Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Single Logon

 
Sam Furtado
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys !
Need to implement the security functionality of "Single Logon". Login is implemented through BASIC AUTHENTICATION with tomcat 4.1.12 as server. However, i also furthur need to ensure that only a single user for a particular account can be logged in at any point of time. How should this be enforced ???
Pls suggest.
Thanks Guys!
 
Arun Boraiah
Ranch Hand
Posts: 233
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Sam,
One of the way out to your problem is:
You have to write a seprate helper class where in one thread will be running all the time(Call this class from login servlet init method). This thread will map session object with user id and put in a hash table. During every login you call a method which will check in the hash table for the user id and if found take the session object and invalidate it. In this way you can restirct user from logging from two machine.Also take care when user log's out or on session time out session object in the hash table is removed (this you can achive by writting a seprate helper class).
-arun
 
Steffen Foldager
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think Arun's idea would work, if you could only know when a login occurs.
When logging in using Tomcat/J2EE BASIC authorization, you don't have any obvious way to know about the login event. As far as I know, that is..
 
Javed Sardar
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How could one know when the session times out. Is there any method which is called when the session is timed out ?
Regards,
Javed.
 
Roger Graff
Ranch Hand
Posts: 112
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can have an object you store in the session implement the HttpSessionBindingListener interface. Add code that you want executed when the session times out in the valueUnbound() method.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic