[
https://issues.apache.org/jira/browse/SSHD-1000?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17113422#comment-17113422
]
Lyor Goldstein edited comment on SSHD-1000 at 5/22/20, 4:37 AM:
----------------------------------------------------------------
Sounds reasonable - though not entirely part of the SSHD standard. Before we go
ahead and implement it in the framework can you provide some use case where
this would be useful ? Why would someone want to limit the number of unique
usernames rather than number of sessions. The limit on the sessions is in place
in order to protect the server from consuming too many resources. What would
limiting the number of unique users help prevent ?
Anyway, you can implement it right now - simply register a {{SessionListener}},
wait to be notified of new user authentication successful. Track the
(successful) username then throw an exception if it exceeds some convenient
number.
was (Author: lgoldstein):
Sounds reasonable - though not entirely part of the SSHD standard. Before we go
ahead and implement it in the framework can you provide some use case where
this would be useful ? Why would someone want to limit the number of unique
usernames rather than number of sessions. The limit on the sessions is in place
in order to protect the server from consuming too many resources. What would
limiting the number of unique users help prevent ?
Anyway, you can implement it right now - simply register a {{SessionListener}},
wait to be notified of new user authentication successful. Track the username
successful then throw an exception if it exceeds some convenient number.
> Limit Max unique user session.
> ------------------------------
>
> Key: SSHD-1000
> URL: https://issues.apache.org/jira/browse/SSHD-1000
> Project: MINA SSHD
> Issue Type: New Feature
> Reporter: Sandeep
> Assignee: Lyor Goldstein
> Priority: Major
>
> Hi Team we have MAX_CONCURRENT_SESSIONS property but I want limit Max
> unique user login.
> e.g let say MAX_USER_LOGINS =10 then our server can allow max 10 unique user
> logins only.
> Code :
> I have checked library code and created some sudo code using old method for
> max_concurrent_sessions as follows,
> Note * it does not have unique user check we can add it.
>
> {code:java}
> // code placeholder
> public int getActiveSessionUserCount() {
> IoSession networkSession = getIoSession();
> IoService service = networkSession.getService();
> Map<?, IoSession> sessionsMap = service.getManagedSessions();
> if (GenericUtils.isEmpty(sessionsMap)) {
> return 0;
> } int totalCount = 0;
> for (IoSession is : sessionsMap.values()) {
> ServerSession session = (ServerSession) getSession(is, true);
> if (session == null) {
> continue;
> } String sessionUser = session.getUsername();
> if (!GenericUtils.isEmpty(sessionUser)) {
> totalCount++;
> }
> }
> return totalCount;
> }
> {code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
