Meaningless Drivel is fun!*
The moose likes EJB and other Java EE Technologies and the fly likes Managing Session in Application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "Managing Session in Application" Watch "Managing Session in Application" New topic
Author

Managing Session in Application

Elizabath Lima
Ranch Hand

Joined: Nov 23, 2005
Posts: 32
Hi,

I would like to know about the user session management in an enterprise application.

How we can identify a user if we are having a VO for storing his session details?

I'm using Jboss as my app server

Thanks'
Lima
Valentin Tanase
Ranch Hand

Joined: Feb 17, 2005
Posts: 704
Hi Lima,


How we can identify a user if we are having a VO for storing his session details?

Not sure if I can understand your question though. If you store his information in a VO within the session object then obviously you can get the VO from the session any time you want (of course using web server-side components like JSPs, servlets, custom tags, etc). It could be little bit trickier if you use J2EE security for authenticating/authorizing the user, but it�s far from being very complicated. Again I have the feeling that I might not understand your question very well. Can you please be more explicit?
Regards.


I think, therefore I exist -- Rene Descartes
Elizabath Lima
Ranch Hand

Joined: Nov 23, 2005
Posts: 32
Hi Valentin,

I'm great to have your reply. I can explain the scenario as well.

I want to manage a user session. And i'm privileged to use a Value object to store the user information. I think i can integrate the J2EE container based authentication with the VO.
But I'm not familiar with jboss container based authentication. But i did the same for tomcat. How i can implement this with jboss?

Thankx
Lima
[ November 30, 2005: Message edited by: Elizabath Lima ]
Valentin Tanase
Ranch Hand

Joined: Feb 17, 2005
Posts: 704
Hi Lima,

I�m not much of a JBoss expert either, but the problem I guess is not vendor dependent when using standard J2EE security. You basically have a login action class or other java component that authenticats the user and creates a corresponding UserVO instance. This piece of code will write the UserVO to the HttpSession as well. You can for example use the user�s login id for writing the VO:

The problem though would become to associate each http request with the appropriate UserVO (in order to authorize him). You might take advantage of the HttpRequest.getRemoteUser() method. If your user was authenticated using standard J2EE security this method will return the user�s loginId and you can retrieve the appropriate UserVO instance:

Regards.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Managing Session in Application