Is there any way i can access the object of one client session from another client session?
Unless you have isolated your Entities to the client Session (ClassDescriptor.setIsIsolated) then the ClientSession does not actually hold any entity instances. So unless you have caching disabled all queries against a ClientSession will return the same entity instances.
If you have isolated Entities or are actually using a UnitOfWork then you will have to get the value from the holding UnitOfWork/IsolatedClientSession. It is not advisable to access a UnitOfWork or ClientSession concurrently with multiple threads.
I'm not sure to get what you're trying to achieve but, according to Server and Client Sessions from the TopLink Developer Guide, you're not supposed to share client session accross multiple threads:
Although client sessions are thread-safe, do not use them to write across multiple threads. Multithread write operations from the same client session can result in errors and a loss of data. For more information, see "Concurrency".
Could you clarify why you would need this?
Related
I am using Spring Session JDBC to persist sessions in my application. I am aware that this implementation does not support HTTP event publishing. However, I have a requirement to log session creation, expiration, and destruction. If I get some sort of notification that the session was destroyed, I already know how to determine if it was a logout or timeout.
I realize that the obvious answer is "don't use JDBC". However, I do not have the option to stand up Redis or Hazelcast due to strong port-management policies of my organization. If I want to open the Redis or Hazelcast ports, management has to get involved.
I'm asking if anyone has figured out how to "fake it", and determine if a sesson is created or destroyed in the absence of an HttpSessionEventPublisher. I have one idea which is the equivalent of a very large hammer approach, so I'm wondering if anyone else has done this in the past.
I'm a long-time Spring developer learning NestJS. The similarities are so striking, and I've loved how productive that's allowed me to be. Some documentation has me confused about one thing however.
I try to liken Nest "providers" to Spring beans with default scope. For example I create #Injectable service classes and think of them as analogous to Spring #Services. As such I've assumed these service classes needed to be thread safe - no state, etc. However, the Nest documentation here is a little ambiguous to me and kind of implies this might not be necessary (emphasis mine):
For people coming from different programming language backgrounds, it might be unexpected to learn that in Nest, almost everything is shared across incoming requests. We have a connection pool to the database, singleton services with global state, etc. Remember that Node.js doesn't follow the request/response Multi-Threaded Stateless Model in which every request is processed by a separate thread. Hence, using singleton instances is fully safe for our applications.
If individual requests aren't handled in their own threads, is it OK for Nest providers to contain mutable state? It would be up to the app to ensure each incoming request started with a "clean slate" - e.g. initializing that state with a NestInterceptor, for example. But to me, that doc reads that providers are created as singletons, and thus can be used as something akin to a wrapper container for data, like a ThreadLocal in Java.
Am I reading this wrong, or is this a difference in behavior between Nest and Spring?
You really should make request handling stateless.
I don't know anything about Spring, but in NestJS (and async javascript in general) it's single threaded, but doesn't block for I/O. That means the same thread of the same instance of a service can process multiple requests at once. It can only do one thing at a time, but it can start doing the next thing while the previous thing is waiting on a database query, or for the request to finish being transmitted, or for an external service to respond, or for the filesystem to deliver the contents of a file, etc.
So in one thread, with one instance of a service, this can happen:
Request A comes in.
Database query is dispatched for request A.
Request B comes in.
Database query is dispatched for request B.
Database query for request A returns, and the response is sent.
Database query for request B returns, and the response is sent.
What that means for state is that it will be shared between requests. If your service sets an instance property at one step of an async operation, then another async operation may start before the first was complete and set a new value for that instance property, which is probably not what you want.
I believe the "global state" the Nest docs mention is not per request, but general configuration state. Like the URL of an external service, or credentials to your database.
It's also worth mentioning that controllers receive a request object, which represents that specific request. It's common to add properties to that request object, like the current authenticated user for example. The request object can be passed around to give your controller and services context in a way that is friendly to this architecture.
We have a small service using Akka internally to run actions concurrent and in a non-blocking way. Akka is of great value to us, but now I need to add authorization (filtering for search and access restriction on specific objects) to some of the actors. We're using Spring Boot and Spring Security to handle authentication and authorization on the Web container, before transferring most of the work to actors managed by the Akka system. Naively, I thought I could use
String userId = SecurityContextHolder.getContext().getAuthentication().getName();
in the actors, but that of course fails because we are on Akka controlled threads. By default, I don't have control over the threads of my Akka system, so there's no thread local security context available.
I see two options:
Pass the user id as part of the messages
Pass the Spring DelegatingSecurityContextExecutorService to the Akka system via a ExecutionContext
On 1: I can pass the user id with the messages to make it available to the respective actors. However, when the authenticated user id becomes part of a message, how can I protect my actors from getting messages that contain any kind of user id? Is this bad practice or is a Akka system protected against such misuse? Do I need to activate further security on the Akka system?
On 2: I can pass my own ExecutionContext when creating the Akka system. That allows me to pass an instance of Spring's DelegatingSecurityContextExecutorService into it, in the hope that the thread local SecurityContext is being passed along acordingly. Has anybody successfully done that? One issue that comes to my mind here is: What happens when an actor is actually running on a remote machine? The threads there won't have the SecurityContext for sure.
So what's your take on this? Do you see any other options available? Many thanks in advance!
I found sth like this:
"stateful – keep track of the previously stored information which is used for current transaction.
stateless – every transaction is performed as if it were being done for the very first time. There is no previously stored information used for the current transaction.
In a purely stateless environment you wouldn’t need this session id. Each request would contain all the information the server would need to process. But many applications need to maintain state to keep track of whether or not a session is authenticated to view certain content or to keep track of what a user is doing. You wouldn’t want to send user credentials over the wire for each request."
I'm quite confuse. So if stateless session with cookie maintain the state so it's mean that:
stateless session with cookie= session stateful?
Another think. I found information that session stateless is client side session and stateful is server side session. How we can discuss about client side session if stateless session does not maintain session?
In a purely stateless environment you really don't need sessions or cookies.
Both sessions and cookies are used to maintain state. The only question is where. Cookies maintain the state on the client while sessions maintain state on the server.
From Wikipedia: Representational state transfer
The session state can be transferred by the server to another service such as a database to maintain a persistent state for a period and allow authentication.
So typically in a stateless design, yes there is no state between client requests.
Every client request will have sufficient info to perform the requested action.
However, you still need authentication and/or authorization so who the client is identified from request headers (typically).
I’m trying to set up a WcfService with the use of NetTcpBinding. I use Transfer mode Streamed since I will transfer large files. I need to use Session, and I have read that NetTcpBinding supports this, but when I turn it on like:
SessionMode=SessionMode.Required
I get the error:
System.InvalidOperationException: Contract requires Session, but Binding 'NetTcpBinding' doesn't support it or isn't configured properly to support it.
Does anyone know what I have to do to make NetTcpBinding work with sessions?
Thanks for any help :)
You've no doubt solved this - but for others that come across it (as I did)...
According to "Programming WCF Services" by Juval Lowy - you can't use streaming with a contract that is configured SessionMode.Required. See page 243
Neither can you use NetTcpBinding with reliable messaging with streaming.
It doesn't elaborate as to why.
One workaround might be to split the operations that require session mode into a separate contract and the streaming operations into another.
Then implement a unique ID for each client (unique GUID for the lifetime of the client app) which is passed in the non-streaming interface as a RegisterSession(Guid mySessionId) operation.
When sessions are created on the server - they can register with a session manager object which stores the GUID, SessionContractImplemenation pair in a Dictionary.
Then add a param to the streaming contract operation (same GUID) so that the streaming contract implementation can access the live non-streaming object (via the session manager you created - using the GUID provided).
You'll have to manage session lifetimes appropriately of course.
From Microsoft...
Sessions and Streaming
When you have a large amount of data to transfer, the streaming transfer mode in WCF is a feasible alternative to the default behavior of buffering and processing messages in memory in their entirety. You may get unexpected behavior when streaming calls with a session-based binding. All streaming calls are made through a single channel (the datagram channel) that does not support sessions even if the binding being used is configured to use sessions. If multiple clients make streaming calls to the same service object over a session-based binding, and the service object's concurrency mode is set to single and its instance context mode is set to PerSession, all calls must go through the datagram channel and so only one call is processed at a time. One or more clients may then time out. You can work around this issue by either setting the service object's InstanceContextMode to PerCall or Concurrency to multiple.
Note:
MaxConcurrentSessions have no effect in this case because there is only one "session" available.
See http://msdn.microsoft.com/en-us/library/ms733040.aspx