Skip to Main Content
Forums

Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Migrating HTTP Session to Spring Session causing HTTP 302 Response after Successful Login

User_5HPCXMar 9 2021

I am hoping someone here would be able to give some suggestion or recommendation how to resolve this issue that I have been working for more than a week now.
Background:
We have an existing JAVA based application deployed in weblogic 12.2.1.4 version. The application is working fine specially when deployed in single node. However, when we tried to deploy it in a clustered environment, an issue has been encountered on HTTP session. When one of the servers currently serving the client request is down, the session ID has been modified and replaced with a value NONE as replacement to the JVM hashcode of the node being shutdown. Hence, it will then have session mismatch with the existing user session.
For future plans to have it deployed on other application servers based on customer's requirement, the team decided to change and manage it by spring session backed by hazelcast to make the HTTP session servlet container independent. Here's the reference guide from spring session integration.
Spring Session (0 Bytes)Based from the guide, we performed this configuration:
Spring Session configuration (e.g. session-context.xml)

<context:annotation-config/>
<bean class="org.springframework.session.hazelcast.config.annotation.web.http.HazelcastHttpSessionConfiguration"/>
<bean id="hazelcastInstance" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
    <property name="staticMethod" value="xxx.xxx.xxx.xxx.xxx.CustomHazelcastProvider.getInstance"/>
</bean>
<bean class="org.springframework.session.web.http.DefaultCookieSerializer">
    <property name="cookieName" value="JSESSIONID"/>
    <property name="cookiePath" value="/"/>
    <property name="domainNamePattern" value="^.+?\.(\w+\.[a-z]+)$"/>
</bean>

In web.xml, we load the spring context loader and the corresponding spring session configuration.

<listener>
   <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
   <param-name>contextConfigLocation</param-name>
   <param-value>classpath*:session-context.xml</param-value>
</context-param>

Then to make sure that spring session repository filter is invoked first by the servlet container, we placed the below as first entry in the filter chain in web.xml.

<filter>
   <filter-name>springSessionRepositoryFilter</filter-name>
   <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
   <filter-name>springSessionRepositoryFilter</filter-name>
   <url-pattern>/cbs-rs/*</url-pattern>
   <dispatcher>REQUEST</dispatcher>
   <dispatcher>ERROR</dispatcher>
</filter-mapping>

After deploying the said change, we have noticed the HTTP session has been replaced with spring session. However, in the filter chain, we have noticed this sequence. Filter #2 which is intended to initialize springSessionRepositoryFilter, is NOT on top of the filter chain.
servlet-filter-chain.PNGIs this the expected behavior for weblogic? As advise by spring session team, springSessionRepositoryFilter should come first in the filter chain. I suspect this is the root cause of the issue.
Question: Is there a way to alter this sequence using web.xml?
Any help or suggestion will be much appreciated.
Thank you in advance.
Comments
Post Details
Added on Mar 9 2021
#application-servers, #filter, #session, #weblogic
0 comments
610 views