Home/ Questions/Q 3276806
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T19:17:58+00:00

Greetings, fellow StackOverFlow members. I have just begun to learn how to program web-enabled

  • 0

Greetings, fellow StackOverFlow members. I have just begun to learn how to program web-enabled applications using technologies such as Java Enterprise Beans and Java Persistence API.

The official NetBeans website currently offers a bundle that (supposedly) allows me to develop said applications. A bundle that has an approximate size of 213 MB.

Now here’s the deal: suppose that I want to simulate the process of logging in to a website. You know, like, when I log into Amazon, my session data is stored in my browser, and that is how they’re able to, like, display things such as “Welcome, Miguel Martins” or “Recommended purchases for Miguel Martins”, right? Right. Well, here’s what I do (let’s start with index.jsp):

<%@page import="beans.UserBeanRemote"%>
<%@page import="entities.SimplifiedUser"%>
<%@page import="beans.BeanFacade"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>JSP Page</title>
    </head>
    <body>
        <%
            UserBeanRemote userBean = BeanFacade.getUserBean();
            userBean.setAuthenticatedUser(session, new SimplifiedUser("Miguel Martins", "password"));
            SimplifiedUser authenticatedUser = userBean.getAuthenticatedUser(session);
            if (authenticatedUser == null) {
                out.write("No user is authenticated.");
            }
            else {
                out.write("There is an authenticated user. Username: " + authenticatedUser.getUserName());
            }
        %>
    </body>
</html>

Simple, right? My intentions here are (obviously) to call the setAuthenticatedUser method to store session data, and then the getAuthenticatedUser method to basically ask “who is authenticated in this web browser?”

And here’s how I programmed the rest. Keep in mind this is supposed to be a simple/minimalistic application, for learning purposes.

BeanFacade.java

package beans;

import javax.naming.InitialContext;
import javax.naming.NamingException;

public class BeanFacade {
    private static InitialContext context;

    private static void initializeContext() throws NamingException {
        if (context == null) {
            context = new InitialContext();
        }
    }

    public static UserBeanRemote getUserBean() throws NamingException {
        initializeContext();
        return (UserBeanRemote) context.lookup("java:global/SimplifiedAuthentication/SimplifiedAuthentication-ejb/UserBean!beans.UserBeanRemote");
    }
}

UserBean.java

package beans;

import entities.SimplifiedUser;
import javax.ejb.Stateless;
import javax.servlet.http.HttpSession;

@Stateless
public class UserBean implements UserBeanRemote {

    @Override
    public void setAuthenticatedUser(HttpSession session, SimplifiedUser user) {
        session.setAttribute("authenticated_user", user);
    }

    @Override
    public SimplifiedUser getAuthenticatedUser(HttpSession session) {
        return (SimplifiedUser) session.getAttribute("authenticated_user");
    }
}

UserBeanRemote.java (obviously, UserBean’s remote interface)

package beans;

import entities.SimplifiedUser;
import javax.ejb.Remote;
import javax.servlet.http.HttpSession;

@Remote
public interface UserBeanRemote {
    public void setAuthenticatedUser(HttpSession session, SimplifiedUser user);
    public SimplifiedUser getAuthenticatedUser(HttpSession session);
}

And last, but not least, SimplifiedUser.java. This is what I want to store as session data.

package entities;

import java.io.Serializable;
import javax.persistence.Entity;
import javax.persistence.Id;

@Entity
public class SimplifiedUser implements Serializable {
    private static final long serialVersionUID = 1L;
    @Id
    private String userName;
    private String password;

    public SimplifiedUser() {
    }

    public SimplifiedUser(String userName, String password) {
        this.userName = userName;
        this.password = password;
    }

    public String getUserName() {
        return userName;
    }
}

However, much to my dismay, when I run the project, it throws an exception at me:

HTTP Status 500 –

type Exception report

message

descriptionThe server encountered an
internal error () that prevented it
from fulfilling this request.

exception

org.apache.jasper.JasperException:
javax.ejb.EJBException:
java.rmi.MarshalException: CORBA
BAD_PARAM 1330446342 Maybe; nested
exception is:
java.io.NotSerializableException:

root cause

javax.ejb.EJBException:
java.rmi.MarshalException: CORBA
BAD_PARAM 1330446342 Maybe; nested
exception is:
java.io.NotSerializableException:

root cause

java.rmi.MarshalException: CORBA
BAD_PARAM 1330446342 Maybe; nested
exception is:
java.io.NotSerializableException:

root cause

java.io.NotSerializableException:

root cause

org.omg.CORBA.BAD_PARAM: vmcid: OMG
minor code: 6 completed: Maybe

note The full stack traces of the
exception and its root causes are
available in the GlassFish Server Open
Source Edition 3.0.1 logs. GlassFish
Server Open Source Edition 3.0.1

And, after some old-fashioned debugging (“commenting stuff out”), it seems that the cause of the exception is this:

session.setAttribute("authenticated_user", user);

And this:

return (SimplifiedUser) session.getAttribute("authenticated_user");

Which indicates me that, somehow, they don’t want me to store my user data (nor retreive it) inside an HttpSession instance.

Does anyone know why this is? Isn’t it perfectly legal to store a Serializable object inside an HttpSession instance in the first place? If so, then what in the world is going on here?

Thank you,
Miguel Martins

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    My apologies, fellow StackOverflow members. After some very enlightening discussion between me and one of my project colleagues, I have realized the error of my ways. Long story short, it seems that the exception is due to the fact that everything I pass around to an EJB has to be serializable. And naturally, an HttpSession instance is not serializable.

    Even if it were serializable, though, that colleague of mine clearly proved to me, beyond the shadow of a doubt, that an HttpSession instance should never leave the web tier and be passed around to some other tier (in this case, the EJB tier). Hence, what I was trying to do… I was doing it the wrong way.

    The correct way, according to my colleague himself, is to create a whole new User class, to be used exclusively in the web tier (i.e. we end up having two classes, a User class, which carries the @Entity annotation, and another class, which would later be known as “UserViewModel”, following a design pattern known as the ViewModel pattern. Basically, this “second User class” is a reduced version of the original one, designed to be exclusively used on the web tier.

    So kudos to my colleague who showed me the error of my ways. If anyone out there has something else to say about this, though, please do speak up.

    • 0