File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Single Logon Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Single Logon" Watch "Single Logon" New topic

Single Logon

Sam Furtado
Ranch Hand

Joined: Jul 16, 2002
Posts: 45
Hi Guys !
Need to implement the security functionality of "Single Logon". Login is implemented through BASIC AUTHENTICATION with tomcat 4.1.12 as server. However, i also furthur need to ensure that only a single user for a particular account can be logged in at any point of time. How should this be enforced ???
Pls suggest.
Thanks Guys!

Sun Certified Java Programmer<br />Sun Certified Web Component Developer
Arun Boraiah
Ranch Hand

Joined: Nov 28, 2001
Posts: 233
Hi Sam,
One of the way out to your problem is:
You have to write a seprate helper class where in one thread will be running all the time(Call this class from login servlet init method). This thread will map session object with user id and put in a hash table. During every login you call a method which will check in the hash table for the user id and if found take the session object and invalidate it. In this way you can restirct user from logging from two machine.Also take care when user log's out or on session time out session object in the hash table is removed (this you can achive by writting a seprate helper class).

Sharing is learning
Steffen Foldager
Ranch Hand

Joined: Mar 22, 2001
Posts: 58
I think Arun's idea would work, if you could only know when a login occurs.
When logging in using Tomcat/J2EE BASIC authorization, you don't have any obvious way to know about the login event. As far as I know, that is..

Steffen Foldager<p>Sun Certified Java Programmer<br />Sun Certified Web Component Developer
Javed Sardar
Ranch Hand

Joined: Sep 10, 2002
Posts: 33
How could one know when the session times out. Is there any method which is called when the session is timed out ?
Roger Graff
Ranch Hand

Joined: May 29, 2001
Posts: 112
You can have an object you store in the session implement the HttpSessionBindingListener interface. Add code that you want executed when the session times out in the valueUnbound() method.
I agree. Here's the link:
subject: Single Logon
It's not a secret anymore!