[Logo] Enterprise Client Community
  [Search] Search   [Recent Topics] Recent Topics   [Members]  Member Listing   [Groups] Back to home page 
[Register] Register / 
[Login] Login 
Problem with "invaliud security check id" - Check your web.xml! (!!!)  XML
Forum Index -> Development
Author Message
CaptainCasa

Power User
[Avatar]

Joined: 21/11/2007 12:23:06
Messages: 5510
Offline

Hi,

the web.xml filter/servlet information was moved into an API-based configuration 2 years ago... Since then we are telling "Please clean up the web.xml"! ;-) - The problem: there is a certain level of coexistence between web.xml configuration and API-based configurations. So problems only show up in certain scenarios.

One issue we found now in a certain usage-scenario: due to old web.xml configuration the sequence of filters that is applied may be a wrong one. In particular: if the "SecurityFilterGeneral" is executed after the "ThreadingFilter" then you will receive a session-check-id-error...

The problem was solved by cleaning up the web.xml.

All web.xml that is required by CaptainCasa is listed in the web.xml below. Please check your web.xml. - Btw: the web.xml configuration is stable since 2 years (this was exactly the main goal of moving into an API based configuration), so only "old" usage scenarios need to be checked for clean-uo.

Kind regards! Björn



Code:
 <?xml version="1.0" encoding="UTF-8"?>
 
 <!--
 	The default configuration of the servlet context is done in class
 	CCInitialiServlets. 
  -->
 
 <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
          xmlnssi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee <a href="http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" target="_blank" rel="nofollow">http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd</a>"
          id="WebApp_ID" 
          version="3.1">         
          
   <display-name>CaptainCasa based application</display-name>
   <welcome-file-list>
     <welcome-file>index.html</welcome-file>
     <welcome-file>index.htm</welcome-file>
     <welcome-file>index.jsp</welcome-file>
     <welcome-file>default.html</welcome-file>
     <welcome-file>default.htm</welcome-file>
     <welcome-file>default.jsp</welcome-file>
   </welcome-file-list>
 
   <!-- ********** CONTEXT PARAMETERS *************************************** -->
 
   <!-- JBoss Deployment - use the reference implementation that comes
        with CapatainCasa by default -->
   <context-param>
     <param-name>org.jboss.jbossfaces.WAR_BUNDLES_JSF_IMPL</param-name>
     <param-value>true</param-value>
   </context-param>  
 
   <!-- ********** LISTENERS ************************************************ -->  
   <listener>
     <listener-class>org.eclnt.jsfserver.util.CCServletContextListener</listener-class>
   </listener>
   
   <!--
   PLEASE PAY ATTNETION: the registration of the CCServletContextListener in the web.xml
   is sufficient for many servlet engines (e.g. Tomcat). For other servlet engines (Glassfish,
   JBoss) the regsitration needs to be done through a file "META-INF/services/javax.servlet.ServletContainerInitializer".
   This file needs to be visible to the webapp classloader, i.e. needs to be part of WEB-INF/classes
   or part of one of the .jar libraries in WEB-INF/lib.
   <br><br>
   A template file is coming with CaptainCasa's eclntjsfserver*.jar file, here:
   "META-INF/services/javax.servlet.ServletContainerInitializer_template".
   -->
     
   <!-- ********** SESSION MANAGEMENT *************************************** -->
   <session-config>
       <session-timeout>60</session-timeout>
       <tracking-mode>URL</tracking-mode>
   </session-config>
   
   <!--
   Alternative session management via cookies. Also has to be configured in
   eclntjsfserver/config/system.xml!
   
   <session-config>
       <session-timeout>60</session-timeout>
       <tracking-mode>COOKIE</tracking-mode>
       <cookie-config>
           <http-only>true</http-only>
           <secure>true</secure>
       </cookie-config>
   </session-config>
   -->
   
 </web-app>
 
 

Björn Müller, CaptainCasa GmbH
 
Forum Index -> Development
Go to:   
Powered by JForum 2.1.6 © JForum Team