File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes How to identify host uniquely when a firewall is enabled? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to identify host uniquely when a firewall is enabled?" Watch "How to identify host uniquely when a firewall is enabled?" New topic
Author

How to identify host uniquely when a firewall is enabled?

vinod perla
Greenhorn

Joined: Jan 06, 2005
Posts: 16
Does anybody know how the host is identified uniquely by the server if a firewall is enabled? Will there be any hidden parameters that will be sent across with the URL by the firewall? Is there any way to get hold of those hidden parameters?
vinod perla
Greenhorn

Joined: Jan 06, 2005
Posts: 16
Actually I want to check whether a user has logged in from two different systems or from the same system. If the firewall is enabled it is acting as a proxy for the actual host. So how do I know this information?
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
You can not. A similar thread
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
You can check the browser info. But again two different browser on the same system will do the trick.
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
There is a host hearder in the HTTP request , that might help to identify a host.

Note: host header has been introduced for virtual hosting ,so more that one host can map to a single physical machine.


Rahul Bhattacharjee
LinkedIn - Blog
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
If I'm not mistaken you are after client not the host. The user would be the client and your server would be the host for the user.
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
Originally posted by Rahul Bhattacharjee:
There is a host hearder in the HTTP request , that might help to identify a host.


HOST field wouldn't help here. If you make a request to "http://www.javaranch.com" then the HOST would be "saloon.javaranch.com".

[Edited]
Host - Header Field Definitions
[ January 17, 2007: Message edited by: Adeel Ansari ]
vinod perla
Greenhorn

Joined: Jan 06, 2005
Posts: 16
Thank you for the response. Is there a way to know whether a user has already logged in?

Actual Requirement:
If a user already logged in system1 and if anybody tries logging in with the same user account in system2, an alert should be prompted saying 'A user already logged in with the same details. Do you want to terminate it or not?' Basing on its input the system should either terminate the session of the user in system1 or it should just take the user in the system2 to the login screen again.

If same thing is tried in the same system the alert shouldn�t show up and the system should allow to login
vinod perla
Greenhorn

Joined: Jan 06, 2005
Posts: 16
Adeel Ansari thank you very much for the response. What you said is right I actually want to know the client. Is there a way to identify the client uniquely even when a firewall is enabled?
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
Originally posted by vinod perla:
Adeel Ansari thank you very much for the response. What you said is right I actually want to know the client. Is there a way to identify the client uniquely even when a firewall is enabled?


There is no such way I am aware of.
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
Originally posted by vinod perla:
Actual Requirement:
If a user already logged in system1 and if anybody tries logging in with the same user account in system2, an alert should be prompted saying 'A user already logged in with the same details. Do you want to terminate it or not?' Basing on its input the system should either terminate the session of the user in system1 or it should just take the user in the system2 to the login screen again.

If same thing is tried in the same system the alert shouldn�t show up and the system should allow to login


You can make it if you alter the requirement to be more reasonable something like below.

Block the login if the user is already logged in to the system and some other user or the same user try to log in to the system using the same login credentials.


But I wish could do that.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by vinod perla:
Thank you for the response. Is there a way to know whether a user has already logged in?


No, there is no reliable way to know if a user has logged in more than once.
This question gets asked and debated quite often here and I have yet to see anyone suggest a solid method for doing this.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Originally posted by Adeel Ansari:


HOST field wouldn't help here. If you make a request to "http://www.javaranch.com" then the HOST would be "saloon.javaranch.com".

[Edited]
Host - Header Field Definitions


Yes , true as what you have mentioned.
I misunderstood the question.


vinod perla
Greenhorn

Joined: Jan 06, 2005
Posts: 16
I actually want the IP Address of the client machine, is it possible to get the machine name or IP Address by JavaScript?

If not can anybody suggest me some procedure to fulfill the requirement.
[ January 17, 2007: Message edited by: vinod perla ]
Micheal John
Ranch Hand

Joined: Nov 01, 2006
Posts: 344

Actual Requirement:
If a user already logged in system1 and if anybody tries logging in with the same user account in system2, an alert should be prompted saying 'A user already logged in with the same details. Do you want to terminate it or not?' Basing on its input the system should either terminate the session of the user in system1 or it should just take the user in the system2 to the login screen again.

If same thing is tried in the same system the alert shouldn�t show up and the system should allow to login

I don't know whether it's correct for thhis problem..

Actually You will be checking the username and password are correct from DB(or some other files/property) If it is DB, include one field which indicates user logged in(1)/logged out(0).

So when user1 is log-in, update the field to 1. So when user2 is trying to log-in, allow him only if the field is 0..


Micheal John
SCJP 1.4 (86%), SCWCD 1.4 (86%), SCBCD 1.3 (85%), SCDJWS (Just Started...) - Satisfaction Lies in Our EFFORT, Not in the ATTAINMENT
William Janssen
Ranch Hand

Joined: Jan 02, 2007
Posts: 39
The problem you are describing doesn't really relate to a firewall, since a normal firewall doesn't hide or change one's IP adress which you can get from the request object. A NAT router or any kind of proxy server (forward or reverse) will hide youre clients connection.
From within javascript which runs on the client and thereby a reliable way to get the clients hostname, it is only possible in netscape to get the clients hostname.
The solution described above only solves part of the problem, you know when someone logs into the system. But since it is not possible to handle the log out or closing of the browser or ... in a reliable manner it does not work.
e.g.
User logs into the system, http session is created and entry is written into the database. Browser crashes or any other event which causes the unload not to run. The user reacts by opening a new browser and logs into the system before the http session expires (the expiration of the http session should trigger some code to change the users status inside the database) and the user will be prompted that he/she still is logged in.
There is no 100% reliable option for this, what kind of solution you take, databse, pesistent cookies or.....
sunny mak
Greenhorn

Joined: Jun 11, 2006
Posts: 12
hi,
when you log in sys1 in yahoo and someone tries to login from sys2,we will be automatically logged off saying that someone has logged in from other sys . how does that happen ?


There is always Something!
vinod perla
Greenhorn

Joined: Jan 06, 2005
Posts: 16
Thank you for the responses so far.
I am not bothered about the logout of the user. I should not use the DB either for the flagging.
The Web servers are clustered and the session variables are not shared across web servers. In this scenario which is the best way to keep track whether a user has logged in already?
Suggest me some best way to handle the requirement.

Actual Requirement:
If a user already logged in system1 and if anybody tries logging in with the same user account in system2, an alert should be prompted saying 'A user already logged in with the same details. Do you want to terminate it or not?' Basing on its input the system should either terminate the session of the user in system1 or it should just take the user in the system2 to the login screen again.

If same thing is tried in the same system the alert shouldn�t show up and the system should allow to login
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
Originally posted by vinod perla:
I should not use the DB either for the flagging.

Why?
Originally posted by vinod perla:
In this scenario which is the best way to keep track whether a user has logged in already? Suggest me some best way to handle the requirement.

Database.
vinod perla
Greenhorn

Joined: Jan 06, 2005
Posts: 16
Originally posted by Adeel Ansari: Why

The requirement is to be fixed at the web layer as I was strictly suggested not to use any DB. I can use servlets, files to hold the user info, cookies, session and whatever possible from the web layer.
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
Originally posted by vinod perla:
The requirement is to be fixed at the web layer as I was strictly suggested not to use any DB. I can use servlets, files to hold the user info, cookies, session and whatever possible from the web layer.

Use file then.

By the way a simple definition of the Database would be,

"Database is a collection of files."

[ January 22, 2007: Message edited by: Adeel Ansari ]
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by vinod perla:

The Web servers are clustered and the session variables are not shared across web servers.


If this is the case, and you're not using sticky sessions at the router level, you options are very limited.
You will pretty much have to maintain state in the database (or some other shared resource on the back end).

Those requirements don't sound realistic to me.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to identify host uniquely when a firewall is enabled?
 
Similar Threads
problem in mailing with smtp server
who call the servlet?
Sending Email: JBoss AS-5.1 + Seam-2.2
using anti-virus with firewall
Websphere Internal server Error