Why do my webfigures not work correctly on Tomcat when my application uses authentication?

4 views (last 30 days)
MathWorks Support Team
MathWorks Support Team on 5 Nov 2012
I have written a Web Application on Tomcat which uses Webfigures. The application used to run fine but after adding a login/authentication by adding the following to my web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
The Webfigures do not work correctly anymore. The first time when an user instantiates a new session; I receive errors like:
INFO: WebFigures: com.mathworks.toolbox.javabuilder.services.ServiceException: com.mathworks.toolbox.javabuilder.services.ServiceException: com.mathworks.toolbox.javabuilder.statemanager.ObjectNotFoundException: The resource named 'myFigure' at scope 'session' could not be found
at com.mathworks.toolbox.javabuilder.webfigures.WebFiguresServlet.doGet(WebFiguresServlet.java:161)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(...)
If the user then refreshes the page, the figures appear to work fine again.

Sign in to answer this question.

Accepted Answer

MathWorks Support Team
MathWorks Support Team on 5 Nov 2012
This is the result of "Session Fixation Protection" in Tomcat (<http://www.tomcatexpert.com/blog/2011/04/25/session-fixation-protection>). The session ID is automatically changed when an user logs in which can lead to a different session being used by the webfigures service than the session to which you assigned your webfigure.
To work around this either:
1. Disable Session Fixation Protection by adding a Valve to your application's context.xml and setting changeSessionIdOnAuthentication to false:
<Valve className="org.apache.catalina.authenticator.BasicAuthenticator"
changeSessionIdOnAuthentication="false"/>
2. Or you could use a redirect page (so automatically perform a "refresh" for the end-user). For example write an index.jsp which basically only has:
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%
response.sendRedirect("page2.jsp");
%>
And then on page2.jsp use the webfigures.

More Answers (0)

Categories

Find more on Java Package Integration in Help Center and File Exchange

Tags

No tags entered yet.

Products


Release

R2012b

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!