aspose file tools*
The moose likes Spring and the fly likes Immediately Invalidate another user's session after admin locks a user or changes a user's authoriti Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Immediately Invalidate another user Watch "Immediately Invalidate another user New topic
Author

Immediately Invalidate another user's session after admin locks a user or changes a user's authoriti

Eugene Smola
Greenhorn

Joined: Nov 21, 2010
Posts: 10
Hello Folks

Could you please help me with my problem?

We are using spring 3 and spring security.
Our problem is that we need invalidate another user's session immediately (or almost immediately) after admin locks a user in admin panel.
User could be logged in at that moment. Then the admin locks the user, and after the user tries to make any activity on server side by clicking some buttons, it will be redirected to login page and have to login again.

Is there something embedded in spring security to do so?
Maybe get somehow a logged users list, then mark particular session as invalid?
Eugene Smola
Greenhorn

Joined: Nov 21, 2010
Posts: 10
Hi folks!

The answer is:
There is no embedded solutions in spring 3.0

but can offer several solutions:


1. Maintain own user management container:

like this

HttpSession session = se.getSession();
ServletContext context = session.getServletContext();
HashMap activeUsers = (HashMap)context.getAttribute("activeUsers");
activeUsers.put(session.getId(), session);
context.setAttribute("activeUsers", activeUsers);

in sessionCreated method of sessionListner in i successsfully get the list of active user's name and there session id but when i do like that

HttpSessionContext context=request.getSession().getSessionContext();
ServletContext sc=request.getSession().getServletContext();
HashMap activeUsers = (HashMap)sc.getAttribute("activeUsers");
HttpSession session=request.getSession();
if(activeUsers.containsKey(this.sessionID)==true){ session.invalidate(); }
http://www.coderanch.com/t/497470/Servlets/java/invalidate-user-session-forcefully

2. Using jmx beans:
The same problem described and solved there
http://blog.springsource.org/2009/01/02/spring-security-customization-part-2-adjusting-secured-session-in-real-time/
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Immediately Invalidate another user's session after admin locks a user or changes a user's authoriti