Session Servlet Example: Difference between revisions
No edit summary |
|||
| Line 25: | Line 25: | ||
=Usage= | =Usage= | ||
=Authentication= | ==Authentication== | ||
The default build produces a servlet that *does NOT require authentication*. | The default build produces a servlet that *does NOT require authentication*. | ||
| Line 40: | Line 38: | ||
3. Enable <security-domain> in <tt>jboss-web.xml</tt> and make sure it points to the correct one on the server. | 3. Enable <security-domain> in <tt>jboss-web.xml</tt> and make sure it points to the correct one on the server. | ||
=HTTP Session Support= | ==HTTP Session Support== | ||
The servlet will NOT establish a HTTP session by default. | The servlet will NOT establish a HTTP session by default. | ||
If you wish it to establish a session, call | If you wish it to establish a session, call the /establish-session URL: | ||
<pre> | |||
http://localhost:8080/session-servlet/establish-session | |||
</pre> | |||
This will create a HTTP session and send the Set-Cookie JSESSIONID back to browser. If /establish-session is called repeatedly on an already established session, the application will warn. | |||
To get more information about the current session, use: | |||
<pre> | |||
http://localhost:8080/session-servlet/describe-session | |||
</pre> | |||
To destroy the current session, use: | |||
<pre> | |||
http://localhost:8080/session-servlet/destroy-session | |||
</pre> | |||
After the first request, obviously there's no need for "establish-session" anymore, the browser/server ensemble maintain the one that was established. The current implementation will throw an exception if it sees "?establish-session" again. | After the first request, obviously there's no need for "establish-session" anymore, the browser/server ensemble maintain the one that was established. The current implementation will throw an exception if it sees "?establish-session" again. | ||
Revision as of 01:39, 10 June 2016
Internal
Overview
A simple JEE servlet that can be deployed within a JEE container and used to test continuity, load balancing, failover, session stickiness, etc. It has been tested to work with WildFly/EAP and with Tomcat. One of the design constraints was to avoid container-specific dependencies. Its only dependencies are slf4j for logging and the Servlet API.
Source Code
Build
mvn clean package
Deploy
Copy ./target/session-servlet.war into the deployment directory of the application server.
Usage
Authentication
The default build produces a servlet that *does NOT require authentication*.
If you want authentication, do this (JBoss 5 procedure, may need to be updated for WildFly):
1. Un-comment web.xml section starting with <security-constraint> and ending with </security-role>.
2. Replace "admin" with a valid role. The replacement must be done in both places where <role-name> is mentioned. For example, if deployed on JBoss 5, pick up an appropriate role from $JBOSS_HOME/server/$JBOSS_PROFILE/conf/props/jmx-console-roles.properties.
3. Enable <security-domain> in jboss-web.xml and make sure it points to the correct one on the server.
HTTP Session Support
The servlet will NOT establish a HTTP session by default.
If you wish it to establish a session, call the /establish-session URL:
http://localhost:8080/session-servlet/establish-session
This will create a HTTP session and send the Set-Cookie JSESSIONID back to browser. If /establish-session is called repeatedly on an already established session, the application will warn.
To get more information about the current session, use:
http://localhost:8080/session-servlet/describe-session
To destroy the current session, use:
http://localhost:8080/session-servlet/destroy-session
After the first request, obviously there's no need for "establish-session" anymore, the browser/server ensemble maintain the one that was established. The current implementation will throw an exception if it sees "?establish-session" again.
In order to store a key/value pair into the session, use http://locahost:8080/session-servlet/put?key=something&value=somethingelse. In order to retrieve a key/value pair from the session, use http://locahost:8080/session-servlet/get?key=something
Enable HTTP Session Replication
Root Context
You can change the root context as follows:
On JBoss
Method One
Simply deploy the WAR under the desired name.
Method Two
TODO: use jboss-web.xml and root-context.
On Tomcat
Simply deploy the WAR under the desired name.
Test Plan
1. Simple Availability
Build and deploy.
Go to http://<server-address>:<server-port>/session-servlet
It will return a simple HTTP page listing relevant information regarding the execution.
2. Session Experiments
Establish a session with http://<server-address>:<server-port>/session-servlet?establish-session
Then drop the parameter, the browser/server should maintain the session until it expires.