oracle.jbo.http
Class HttpSessionCookieImpl

java.lang.Object
oracle.jbo.common.ampool.SessionCookieImpl
oracle.jbo.http.HttpSessionCookieImpl

All Implemented Interfaces:

ApplicationModuleHandle, ApplicationModuleRef, oracle.jbo.http.BindingListener, HttpSessionCookie, java.io.Serializable, SessionCookie

Direct Known Subclasses:

SharedSessionCookieImpl

public class HttpSessionCookieImpl

extends SessionCookieImpl

implements HttpSessionCookie, oracle.jbo.http.BindingListener, java.io.Serializable

Default HttpSessionCookie implementation.

The implementation uses a pluggable helper interface, HttpSessionCookieHelper, to generate unique session identifiers for browser sessions, to read browser cookie values, and to write browser cookie values.

Implements the BindingListener interface. When a session HttpContainer instance is unbound from an HttpSession context the BindingListeners will be notified that a timeout event occured. The timeout implementation releases the application module resource to the application pool. The release is unmanaged since the request is assumed to have already ended.

The HttpSessionCookieImpl also implements additional support for BC4J based authentication. If a single sign on module like mod_osso is not being used then an application developer can set a security principal and security credential in the HttpSession context for later authentication by the BC4J security login module. In order to enable this mode the application developer must have configured the jbo.security.enforce property. The principal and credentials should be cached in the session as follows:

session.setAttribute( JboContext.SECURITY_PRINCIPAL, (String)<principal name>); session.setAttribute( JboContext.SECURITY_CREDENTIALS, (String)<credential>);

Finally, the HttpSessionCookie implementation uses composition to implement the SessionCookie interface. All SessionCookie methods are delegated to an instance of the default SessionCookie implementation. Please see SessionCookieImpl for more infomartion regarding the default session cookie implementation.

See Also:

Serialized Form

Field Summary

Fields inherited from class oracle.jbo.common.ampool.SessionCookieImpl

mEnvironment

Fields inherited from interface oracle.jbo.common.ampool.SessionCookie

BUNDLED_EXC_MODE_KEY, FORCE_RELEASE_MODE, MANAGED_RELEASE_MODE, NULL_PASSIVATION_ID, REMOVE_RESOURCE, RESERVED_MANAGED_RELEASE_MODE, RESERVED_UNMANAGED_RELEASE_MODE, SHARED, SHARED_MANAGED_RELEASE_MODE, SHARED_RELEASE_MODE, SHARED_UNMANAGED_RELEASE_MODE, STATE_MANAGED, STATE_UNMANAGED, UNSHARED, VALUE_SINK_KEY

Constructor Summary

HttpSessionCookieImpl(java.lang.String applicationId, java.lang.String sessionId, ApplicationPool pool)
This constructor may be used if the sessionId is already known.

HttpSessionCookieImpl(java.lang.String applicationId, java.lang.String sessionId, ApplicationPool pool, java.security.Principal userPrincipal, javax.servlet.http.HttpServletRequest request)

HttpSessionCookieImpl(java.lang.String applicationId, java.lang.String sessionId, ApplicationPool pool, java.security.Principal userPrincipal, javax.servlet.http.HttpSession session)

Method Summary

protected void	afterApplicationModuleRelease()
protected void	beforeApplicationModuleRelease(ApplicationModule am)
boolean	isFailoverEnabled() Indicates that session application module state should be persisted to secondary storage immediately upon a managed release.
java.lang.String	readValue(java.lang.Object source) Read the cookie value to the specified data sink.
void	timeout(oracle.jbo.http.BindingEvent ev)
ApplicationModule	useApplicationModule(boolean lock, long waitTimeout) Returns an application module instance for the current thread.
void	valueBound(oracle.jbo.http.BindingEvent ev)
void	valueUnbound(oracle.jbo.http.BindingEvent ev)
void	writeValue(java.lang.Object sink) Write the cookie value to the specified data sink.
void	writeValue(java.lang.Object sink, java.lang.String value) Write the specified cookie value to the specified data sink.

Methods inherited from class oracle.jbo.common.ampool.SessionCookieImpl

copyInto, equals, getApplicationId, getClientEnvironment, getClientEnvironment, getEnvConfigurationName, getEnvInfoProvider, getEnvironment, getEnvironment, getIgnorePiggyback, getLastUpdate, getMostRecentStackId, getPassivationId, getPoolSignature, getProperty, getReservedPassivationId, getSessionId, getSSOSubscriber, getSSOUserName, getSyncLock, getThreadRefCount, getUserData, getUserData, getValue, hashCode, isActivationRequired, isActivationRequired, isApplicationModuleReleased, isApplicationModuleReleasedByThread, isApplicationModuleReserved, isConnectionPoolingEnabled, isResetNonTransactionalState, parsePassivationId, parseSessionId, passivateState, releaseApplicationModule, releaseApplicationModule, releaseApplicationModule, releaseApplicationModule, removeFromPool, removeUserData, reservePassivationId, reservePassivationId, resetState, resetStateInternal, setActivated, setActivationRequired, setEnvInfoProvider, setEnvironment, setEnvironment, setIgnorePiggyback, setMostRecentStackId, setPassivationId, setReferenceCounting, setReservedPassivationId, setSessionCookieListener, setSingleThreaded, setUserData, timeout, toString, useApplicationModule, useApplicationModule, wasActivated

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface oracle.jbo.common.ampool.SessionCookie

copyInto, equals, getApplicationId, getEnvConfigurationName, getEnvInfoProvider, getIgnorePiggyback, getLastUpdate, getMostRecentStackId, getPassivationId, getPoolSignature, getReservedPassivationId, getSessionId, getSSOSubscriber, getSSOUserName, getSyncLock, getThreadRefCount, getUserData, getValue, hashCode, isActivationRequired, isActivationRequired, isApplicationModuleReleased, isApplicationModuleReleasedByThread, isConnectionPoolingEnabled, isResetNonTransactionalState, passivateState, releaseApplicationModule, releaseApplicationModule, releaseApplicationModule, releaseApplicationModule, removeUserData, reservePassivationId, reservePassivationId, resetStateInternal, setActivated, setActivationRequired, setEnvInfoProvider, setEnvironment, setEnvironment, setIgnorePiggyback, setMostRecentStackId, setPassivationId, setReferenceCounting, setReservedPassivationId, setSessionCookieListener, setUserData, toString, wasActivated

Methods inherited from interface oracle.jbo.common.ampool.ApplicationModuleRef

isApplicationModuleReserved, resetState, useApplicationModule, useApplicationModule

Methods inherited from interface oracle.jbo.ApplicationModuleHandle

getClientEnvironment, getClientEnvironment, getEnvironment, getEnvironment, getUserData

Constructor Detail

HttpSessionCookieImpl

public HttpSessionCookieImpl(java.lang.String applicationId,
                             java.lang.String sessionId,
                             ApplicationPool pool)

This constructor may be used if the sessionId is already known.

HttpSessionCookieImpl

public HttpSessionCookieImpl(java.lang.String applicationId,
                             java.lang.String sessionId,
                             ApplicationPool pool,
                             java.security.Principal userPrincipal,
                             javax.servlet.http.HttpServletRequest request)

HttpSessionCookieImpl

public HttpSessionCookieImpl(java.lang.String applicationId,
                             java.lang.String sessionId,
                             ApplicationPool pool,
                             java.security.Principal userPrincipal,
                             javax.servlet.http.HttpSession session)

Method Detail

valueBound

public void valueBound(oracle.jbo.http.BindingEvent ev)

Specified by:

valueBound in interface oracle.jbo.http.BindingListener

valueUnbound

public void valueUnbound(oracle.jbo.http.BindingEvent ev)

Specified by:

valueUnbound in interface oracle.jbo.http.BindingListener

timeout

public void timeout(oracle.jbo.http.BindingEvent ev)

Specified by:

timeout in interface oracle.jbo.http.BindingListener

writeValue

public void writeValue(java.lang.Object sink)

Description copied from interface: SessionCookie

Write the cookie value to the specified data sink.

Specified by:

writeValue in interface SessionCookie

Overrides:

writeValue in class SessionCookieImpl

writeValue

public void writeValue(java.lang.Object sink,
                       java.lang.String value)

Description copied from interface: SessionCookie

Write the specified cookie value to the specified data sink.

Specified by:

writeValue in interface SessionCookie

Overrides:

writeValue in class SessionCookieImpl

readValue

public java.lang.String readValue(java.lang.Object source)

Description copied from interface: SessionCookie

Read the cookie value to the specified data sink.

Specified by:

readValue in interface SessionCookie

Overrides:

readValue in class SessionCookieImpl

isFailoverEnabled

public boolean isFailoverEnabled()

Description copied from interface: SessionCookie

Indicates that session application module state should be persisted to secondary storage immediately upon a managed release.

Session cookie developers should be careful that this value not change after a session cookie has become active.

Specified by:

isFailoverEnabled in interface SessionCookie

Overrides:

isFailoverEnabled in class SessionCookieImpl

beforeApplicationModuleRelease

protected void beforeApplicationModuleRelease(ApplicationModule am)

Overrides:

beforeApplicationModuleRelease in class SessionCookieImpl

afterApplicationModuleRelease

protected void afterApplicationModuleRelease()

Overrides:

afterApplicationModuleRelease in class SessionCookieImpl

useApplicationModule

public ApplicationModule useApplicationModule(boolean lock,
                                              long waitTimeout)

Description copied from interface: ApplicationModuleRef

Returns an application module instance for the current thread.

If the application session cookie references application state the application state should be activated in the returned application module.

The lock parameter may be specified to acquire a lock for the shared application module resource. If a lock is acquired the application should be careful to release that lock after it is done using the application module resource. Application thread starvation may occur if the lock is held indefinitely.

If another thread is holding the lock associated with the session cookie then the current thread will wait for the period specified by the waitTimeout parameter.

Best practice would be to invoke ApplicationModuleRef.useApplicationModule(boolean) in a try...finally block that invokes #releaseApplicationModule(boolean, boolean during finally.

Specified by:

useApplicationModule in interface ApplicationModuleRef

Overrides:

useApplicationModule in class SessionCookieImpl