---------------------------------------------------------------- BEFORE YOU POST, search the faq at <http://java.apache.org/faq/> WHEN YOU POST, include all relevant version numbers, log files, and configuration files. Don't make us guess your problem!!! ---------------------------------------------------------------- Hmm... my attachment didn't seem to work. Here is the code inline... naeem ------------------------- import java.lang.*; import java.util.*; import java.text.*; import java.io.*; import javax.servlet.*; import javax.servlet.http.*; /** * This is a servlet that tracks the number of active sessions * in Apache JServ. It generates a simple webpage that shows info * about these sessions, like when the session was created, and * when it was last accessed. It also gives a URL that when clicked * will destroy the related session. * PLEASE NOTE that this servlet is dependant on API calls that * exist only in JSDK 2.0. From JSDK 2.1 onwards Sun removed the * calls for security reasons. This means that you can't use this * servlet with products like Tomcat which relies on JSDK 2.1 * I make absolutely no guarantees regarding this s/w. Use at your * own risk. If someone is able to look at the stuff generated by * this servlet they might be able to compromise your server. So * make sure that you use a difficult-to-guess pin (see below) and * don't blame me if you screw up :) * * Also note that you can customize this servlet to show a lot more * that it currently does. That depends on what you store in your * sessions for your users. For example, if you had their names in * their sessions you could display those too. * * Usage: * o Modify the pin variable to something better than "changeme" :) * o Modify the zone variable to whatever this servlet will run in * o Compile * o Invoke with the URL http://whatever.com/zone/Admin?pin=changeme&command=status * * If you have any questions or run into problems you can email me, * and if I find time I might even reply ;) * * Have fun. * * @author Naeem Bari * @version 0.1, 3/28/2000 */ public class Admin extends HttpServlet { private String pin = "changeme"; private String zone = "servlets"; SimpleDateFormat sdf = new SimpleDateFormat("MM/dd hh:mm:ss z"); public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = new PrintWriter(response.getWriter()); out.println(processRequest(request, response)); out.close(); } public String processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String sWebString = ""; String ppin = request.getParameter("pin"); if (!ppin.equals(pin)) { return "Invalid pin. You are not allowed admin access."; } String sCommand = request.getParameter("command"); if (sCommand.equals("status")) { // display the current status of the system (active sessions etc) sWebString = showStatus(request); System.err.println("OO> Admin: " + "status shown"); } else if (sCommand.equals("flogout")) { // forcibly evict a user from the server String sessStr = request.getParameter("session"); killSession(request, sessStr); response.sendRedirect("/"+zone+"/Admin?pin="+pin+"&command=status"); } else { sWebString = "I don't understand the " + sCommand + " directive - the admin component"; } return sWebString; } private String showStatus(HttpServletRequest request) { String sessStr="", createTime="", accessTime=""; StringBuffer ret = new StringBuffer("<html><meta http-equiv=refresh content=5><body bgcolor=\"#ffffcc\">\n"); ret.append("<h3>Administration Page</h3>\n") .append("<p>\n").append((new java.util.Date()).toString()).append("<p>\n<hr size=1><center>\n") .append("<table border=2>\n<tr><td>Session<td>Created on<td>Last Accessed on<td>Nuke It\n"); try { // we will loop through all existing sessions, showing their info HttpSession currSess, sess = request.getSession(true); String mySess = sess.getId(); HttpSessionContext ctx = sess.getSessionContext(); for (Enumeration e = ctx.getIds(); e.hasMoreElements();) { ret.append("<tr>\n"); sessStr = (String) e.nextElement(); currSess = ctx.getSession(sessStr); if (sessStr.equals(mySess)) sessStr = "*" + sessStr; createTime = sdf.format(new java.util.Date(currSess.getCreationTime())); accessTime = sdf.format(new java.util.Date(currSess.getLastAccessedTime())); ret.append("<td>").append(sessStr) .append("<td>").append(createTime) .append("<td>").append(accessTime) .append("<td>").append("<a href=\"/"+zone+"/Admin?command=flogout&pin=") .append(pin).append("&session=").append(sessStr).append("\">Kill Session</a>"); } } catch(Exception e) { e.printStackTrace(); } ret.append("\n</table></center><hr size=1><p>* = your own session<p></body></html>\n"); return ret.toString(); } private void killSession(HttpServletRequest request, String sessStr) { HttpSession currSess, sess = request.getSession(true); HttpSessionContext ctx = sess.getSessionContext(); currSess = ctx.getSession(sessStr); if (currSess != null) { currSess.invalidate(); } } } -------------------------------------------- > >Hello all, > > > >I received a lot of requests for the little Admin > >servlet that I wrote, so I am attaching it to this > >email. > > > >Caveats: > > o Poor documentation, but fairly simple and self > > explanatory code. > > o Runs only with servlet engines that are based > > on JSDK 2.0. so it will run with JServ and its > > ilk but not Tomcat etc. > > o It uses methods that were removed from newer > > JSDK versions because they were a security risk. > > So if you screw something up, don't blame me :) > > > > > > > >This servlet is part of a framework that I built for > >a client of ours. This includes a whole bunch of code > >that I have not seen anywhere else, at least I couldn't > >find it anywhere :) This includes controlling user-based > >access to webpages by fragmenting the pages and turning > >on and off what fragments a user can and cannot see. > >Another nice feature is combining an arbitrary database > >resultset with an HTML template file etc, etc. > > > >Maybe someday I will be motivated enough to package it > >and open source it :) > > > >Thanks, > >naeem > > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > >> Sent: Tuesday, March 28, 2000 3:55 AM > >> To: Java Apache Users > >> Subject: RE: JServ port problem (Administration) > >> > >> > >> ---------------------------------------------------------------- > >> BEFORE YOU POST, search the faq at <http://java.apache.org/faq/> > > Your message could not be posted to the Java Apache Users > list because the > message seemed to contain an enclosure. > > For more information, you can contact the list administrator at: > > Bounces <[EMAIL PROTECTED]> > -- -------------------------------------------------------------- Please read the FAQ! <http://java.apache.org/faq/> To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives and Other: <http://java.apache.org/main/mail.html> Problems?: [EMAIL PROTECTED]
