Hi Guys ! Need to implement the security functionality of "Single Logon". Login is implemented through BASIC AUTHENTICATION with tomcat 4.1.12 as server. However, i also furthur need to ensure that only a single user for a particular account can be logged in at any point of time. How should this be enforced ??? Pls suggest. Thanks Guys!
Sun Certified Java Programmer<br />Sun Certified Web Component Developer
Hi Sam, One of the way out to your problem is: You have to write a seprate helper class where in one thread will be running all the time(Call this class from login servlet init method). This thread will map session object with user id and put in a hash table. During every login you call a method which will check in the hash table for the user id and if found take the session object and invalidate it. In this way you can restirct user from logging from two machine.Also take care when user log's out or on session time out session object in the hash table is removed (this you can achive by writting a seprate helper class). -arun
I think Arun's idea would work, if you could only know when a login occurs. When logging in using Tomcat/J2EE BASIC authorization, you don't have any obvious way to know about the login event. As far as I know, that is..
Steffen Foldager<p>Sun Certified Java Programmer<br />Sun Certified Web Component Developer