Why do my webfigures not work correctly on Tomcat when my application uses authentication?
4 views (last 30 days)
Show older comments
I have written a Web Application on Tomcat which uses Webfigures. The application used to run fine but after adding a login/authentication by adding the following to my web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
The Webfigures do not work correctly anymore. The first time when an user instantiates a new session; I receive errors like:
INFO: WebFigures: com.mathworks.toolbox.javabuilder.services.ServiceException: com.mathworks.toolbox.javabuilder.services.ServiceException: com.mathworks.toolbox.javabuilder.statemanager.ObjectNotFoundException: The resource named 'myFigure' at scope 'session' could not be found
at com.mathworks.toolbox.javabuilder.webfigures.WebFiguresServlet.doGet(WebFiguresServlet.java:161)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(...)
If the user then refreshes the page, the figures appear to work fine again.
Accepted Answer
MathWorks Support Team
on 5 Nov 2012
This is the result of "Session Fixation Protection" in Tomcat (<http://www.tomcatexpert.com/blog/2011/04/25/session-fixation-protection>). The session ID is automatically changed when an user logs in which can lead to a different session being used by the webfigures service than the session to which you assigned your webfigure.
To work around this either:
1. Disable Session Fixation Protection by adding a Valve to your application's context.xml and setting changeSessionIdOnAuthentication to false:
<Valve className="org.apache.catalina.authenticator.BasicAuthenticator"
changeSessionIdOnAuthentication="false"/>
2. Or you could use a redirect page (so automatically perform a "refresh" for the end-user). For example write an index.jsp which basically only has:
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%
response.sendRedirect("page2.jsp");
%>
And then on page2.jsp use the webfigures.
0 Comments
More Answers (0)
See Also
Categories
Find more on Java Package Integration in Help Center and File Exchange
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!