This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Limit access to web application

 
anish jain
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to restrict the number of users,say to 10, accessing my web application.

How can I achieve this? My web application is using jsp and servlets.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64631
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not enough info. How do you identify a "user"?
 
anish jain
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
user means anyone who login to the application. We have a login page at first where one needs to enter username and password.
I just want to restrict the no. of users i.e. the one who provides username and password in order to access the application.

Is that enough?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64631
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How do you account for log outs? In other words, how do you know how many users are "using" the app?

If you can accurately account for "logged in" users (remember, not everyone will log out), you can just keep track of concurrent users in application context.
 
Shyam Ramath
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Create a connection pool using a object and restrict the user accordingly . Once the user logs out free the object to the pool .
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64631
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What on Earth do connections have to do with tracking logins?
 
Abhay Agarwal
Ranch Hand
Posts: 1376
Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@anish -
one simple way -- define an application level variable say - loggedInUserCount (of data type - int/Integer).
Increment this counter( loggedInUserCount ) when new user logs in.
Decrement this counter( loggedInUserCount ) when a user logs out.

If during login, it is found that loggedInUserCount has reached the maximum limit (10 as required in your application), you can deny user to login into application.

As already mentioned in earlier thread , make sure that your application has well defined entry (login) and exit (log out) points so that loggedInUserCount can be managed properly.
for example , apart from user deciding to get log out from application, user session can also get expire (if you have set it in your web.xml/servlet) leading to one of exit point of your application. So loggedInUserCount should be decreased in this scenario (session timeout).
So define your application entry and exit points and increment/decrement loggedInUserCount accordingly.

Make sure that you also consider multi-threading/concurrency scenarios.

~ abhay
 
Shyam Ramath
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:What on Earth do connections have to do with tracking logins?


I did not mean database connection .. a login tracker object which release a entry pass to the user ..make sense ?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64631
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Shyam Ramath wrote:
Bear Bibeault wrote:What on Earth do connections have to do with tracking logins?


I did not mean database connection .. a login tracker object which release a entry pass to the user ..make sense ?

No. What's the need of a "login tracker object" when a simple counter will do the trick?
 
Arun Chidam
Ranch Hand
Posts: 79
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
On your login servlet add the below code which will restrict user to 10 at any point of time

1.Create a active session count for each session created

private static int activeSessions = 0;

public void sessionCreated(HttpSessionEvent se) {
activeSessions++;
}

public void sessionDestroyed(HttpSessionEvent se) {
if(activeSessions > 0)
activeSessions--;
}

public static int getActiveSessions() {
return activeSessions;
}

2.If the session count exceeds 10 then don;t create new session(i.e restrict his login)

if(session.getActiveSessions() < 10)
session.create()
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64631
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Counting sessions will not work. Sessions are created regardless of whether someone is "logged in" or not.
 
Arun Chidam
Ranch Hand
Posts: 79
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
check the below link.....not sure wether it resolves your issue?

Tomcat Setup

Each incoming request requires a thread for the duration of that request. If more simultaneous requests are received than can be handled by the currently available request processing threads, additional threads will be created up to the configured maximum (the value of the maxThreads attribute). If still more simultaneous requests are received, they are stacked up inside the server socket created by the Connector, up to the configured maximum (the value of the acceptCount attribute. Any further simultaneous requests will receive "connection refused" errors, until resources are available to process them.

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic