Forum Stats

  • 3,733,814 Users
  • 2,246,824 Discussions
  • 7,856,883 Comments

Discussions

Migrating HTTP Session to Spring Session causing HTTP 302 Response after Successful Login

User_5HPCX
User_5HPCX Member Posts: 1 Green Ribbon

I am hoping someone here would be able to give some suggestion or recommendation how to resolve this issue that I have been working for more than a week now.

Background:

We have an existing JAVA based application deployed in weblogic 12.2.1.4 version. The application is working fine specially when deployed in single node. However, when we tried to deploy it in a clustered environment, an issue has been encountered on HTTP session. When one of the servers currently serving the client request is down, the session ID has been modified and replaced with a value NONE as replacement to the JVM hashcode of the node being shutdown. Hence, it will then have session mismatch with the existing user session.

For future plans to have it deployed on other application servers based on customer's requirement, the team decided to change and manage it by spring session backed by hazelcast to make the HTTP session servlet container independent. Here's the reference guide from spring session integration.

Based from the guide, we performed this configuration:

Spring Session configuration (e.g. session-context.xml)

<context:annotation-config/>
<bean class="org.springframework.session.hazelcast.config.annotation.web.http.HazelcastHttpSessionConfiguration"/>
<bean id="hazelcastInstance" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
    <property name="staticMethod" value="xxx.xxx.xxx.xxx.xxx.CustomHazelcastProvider.getInstance"/>
</bean>
<bean class="org.springframework.session.web.http.DefaultCookieSerializer">
    <property name="cookieName" value="JSESSIONID"/>
    <property name="cookiePath" value="/"/>
    <property name="domainNamePattern" value="^.+?\.(\w+\.[a-z]+)$"/>
</bean>

In web.xml, we load the spring context loader and the corresponding spring session configuration.

<listener>
   <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
   <param-name>contextConfigLocation</param-name>
   <param-value>classpath*:session-context.xml</param-value>
</context-param>

Then to make sure that spring session repository filter is invoked first by the servlet container, we placed the below as first entry in the filter chain in web.xml.

<filter>
   <filter-name>springSessionRepositoryFilter</filter-name>
   <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
   <filter-name>springSessionRepositoryFilter</filter-name>
   <url-pattern>/cbs-rs/*</url-pattern>
   <dispatcher>REQUEST</dispatcher>
   <dispatcher>ERROR</dispatcher>
</filter-mapping>

After deploying the said change, we have noticed the HTTP session has been replaced with spring session. However, in the filter chain, we have noticed this sequence. Filter #2 which is intended to initialize springSessionRepositoryFilter, is NOT on top of the filter chain.

Is this the expected behavior for weblogic? As advise by spring session team, springSessionRepositoryFilter should come first in the filter chain. I suspect this is the root cause of the issue.

Question: Is there a way to alter this sequence using web.xml?

Any help or suggestion will be much appreciated.

Thank you in advance.

Tagged:
Sign In or Register to comment.