Enterprise Client Community

Hi,

when starting our application in a new browser window the code to display the first page is called twice. We put a breakpoint in the method prepareObject() of the Dispatcher and see that the method is called from two different Http sessions within a couple of milliseconds.

This only happens if the application is deployed on a server with authentication turned on (WebLogic or JBoss). On a Tomcat without authentication we see only one Http session.

After the page is displayed all new requests use only one of the two sessions. The unused session is destroyed after the configured session timeout.

On the network we see a POST request to display the page followed by a HTTP 401 (Unauthorized) response from the server. Then the request is sent again with authentication.

...
Connection Opened, 04/19/2013 13:19:19:0223
Connection Closed, 04/19/2013 13:19:19:0454
Client Data, POST /elektrang/faces/elektra/base/ElektraContentWindow.jsp? HTTP/1.1

cc_clearDump=true&cc_initialCall=true&cc_subpageId=0&cc_clientId=WSWLC051
Server Data, HTTP/1.1 401 Unauthorized

Connection Opened, 04/19/2013 13:19:19:0231
Connection Closed, 04/19/2013 13:19:21:0441
Client Data, HEAD /elektrang/faces/elektra/base/ElektraContentWindow.jsp HTTP/1.1

Server Data, HTTP/1.1 200 OK

Connection Opened, 04/19/2013 13:19:19:0455
Connection Closed, 04/19/2013 13:19:21:0447
Client Data, POST /elektrang/faces/elektra/base/ElektraContentWindow.jsp? HTTP/1.1

cc_clearDump=true&cc_initialCall=true&cc_subpageId=0&cc_clientId=WSWLC051
Server Data, HTTP/1.1 200 OK
...

The server log shows two requests logged almost simultanously with different session IDs.
Thread 0: sessionId G6M3RxyXXR
Thread 1: sessionId 1lnPRxyXsZ

2013-04-19 13:19:20,189 DEBUG [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] - RequestedSessionId: null
2013-04-19 13:19:20,190 DEBUG [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] - RequestURL: http://localhost:8080/elektrang/faces/elektra/base/ElektraContentWindow.jsp
2013-04-19 13:19:20,203 DEBUG [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] - RequestedSessionId: null
2013-04-19 13:19:20,204 DEBUG [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] - RequestURL: http://localhost:8080/elektrang/faces/elektra/base/ElektraContentWindow.jsp
2013-04-19 13:19:20,218 DEBUG [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] - QueryString: null
2013-04-19 13:19:20,220 DEBUG [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] - SessionId: G6M3RxyXXR!412130271!1366370359236
2013-04-19 13:19:20,218 DEBUG [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] - QueryString:
2013-04-19 13:19:20,221 DEBUG [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] - SessionId: 1lnPRxyXsZ!412130271!1366370359475
2013-04-19 13:19:20,222 DEBUG [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] - Benutzer: bender
2013-04-19 13:19:20,221 DEBUG [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] - Benutzer: bender

The next request uses one of the above session IDs:

...
Connection Opened, 04/19/2013 13:19:25:0662
Connection Closed, 04/19/2013 13:19:26:0558

Client Data, POST /elektrang/faces/elektra/base/ElektraContentWindow.jsp;jsessionid=1lnPRxyXsZ!412130271 HTTP/1.1

Server Data, HTTP/1.1 200 OK
...

If our application causes this behaviour, I have no idea how this could happen.

Any thoughts?

Regards
Axel

Hi,

normally CaptainCasa server processing is only addressed if https etc. has been processed.

Is it possible that authentication is done via some servlet filter with WebLogic, and that these filters are executed after the filter (ThreadingFilter) of CaptainCasa?
If so: please make sure the sequence is: first the authentication fiters, than the closer-to-the-application-filters (like CaptainCasa one).

Regards, Björn

Hi Björn,

there are no additional filters in the web.xml. We only added basic authentication. It's not only on WebLogic but the same happens on a JBoss server with authentication.

I debugged the application and this is what happens:
- Open browser and type URL
- Authentication window appears, type in credentials
- ThreadingFilter is called
Session: 9KJFR1SWjC!204645371!1366626934402/null
nothing happens, sessions seems to be destroyed
- Splash screen is displayed
- ThreadingFilter is called
Session: ydgVR1SXnf!204645371!1366626967525/null
page is initialized
- ThreadingFilter is called
Session: pysZR1ScXw!204645371!1366627036592/0
page is initialized

The session output is from log_eclntjsfserver.txt.
The only difference I see between the last two calls to ThreadingFilter is the last part of the session. It changes from null to 0. This part is from ((HttpServletRequest)request).getParameter("cc_subpageId").

The last session is used in all subsequent calls. The other session is destroyed after the configured timeout.

Regards, Axel

Hi Björn,

I think it's solved.

The three calls to ThreadingFilter correspond to 3 different http calls.
- The first request is a http GET of the index.jsp which contains the applet tag.
- The next request is a http HEAD of the jsp containing the outermost CC window. This causes the additional initialization of the page.
- The last request is a http POST of the same jsp.

Our solution is to configure security in web.xml so that only GET and POST requests require authentication. Previously there was no constraint for http methods.

...
<security-constraint>
<web-resource-collection>
<web-resource-name>Collection1</web-resource-name>
<url-pattern>/elektra</url-pattern>
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
...

This solution seems to work without any side effects.

Regards, Axel

PS:
I'm not sure if CC could ensure that HEAD requests don't return any content.