Its been added for 3.0.5 xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx
----- Original Message ----- From: "Meyer-Willner, Bernhard" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 09, 2003 9:02 AM Subject: Re: [JBoss-user] List of active users logged in thru JAAS Thanks for your two solutions, you guys. Unfortunately I don't have a web layer, but instead a Swing GUI based app talking directly to the EJB-based business logic via business delegates. So this solution won't work for me like that :( Are there any other ways to get a list of active users from the JAAS LoginContext? Cheers, Bernhard -----Ursprüngliche Nachricht----- Von: Luttrell, Peter [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 9. Januar 2003 17:45 An: '[EMAIL PROTECTED]' Betreff: RE: [JBoss-user] List of active users logged in thru JAAS I've done a very similar solution. I had problems getting the HttpSessionListener to work so i used the HttpSessionAttributeListener instead. This meant that my solution was Jetty specific but in the end, that was ok. Here's the code, stripped of exception handling and such: public class HttpSessionEventHandler implements HttpSessionAttributeListener { public void attributeAdded( HttpSessionBindingEvent event ) { if ( "org.mortbay.jetty.Auth".equalsIgnoreCase( event.getName() ) ) { String sessionKey = event.getSession().getId(); String applicationKey = event.getSession().getServletContext().getServletContextName(); String userKey = event.getValue().toString(); MonitorService.getMonitorService().registerSession( sessionKey, userKey, applicationKey ); } } public void attributeRemoved( HttpSessionBindingEvent event ) { if ( "org.mortbay.jetty.Auth".equalsIgnoreCase( event.getName() ) ) { MonitorService.getMonitorService().removeSession( event.getSession().getId() ); } } public void attributeReplaced( HttpSessionBindingEvent event ) { } } Filter: public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain ) throws IOException, ServletException { //do this before hand so that the actual page that is displaying the results gets updated, but // it doens't work all the time before because the user might night be authenticated, thus // ignore any such error because it will be done after the request processing as well... HttpServletRequest httpRequest = ( HttpServletRequest ) request; MonitorService.getMonitorService().updateSession( httpRequest.getSession().getId() ); chain.doFilter( request, response ); HttpServletRequest httpRequest = ( HttpServletRequest ) request; MonitorService.getMonitorService().updateSession( httpRequest.getSession().getId() ); } The underlying storage of session tracking info can of course be done many ways, such as a singleton or MBean. Mine has the concept of applications and usernames. I use the session id for the uniquekey identifying the session in the service. enjoy. .peter -----Original Message----- From: Krishnakumar N [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 9:12 AM To: [EMAIL PROTECTED] Subject: RE: [JBoss-user] List of active users logged in thru JAAS We use a combination of a filter and a HttpSessionListener to achieve something like this (we do not store the list of currently stored users in a db). The filter checks whether the current user is logged in and if yes, adds the user id to a application context hashtable. The same hashtable is used by the same filter to prevent multiple simultaneous logins on the same userid. The timeout, in case of browser crash/hang/close, is handled via Session.setMaxInactiveInterval() along with the sessionDestroyed event handler in the HttpSessionListener . Cheers, Krishna -----Original Message----- From: Meyer-Willner, Bernhard [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 7:14 PM To: JBoss-User (E-Mail) Subject: [JBoss-user] List of active users logged in thru JAAS Hi, I'm using JAAS to authenticate users logging in against a database. I was wondering if there is any way to find out if a user's LoginContext has timed out (is active respectively). Thing is, for business logic reasons, we also have to keep information about all logged in users in a database table. If for some reason the client app hangs or the user doesn't log out properly these user record sets remain in the database. We're planning on running a scheduler MBean service that removes recordsets above a certain age from time to time. However, to be sure that the user isn't actively using our app/system any more we would like to check, if he's still authenticated in JBoss. Is there any way to find this out and get a list of active/logged on users, authenticated thru JAAS? Thanks for any ideas. Bernie This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user This transmission contains information solely for intended recipient and may be privileged, confidential and/or otherwise protect from disclosure. If you are not the intended recipient, please contact the sender and delete all copies of this transmission. This message and/or the materials contained herein are not an offer to sell, or a solicitation of an offer to buy, any securities or other instruments. The information has been obtained or derived from sources believed by us to be reliable, but we do not represent that it is accurate or complete. Any opinions or estimates contained in this information constitute our judgment as of this date and are subject to change without notice. Any information you share with us will be used in the operation of our business, and we do not request and do not want any material, nonpublic information. Absent an express prior written agreement, we are not agreeing to treat any information confidentially and will use any and all information and reserve the right to publish or disclose any information you share with us. ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld =omething 2 See! http://www.vasoftware.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
