I am trying to develop an application using Spring 2.5.5 Flex/J2EE and Hibernate 3.1.3.
My problem is that when a user opens the "Customer Information" screen and then displays informations of a client in change mode, I want the record to be locked (Pessimistic or optimistic lock Lock) as appropriate. And registration remains locked until the user validates the change (commit ()) or closes the screen.
They talk on the net about long conversation (Hibernate), and openSessionInView pattern. But I have not found a clear example.
The solution is to keep the Hibernate session open until the end of entry.
then made the commit or rollback.
I try to use the class: "org.springframework.orm.hibernate3.support.OpenSe ssionInViewInterceptor" but I did not succeed.
I do not know how to configure it with Spring.
I spent too much time and it becomes urgent ... Who can help me??
Thank you in advance.
OpenSessionInViewInterceptor has to be configured in your web.xml
Sample below:
<filter>
<filter-name>openSessionInViewFilter</filter-name>
<filter-class>
org.springframework.orm.hibernate3.support.OpenSessionInViewFilter
</filter-class>
<init-param>
<param-name>sessionFactoryBeanName</param-name>
<param-value>sessionFactory</param-value> <!-- This is the default value, in case you have given different name please specify the same. -->
</init-param>
</filter>
Also check the documentation for subtle issues.
Related
I would like to restrict client side error message on Weblogic.
I havent found any solution on it. In that image, would like to suppress bea_fault:stacktrace part.
First of all, you have not explicitly specified which web service technology you are using. I guess that is jax-rpc.
So, i think, you can solve by following ways.
By editing web.xml, you can get response message. ExceptionHandler must be implements javax.servlet.Filter.
<filter>
<filter-name>ExceptionHandler</filter-name>
<filter-class>ExceptionHandler</filter-class>
</filter>
<filter-mapping>
<filter-name>ExceptionHandler</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
Ok, so I am once again going nuts trying to solve the OpenEntityManagerInViewFilter problem.
I have looked around a bunch, read a lot of the other questions (that this might seem like a duplicate of) but no joy so far.
So here's the deal: Spring4, XML based web.xml but java vconfig for the rest of my app context setup. I thought it might be related to this solution: https://stackoverflow.com/a/7015927/258813 (the ContextLoadListener and the servlet config both loading the app contexts), however, I have ensured that they both explicitly reference different configuration files. I have also previously had problems when different config files were #ComponentScan-ing the same locations so the context was loaded twice, but that is not the case either.
Web.xml (relevant bits)
<servlet>
<servlet-name>webapp</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</init-param>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>com.tmm.frm.configuration.WebMvcConfiguration</param-value>
</init-param>
</servlet>
<context-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
com.tmm.frm.configuration.ApiSecurityConfig
com.tmm.frm.configuration.ApplicationContextConfiguration
com.tmm.frm.configuration.WebSecurityConfig
</param-value>
</context-param>
The security configs are both just standard WebSecurityConfigurerAdapter extensions, no other scanning/context jazz.
WebMvc config:
#Configuration
#EnableWebMvc
#ComponentScan("com.tmm.frm.controller")
public class WebMvcConfiguration extends WebMvcConfigurerAdapter{
App Context Config (persistence stuff etc)
#Configuration
#EnableTransactionManagement(mode = AdviceMode.ASPECTJ, proxyTargetClass = true)
#ComponentScan({"com.tmm.frm.service", "com.tmm.frm.helper","com.tmm.frm.core.dao", "com.tmm.frm.security"})
#PropertySource("classpath:META-INF/spring/database.properties")
#EnableAspectJAutoProxy(proxyTargetClass = true)
public class ApplicationContextConfiguration {
So both the relevant config classes are specifically defining different packages etc. Web.xml names configs to load by name so neither config classes are being loaded twice.
Then, I hit the controller - I load the user profile from the Secuirty Context (in the controller), then I jsut try to loop through a collection on the UserProfile that is lazily loaded - I would expect the OpenEntityManagerInViewFilter to kick in and load the collection (as a session is still open) but I get the normal can't load lazy object error. The logs clearly states that the filter is called, so I assume somewhere there are two contexts - any one suggest where the rogue context might be?
From what you have said, you are loading the UserProfile from the security context, presumably you have loaded up the security context at user login.
Now, the EntityManagerthat you used to load up the UserProfile at login to load up the SecurityContext is definitely not going to be valid for a new request coming into system past the login and hence the error. The scope is tied to one web request scope.
The only good workaround that I would see is to only keep some identifier of the user in the securitycontext and load up the actual user details when you need additional details or store initially with additional details.
if someone can help with JBoss returning data from wrong user. Our setup is JBOSS 7.1.1 with Vaadin 7.1.6 and Shiro.
Our current problem is when multiple users use our Vaadin application it frequently returning data from other users to another curently loged user,. ie it is mixing users data. We have tried reinstaling the PC, changing browsers, disabling caching..., nothing helped. We aded CDI UI addon from Vaadin but it doesnt help.
Our previous issue with similar problem
Shiro returning wrong user data
We resolved some other authentication problems with disabling push but this problem stil persist.
Any help apreciated
I have the same problem but when i got to this page my web.xml was already setup.
I´m using JBoss AS 7.1.1, JSF 2 and Shiro. A user receive data from another sessionScope ManagedBean after an ajax call.
Any help apreciated.
If enyone else has the same issue, this is what you need to add to your web.xml:
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
...
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
I need to log in with j_spring_security_check using special characters in the username and/or in the password via url
http://localhost:8080/appname/j_spring_security_check?j_username=username&j_password=üüü
isn't working and
http://localhost:8080/appname/j_spring_security_check?j_username=username&j_password=%c3%bc%c3%bc%c3%bc
(with "üüü" urlencoded)
isn't working either
Any suggestion? Let me know if you need to see any other configuration.
Thanks
The Java Servlet standard is lamentably poor at supporting Unicode. The default of ISO-8859-1 is useless and there is still no cross-container-compatible means of configuring it to something else.
The filter method in matteosilv's answer works for request bodies. For parameters in the URL, you have to use container-specific options. For example in Tomcat, set URIEncoding on the <Connector> in server.xml; in Glassfish it's <parameter-encoding> in glassfish-web.xml.
(If you have to work in a fully cross-container-compatible manner you end up having to write your own implementation of getParameter(), which is sad indeed. Bad Servlet.)
However in any case it is a bad idea to pass login form fields in GET URL parameters.
This is firstly because a login causes a state-change to occur, so it is not "idempotent". This makes GET an unsuitable method and causes a load of practical problems like potentially logging you in when you navigate a page, or failing to log you in due to caching, and so on.
Secondly there are a range of ways URLs can 'leak', including referrer tracking, logging, proxies and browser history retention. Consequently you should never put any sensitive data such as a password in a URL, including in GET form submissions.
I'd suggest using a POST form submission instead, together with the CharacterEncodingFilter.
Maybe an encodingFilter in the web.xml file could be helpful:
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>
org.springframework.web.filter.CharacterEncodingFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
source: Spring security: Form login special characters
The issue was actually solved for me by moving the CharacterEncodingFilter ABOVE the SpringSecurityFilterChain in web.xml.
I am developing services in spring and the services were deployed in JBOSS 7.1.0.
Sample code for request mapping:
#RequestMapping(value=/state, method=RequestMethod.GET)
public ResponseEntity<ListStatesResponseVO> getListOfStates(#RequestParam(required=false) Long id,
#RequestParam(required=false) Long page,
#RequestParam(required=false) Long pagesize);
My problem is when I pass special characters in request parameter, it’s returning me a valid xml response, but as per my understanding it should return “400 BAD REQUEST”.
Sample URI:
http://localhost:8080/location-services/location/api/state?id=$%^$^$#$%^$%
I also added
<property name="org.apache.catalina.connector.URI_ENCODING" value="UTF-8"/>
<property name="org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING" value="true"/>
Inside JBOSS’s standalone.xml.
And also
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<!-- set forceEncoding to true if you want to override encoding of servlet -->
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
Inside web.xml.
But these doesn’t solved the problem.
Is there any solution available for this.
Thanks in advance.
You should not allow your users to enter the values in the query string themselves. It's a bad practice and is very risky for your web application security. To avoid such attacks and restrict your users from url tampering you should implement HDIV framework in your application.
Once you implement that no one can mess with your urls. And if someone tries to do so then "bad request" errors will be shown to them.
Hope this helps you. Cheers.