aspose file tools*
The moose likes Servlets and the fly likes Servlet and general architecture question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Servlet and general architecture question" Watch "Servlet and general architecture question" New topic
Author

Servlet and general architecture question

Rob Hyx
Greenhorn

Joined: Nov 12, 2008
Posts: 18
Forgive me if this is the wrong forum for this question...

I have a web application that consists of several servlets that process requests asynchronously from various other web applications deployed on Tomcat 6. There is a certain amount of persistence using session tracking on the server so the data can be shared amongst the various web applications. I need to add another web application not necessarily deployed tot he same same Tomcat as the other application that can access the same session data. My first thought was that the persistence needs to be moved to a database of some kind that both applications can access, but I'm hoping there is a way to request the data via the second application from the first's session. The main reason I don't want to use a database is that the schema can differ greatly and I don't want to have to administrate a database. I assume the session is tracked via a cookie in the browser and if the two applications reside on separate servers the JSESSIONID will be different...

So is there a way to do this so that one instance of Tomcat can make a request to the other and access the data stored in the session?
Thanks in advance!

William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12806
    
    5
There is no built in mechanism for this.

As I recall, early versions of the servlet API provided access to session data by "outside" threads but it was removed as a security flaw. See the javax.servlet.http.HttpSessionContext Javadocs.

Bill
Rob Hyx
Greenhorn

Joined: Nov 12, 2008
Posts: 18
Thanks Bill... so if I need another method of persistence that can be accessed by an outside web application do you know if I could use something like JPA? Based on the sleuthing I've done that seems like it may be a viable solution but I don't understand how it works with multiple users hitting the service simultaneously.
Louis Bros
Ranch Hand

Joined: Jun 03, 2011
Posts: 54

Hi Rob, JPA is very helpful, you could use some type of locking to handle concurrency, but typically it's still persisting to a database.


OCA7
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6662
    
    5

I would avoid any data level integration between your applications. A cluster of applications that I had to maintain a long time back used this strategy. The problem is that any change you make to your database is not transparent to another party. A change to the column width; removing columns; can affect another application and it is not easy to track this.

Can you explore the option of providing a data service (Say a web service) to application B from application A ? A REST style service with a fluid contract can help expose the data. You still run the risk of making backward incompatible changes, but you can at least track those making calls to the service and reach out to them. If you have a governance system around the services, it makes it easier to reach out to consumers.


SCJP 6 articles - SCJP 5/6 mock exams - More SCJP Mocks
Rob Hyx
Greenhorn

Joined: Nov 12, 2008
Posts: 18
Deepak Bala wrote:I would avoid any data level integration between your applications. A cluster of applications that I had to maintain a long time back used this strategy. The problem is that any change you make to your database is not transparent to another party. A change to the column width; removing columns; can affect another application and it is not easy to track this.

Can you explore the option of providing a data service (Say a web service) to application B from application A ? A REST style service with a fluid contract can help expose the data. You still run the risk of making backward incompatible changes, but you can at least track those making calls to the service and reach out to them. If you have a governance system around the services, it makes it easier to reach out to consumers.


Yeah that's the idea, the thing I can't get my head around is how I persist the data since I can't simply use the session to store the data for each user. The data itself is an ArrayList of Java Objects that store metadata from a database. It's essentially search results.
Rob Hyx
Greenhorn

Joined: Nov 12, 2008
Posts: 18
Louis Bros wrote:Hi Rob, JPA is very helpful, you could use some type of locking to handle concurrency, but typically it's still persisting to a database.


Thank you. That's what I suspected but wasn't sure of.
Pete Nelson
Ranch Hand

Joined: Aug 30, 2010
Posts: 147

There are security issues you would need to address, but could you use the java.beans.XMLEncoder to encapsulate your session object as XML to share it.

I think the bigger issue would be allowing the unique session id from one application to match up with the unique session id of another application. You may have to use a cookie, and set the cookie path to "/" to allow it to share any information at all.


OCPJP
In preparing for battle I have always found that plans are useless, but planning is indispensable. -- Dwight D. Eisenhower
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Servlet and general architecture question