[Logo] Enterprise Client Community
  [Search] Search   [Recent Topics] Recent Topics   [Members]  Member Listing   [Groups] Back to home page 
[Register] Register / 
[Login] Login 
Problem with "invaliud security check id" - Check your web.xml! (!!!)  XML
Forum Index -> Development
Author Message

Power User

Joined: 21/11/2007 12:23:06
Messages: 5230


the web.xml filter/servlet information was moved into an API-based configuration 2 years ago... Since then we are telling "Please clean up the web.xml"! ;-) - The problem: there is a certain level of coexistence between web.xml configuration and API-based configurations. So problems only show up in certain scenarios.

One issue we found now in a certain usage-scenario: due to old web.xml configuration the sequence of filters that is applied may be a wrong one. In particular: if the "SecurityFilterGeneral" is executed after the "ThreadingFilter" then you will receive a session-check-id-error...

The problem was solved by cleaning up the web.xml.

All web.xml that is required by CaptainCasa is listed in the web.xml below. Please check your web.xml. - Btw: the web.xml configuration is stable since 2 years (this was exactly the main goal of moving into an API based configuration), so only "old" usage scenarios need to be checked for clean-uo.

Kind regards! Björn

 <?xml version="1.0" encoding="UTF-8"?>
 	The default configuration of the servlet context is done in class
 <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
          xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee <a href="http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" target="_blank" rel="nofollow">http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd</a>"
   <display-name>CaptainCasa based application</display-name>
   <!-- ********** CONTEXT PARAMETERS *************************************** -->
   <!-- JBoss Deployment - use the reference implementation that comes
        with CapatainCasa by default -->
   <!-- ********** LISTENERS ************************************************ -->  
   PLEASE PAY ATTNETION: the registration of the CCServletContextListener in the web.xml
   is sufficient for many servlet engines (e.g. Tomcat). For other servlet engines (Glassfish,
   JBoss) the regsitration needs to be done through a file "META-INF/services/javax.servlet.ServletContainerInitializer".
   This file needs to be visible to the webapp classloader, i.e. needs to be part of WEB-INF/classes
   or part of one of the .jar libraries in WEB-INF/lib.
   A template file is coming with CaptainCasa's eclntjsfserver*.jar file, here:
   <!-- ********** SESSION MANAGEMENT *************************************** -->
   Alternative session management via cookies. Also has to be configured in

Björn Müller, CaptainCasa GmbH
Forum Index -> Development
Go to:   
Powered by JForum 2.1.6 © JForum Team