jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jukka Zitting" <jukka.zitt...@gmail.com>
Subject Re: web based jcr browser contribution
Date Tue, 21 Nov 2006 23:49:10 GMT
Hi,

On 11/21/06, Edgar Poce <edgarpoce@gmail.com> wrote:
> On 11/21/06, Jukka Zitting <jukka.zitting@gmail.com> wrote:
> > The problem with associating the JCR session with the HTTP session is
> > that the servlet container may allow multiple concurrent request
> > within the same session.
>
> yes. It was an issue I was aware and wanted to discuss the fix.
> If I understand you correctly, in your previous post you proposed to
> store the credentials and create a new connection on each request, I'd
> prefer to keep a single jcr session.

You're right, a single JCR session per HTTP session is probably the
best in this case.

The background for my original idea was a read-only webapp I did a
while ago that maintains a session pool keyed by the login
credentials. The credentials are stored in the HTTP session and the
JCR sessions can very quickly be acquired and released by a
ServletRequestListener using calls like
SessionPool.acquireSession(Credentials) and
SessionPool.releaseSession(Session).

This however only works well for read-only applications and
applications where transient changes are never kept across multiple
requests. Thus it's probably not a good fit for the JCR Navigator.

> What do you think about storing the jcr session in the servlet session
> and use a requestlistener to synchronize the access to the jcr session?.
> On each request a lock would be acquired on the jcr session and released
> only when the request is over. This wouldn't allow two request to access
> the session simultaneously.

Sounds good. A Filter like the following is in fact probably the
easiest way to achieve synchronization:

    public void doFilter(
            ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        HttpSession httpSession = ((HttpServletRequest) request).getSession();
        Session jcrSession = httpSession.getAttribute(SESSION_KEY);
        synchronized (jcrSession) {
            request.setAttribute(SESSION_KEY, jcrSession);
            try {
                chain.doFilter(request, response);
            } finally {
                request.removeAttribute(SESSION_KEY);
            }
        }
    }

Perhaps this could be combined with the current LoginFilter functionality?

BR,

Jukka Zitting

Mime
View raw message