Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Managing Session in Application

 
Elizabath Lima
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I would like to know about the user session management in an enterprise application.

How we can identify a user if we are having a VO for storing his session details?

I'm using Jboss as my app server

Thanks'
Lima
 
Valentin Tanase
Ranch Hand
Posts: 704
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Lima,


How we can identify a user if we are having a VO for storing his session details?

Not sure if I can understand your question though. If you store his information in a VO within the session object then obviously you can get the VO from the session any time you want (of course using web server-side components like JSPs, servlets, custom tags, etc). It could be little bit trickier if you use J2EE security for authenticating/authorizing the user, but it�s far from being very complicated. Again I have the feeling that I might not understand your question very well. Can you please be more explicit?
Regards.
 
Elizabath Lima
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Valentin,

I'm great to have your reply. I can explain the scenario as well.

I want to manage a user session. And i'm privileged to use a Value object to store the user information. I think i can integrate the J2EE container based authentication with the VO.
But I'm not familiar with jboss container based authentication. But i did the same for tomcat. How i can implement this with jboss?

Thankx
Lima
[ November 30, 2005: Message edited by: Elizabath Lima ]
 
Valentin Tanase
Ranch Hand
Posts: 704
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Lima,

I�m not much of a JBoss expert either, but the problem I guess is not vendor dependent when using standard J2EE security. You basically have a login action class or other java component that authenticats the user and creates a corresponding UserVO instance. This piece of code will write the UserVO to the HttpSession as well. You can for example use the user�s login id for writing the VO:

The problem though would become to associate each http request with the appropriate UserVO (in order to authorize him). You might take advantage of the HttpRequest.getRemoteUser() method. If your user was authenticated using standard J2EE security this method will return the user�s loginId and you can retrieve the appropriate UserVO instance:

Regards.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic