Win a copy of Rust Web Development this week in the Other Languages forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

Single Logon

 
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Guys !
Need to implement the security functionality of "Single Logon". Login is implemented through BASIC AUTHENTICATION with tomcat 4.1.12 as server. However, i also furthur need to ensure that only a single user for a particular account can be logged in at any point of time. How should this be enforced ???
Pls suggest.
Thanks Guys!
 
Ranch Hand
Posts: 233
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Sam,
One of the way out to your problem is:
You have to write a seprate helper class where in one thread will be running all the time(Call this class from login servlet init method). This thread will map session object with user id and put in a hash table. During every login you call a method which will check in the hash table for the user id and if found take the session object and invalidate it. In this way you can restirct user from logging from two machine.Also take care when user log's out or on session time out session object in the hash table is removed (this you can achive by writting a seprate helper class).
-arun
 
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think Arun's idea would work, if you could only know when a login occurs.
When logging in using Tomcat/J2EE BASIC authorization, you don't have any obvious way to know about the login event. As far as I know, that is..
 
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How could one know when the session times out. Is there any method which is called when the session is timed out ?
Regards,
Javed.
 
Ranch Hand
Posts: 112
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can have an object you store in the session implement the HttpSessionBindingListener interface. Add code that you want executed when the session times out in the valueUnbound() method.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic