)
        at
java.io.ObjectInputStream$BlockDataInputStream.readShort(Unknown Source)
        at java.io.ObjectInputStream.readStreamHeader(Unknown Source)
        at java.io.ObjectInputStream.<init>(Unknown Source)
        at
com.empirix.hm.callq.client.common.HttpMessage.sendPostMessage(HttpMessa
ge.java:212)
        at
com.empirix.hm.callq.client.common.CallQSerializeData.sendViaHttp(CallQS
erializeData.java:102)

----------------------

Regards,

Dennis Klotz



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]