If your looking for something to run WHEN a session expires, the better choice 
is probably a SessionListener.  I'm not clear on if that's what you really want 
though.  Assuming it is, here's an example from one of my apps... this 
basically updates a list of active users in a static member of a class that 
stores application statics, as well as some other statistical updates...

package com.mycompany.myapp.listeners;
import com.mycompany.myapp.stats.AppStats;
import java.math.BigDecimal;
import java.util.HashMap;
import java.util.Iterator;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
public class SessionListener implements HttpSessionListener {
  public synchronized void sessionCreated(HttpSessionEvent se) {
    cleanupActiveUsersList();
    HashMap appStats  = (HashMap)AppStats.getStats();
    HashMap activeUsers = (HashMap)appStats.get("activeUsers");
    synchronized (activeUsers) {
      activeUsers.put(se.getSession().getId(), new HashMap());
      int        currentCount                = activeUsers.size();
      BigDecimal maxSimultaneousUsers        = 
(BigDecimal)appStats.get("maxSimultaneousUsers");
      BigDecimal maxSimultaneousUsersRunning = 
(BigDecimal)appStats.get("maxSimultaneousUsersRunning");
      if (currentCount > maxSimultaneousUsers.intValue()) {
        appStats.put("maxSimultaneousUsers", new BigDecimal(currentCount));
      }
      if (currentCount > maxSimultaneousUsersRunning.intValue()) {
        appStats.put("maxSimultaneousUsersRunning", new 
BigDecimal(currentCount));
      }
      appStats.put("activeUsers", activeUsers);
    }
    AppStats.setStats(appStats);
  } // End sessionCreated()
  public synchronized void sessionDestroyed(HttpSessionEvent se) {
    String   sessionID = se.getSession().getId();
    cleanupActiveUsersList();
    HashMap appStats = (HashMap)AppStats.getStats();
    HashMap activeUsers = (HashMap)appStats.get("activeUsers");
    synchronized (activeUsers) {
      activeUsers.remove(se.getSession().getId());
      appStats.put("activeUsers", activeUsers);
    }
    AppStats.setStats(appStats);
  } // End sessionDestroyed
  public synchronized static void cleanupActiveUsersList() {
    HashMap appStats = (HashMap)AppStats.getStats();
    HashMap activeUsers = (HashMap)appStats.get("activeUsers");
    synchronized (activeUsers) {
      for (Iterator it = activeUsers.keySet().iterator(); it.hasNext();) {
        String  uiKey  = (String)it.next();
        HashMap hm     = (HashMap)activeUsers.get(uiKey);
        String  userID = (String)hm.get("userID");
        if (userID == null) {
          activeUsers.remove(uiKey);
        }
      }
      appStats.put("activeUsers", activeUsers);
    }
    AppStats.setStats(appStats);
  } // End cleanupActiveUsersList()
} // End class

-- 
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com

On Thu, January 20, 2005 2:08 pm, Dakota Jack said:
> That's right.  And, that is what I provided.  There is an error in the
> ServletExpireFilter I provided, however.  You have to change
> filterConfig = filterConfig to this.filterConfig = filterConfig in two
> places.  Then it works like a charm.
> 
> Jack
> 
> 
> On Thu, 20 Jan 2005 10:05:51 -0800, Wiebe de Jong <[EMAIL PROTECTED]> wrote:
>> This will detect that a session has already expired, but I think that is
>> not
>> what he wants.
>>
>> I think Jack is looking for something to run WHEN the session expires,
>> similar to the destroy() method in a plugin that runs when the
>> application
>> stops.
>>
>> Wiebe de Jong
>>
>> -----Original Message-----
>> From: Amleto Di Salle [mailto:[EMAIL PROTECTED]
>> Sent: Thursday, January 20, 2005 9:41 AM
>> To: 'Struts Users Mailing List'; 'Dakota Jack'
>> Subject: R: R: Session Strategy (here's a filter)
>>
>> Hello Jack,
>> you detect a session expiration using the getSession( false ) method. If
>> you use false, the session is not created if there is no current
>> session.
>> In fact, in a previous e-mail that I sent, there was my Filter which
>> used the getSession method.
>> All it works if the session expires, and you have to set in some way the
>> web container in order to delete the session object.
>>
>> So, I don't understand what do you mean "I am not looking to create a
>> timeout but to detect a session expiration, so that the user can be
>> redirected to a page".
>>
>> BR
>> /Amleto
>>
>> > -----Messaggio originale-----
>> > Da: Dakota Jack [mailto:[EMAIL PROTECTED]
>> > Inviato: gioved? 20 gennaio 2005 18.03
>> > A: Amleto Di Salle
>> > Cc: Struts Users Mailing List
>> > Oggetto: Re: R: Session Strategy (here's a filter)
>> >
>> >
>> > Hello, Amleto,
>> >
>> > I am not looking to create a timeout but to detect a session
>> > expiration, so that the user can be redirected to a page.  I
>> > am not, that is, looking to get rid of people but looking to
>> > help people that have their session expired.
>> >
>> > Jack
>> >
>> >
>> > On Thu, 20 Jan 2005 17:42:55 +0100, Amleto Di Salle
>> > <[EMAIL PROTECTED]> wrote:
>> > > You can do this using request.getSession( false ) (false doesn't
>> > > create the session) and use the following in the tag in the web.xml.
>> > >
>> > > <session-config>
>> > > <session-timeout>30</session-timeout>
>> > > </session-config>
>> > > 30 are minutes
>> > >
>> > > You can set the session-timeout also in the web container
>> > (see tomcat
>> > > documentation).
>> > >
>> > > BR
>> > > /Amleto
>> > >
>> > > > -----Messaggio originale-----
>> > > > Da: Dakota Jack [mailto:[EMAIL PROTECTED]
>> > > > Inviato: gioved? 20 gennaio 2005 17.08
>> > > > A: Struts Users Mailing List
>> > > > Oggetto: Re: Session Strategy (here's a filter)
>> > > >
>> > > >
>> > > > I was looking for a filter that detected sessions that
>> > had expired
>> > > > and rerouted the request to a login or other appropriate page.
>> > > >
>> > > > Jack
>> > > >
>> > > >
>> > > > On Thu, 20 Jan 2005 10:53:09 -0500, [EMAIL PROTECTED]
>> > > > <[EMAIL PROTECTED]> wrote:
>> > > > > Here's the filter I use.  It contains some logging that you
>> > > > can choose
>> > > > > to ignore and I also set some session attributes that I use for
>> > > > > navigation AFTER the re-login, to get the user back to the
>> > > > page they
>> > > > > were on or as near as possible, given only their first/last
>> > > > name and
>> > > > > password.  I also included the configuration I added to
>> > my web.xml
>> > > > > file to activate the filter for all actions beginning with
>> > > > "/secure/"
>> > > > > Then, I added "/secure/" to all actions that should use the
>> > > > filter.  I
>> > > > > did this for all actions except the following, for which it
>> > > > would have
>> > > > > introduced a pretty obvious logic error: login,
>> > register, and an
>> > > > > action I use to direct the user back to the page they were
>> > > > on before
>> > > > > the timeout.
>> > > > >
>> > > > > Here's the filter
>> > > > >
>> > > >
>> > ********************************************************************
>> > > > **
>> > > > > *********************************
>> > > > >
>> > > > >
>> > > >
>> > /*******************************************************************
>> > > > **
>> > > > > *******
>> > > > >  *
>> > > > >  * This class provides a servlet filter ensure that each
>> > > > request is coming
>> > > > > from
>> > > > >  * an authenticated user.  It also logs each servlet invocation.
>> > > > >  *
>> > > > >
>> > > > >
>> > > >
>> > ********************************************************************
>> > > > **
>> > > > > ******/
>> > > > > package schs82;
>> > > > >
>> > > > > import java.util.*;
>> > > > > import javax.servlet.*;
>> > > > > import javax.servlet.http.*;
>> > > > > import org.apache.struts.action.*;
>> > > > > import org.apache.commons.logging.Log;
>> > > > > import org.apache.commons.logging.LogFactory;
>> > > > > import java.text.DateFormat;
>> > > > > import schs82.*;
>> > > > >
>> > > > > public final class AuthenticationFilter implements Filter {
>> > > > >
>> > > > >     private Log logger;
>> > > > >
>> > > > >     public void init(javax.servlet.FilterConfig filterConfig)
>> > > > >                 throws javax.servlet.ServletException {
>> > > > >
>> > > > >         logger = LogFactory.getLog("SCHS82");
>> > > > >     }
>> > > > >
>> > > > >     public void doFilter(javax.servlet.ServletRequest request,
>> > > > >                          javax.servlet.ServletResponse response,
>> > > > >                          javax.servlet.FilterChain filterChain)
>> > > > >                 throws java.io.IOException,
>> > > > > javax.servlet.ServletException {
>> > > > >
>> > > > >         HttpServletRequest  req  = (HttpServletRequest)request;
>> > > > >         HttpServletResponse resp > >
>> (HttpServletResponse)response;
>> > > > >
>> > > > >         HttpSession session = req.getSession();
>> > > > >         String firstName > > > >
>> (String)session.getAttribute("firstName");
>> > > > >         String lastName  > >
>> (String)session.getAttribute("lastName");
>> > > > >         String password  > >
>> (String)session.getAttribute("password");
>> > > > >         String currentAction = req.getRequestURI();
>> > > > >         session.setAttribute("currentAction", currentAction);
>> > > > >         session.setAttribute("currentActionDisposition", "");
>> > > > >         session.setAttribute("currentActionMessage", "");
>> > > > >
>> > > > >         if (logger.isInfoEnabled()) {
>> > > > >             // log each servlet invoked, date/time and user
>> > > > who invoked
>> > > > >             GregorianCalendar calendar = new
>> > GregorianCalendar();
>> > > > >             java.util.Date dateTime = calendar.getTime();
>> > > > >             DateFormat format > > > > >
>> DateFormat.getDateTimeInstance(DateFormat.MEDIUM,
>> > DateFormat.LONG);
>> > > > >             String now = format.format(dateTime);
>> > > > >
>> > > > >             logger.info(" " + now
>> > > > >                       + " User: " + firstName
>> > > > >                       + " "       + lastName
>> > > > >                       + ", Servlet: " + currentAction);
>> > > > >         }
>> > > > >
>> > > > >         if (session.isNew()) {
>> > > > >             // session timed-out
>> > > > >             session.setAttribute("currentActionDisposition",
>> > > > > "sessionTimeout");
>> > > > >
>> > session.setAttribute("currentActionMessage", "You were
>> > > > > inactive" +
>> > > > >                                  " too long, so you must
>> > > > login again!
>> > > > > Please" +
>> > > > >                                  " click on the button
>> > > > below to go to
>> > > > > the"
>> > > > > +
>> > > > >                                  " login page.");
>> > > > >
>> > > > >
>> > > > resp.sendRedirect("/schs82/BuildActionResultViewAction.do");
>> > > > >         }
>> > > > >         else if (firstName == null || lastName == null ||
>> > > > password => > > > > null) {
>> > > > >             if (logger.isInfoEnabled()) {
>> > > > >                 logger.info("NON-AUTHENTICATED USER
>> > ATTEMPTED TO
>> > > > > ACCESS SCHS82 "
>> > > > >                           + "APPLICATION! (Session
>> > > > attributes = Null)");
>> > > > >             }
>> > > > >             session.setAttribute("currentActionDisposition",
>> > > > > "systemError");
>> > > > >
>> > session.setAttribute("currentActionMessage", "You have
>> > > > > accessed" +
>> > > > >                                  " SCHS82.com in a
>> > > > non-authorized way.
>> > > > > Please" +
>> > > > >                                  " click on the button
>> > > > below to go to
>> > > > > the"
>> > > > > +
>> > > > >                                  " login page.");
>> > > > >
>> > > > >
>> > > > resp.sendRedirect("/schs82/BuildActionResultViewAction.do");
>> > > > >         }
>> > > > >         else {
>> > > > >             //authenticate user
>> > > > >             User user = new User();
>> > > > >             user.setFirstName(firstName);
>> > > > >             user.setLastName(lastName);
>> > > > >             user.setPassword(password);
>> > > > >             if (user.checkAuthorization()) {
>> > > > >                 //user is authentic
>> > > > >                 filterChain.doFilter(request, response);
>> > > > >             }
>> > > > >             else {
>> > > > >                 //user is NOT authentic
>> > > > >                 if (logger.isInfoEnabled()) {
>> > > > >                     logger.info("NON-AUTHENTICATED USER
>> > > > ATTEMPTED TO
>> > > > > ACCESS "
>> > > > >                             + "SCHS82 APPLICATION!
>> > (Invalid name
>> > > > > or password)");
>> > > > >                 }
>> > > > >                 session.setAttribute("currentActionDisposition",
>> > > > > "systemError");
>> > > > >
>> > > > session.setAttribute("currentActionMessage", "You have
>> > > > > accessed" +
>> > > > >                                      " SCHS82.com in a
>> > > > non-authorized
>> > > > > way. Please" +
>> > > > >                                      " click on the button
>> > > > below to go
>> > > > > to the" +
>> > > > >                                      " login page.");
>> > > > >
>> > > > >  resp.sendRedirect("/schs82/BuildActionResultViewAction.do");
>> > > > >             }
>> > > > >         }
>> > > > >     }
>> > > > >
>> > > > >     public void destroy() {}
>> > > > > }
>> > > > >
>> > > > > And this must be added to web.xml
>> > > > >
>> > > >
>> > ********************************************************************
>> > > > **
>> > > > > *********************************
>> > > > >
>> > > > >   <filter>
>> > > > >     <filter-name>AuthenticationFilter</filter-name>
>> > > > >     <filter-class>schs82.AuthenticationFilter</filter-class>
>> > > > >   </filter>
>> > > > >
>> > > > >   <filter-mapping>
>> > > > >     <filter-name>AuthenticationFilter</filter-name>
>> > > > >     <url-pattern>/secure/*</url-pattern>
>> > > > >   </filter-mapping>
>> > > > >
>> > > > > Dakota Jack <[EMAIL PROTECTED]>
>> > > > > 01/20/2005 09:53 AM
>> > > > > Please respond to "Struts Users Mailing List"
>> > > > >
>> > > > >         To:     Struts Users Mailing List
>> > <user@struts.apache.org>,
>> > > > > [EMAIL PROTECTED]
>> > > > >         cc:
>> > > > >         Subject:        Re: Session Strategy
>> > > > >
>> > > > > I am also too lazy to make a filter!  LOL  ;-)  Anyone
>> > have one of
>> > > > > these in their toolbox they would like to share?
>> > > > >
>> > > > > Jack
>> > > > >
>> > > > > On Thu, 20 Jan 2005 12:49:41 +0800, Andrew Hill
>> > > > > <[EMAIL PROTECTED]> wrote:
>> > > > > > Id support the filter suggestion, though for myself I
>> > > > generally do
>> > > > > > the check in the RequestProcessor, as Ive usually
>> > > > overrideen it to
>> > > > > > perform other evil anyhow, and Im lazy to make a filter.
>> > > > > >
>> > > > > > If you dont keep your JSP under WEB-INF (IMHO thats
>> > where they
>> > > > > > belong because they are 'code & config' , just like your
>> > > > > > classes,jars, and struts-config.xml and tlds) then you should
>> > > > > > declare some sort of security constraint so they can only
>> > > > be reached
>> > > > > > by a server side forward from their respective preperation
>> > > > > > action.
>> > > > > >
>> > > > > >
>> > > > > > Frank W. Zammetti wrote:
>> > > > > >
>> > > > > > > If the user clicks a button, you are either going to (a) go
>> > > > > > > directly
>> > > > > to
>> > > > > > > a JSP, which is generally not a good idea in a Struts-based
>> > > > > application
>> > > > > > > anyway (or any servlet-based application for that
>> > > > matter) or (b)
>> > > > > > > go to an Action, as you probably should be doing.  In
>> > > > either case,
>> > > > > > > choice 1
>> > > > > is
>> > > > > > > what I would do personally.  Putting things under
>> > > > WEB-INF as David
>> > > > > > > suggests works great, but it just feels kind of wrong to me.
>> > > > > > >
>> > > > > > > You'll also want to call some common code from all your
>> > > > > > > Actions that does the same basic check and forwards
>> > > > > > > immediately to your "logon
>> > > > > again"
>> > > > > > > page.  I do this by means of an ActionHelpers class
>> > that has
>> > > > > > > two
>> > > > > static
>> > > > > > > methods, start() and finish() that are called, as
>> > I'm sure you
>> > > > > > > could guess, at the start and end of all my Actions.
>> > > > They do some
>> > > > > > > common tasks, including this check.
>> > > > > > >
>> > > > > > > If you want a real solution though, externalize
>> > your security
>> > > > > > > using something like Netegrity Siteminder.  It will
>> > > > deal with this
>> > > > > > > situation for you, in a theoretically more secure
>> > > > fashion than you
>> > > > > > > could
>> > > > > probably
>> > > > > > > do on your own.
>> > > > > > >
>> > > > > > > Yet another idea is a filter that will check if a
>> > > > session is alive
>> > > > > > > and redirect as appropriate.  This I believe can work no
>> > > > > > > matter what your request is to (Action or JSP directly), or
>> > > > > > > any other resource,
>> > > > > assuming
>> > > > > > > the app server serves everything.
>> > > > > > >
>> > > > > >
>> > > > > >
>> > > >
>> > --------------------------------------------------------------------
>> > > > > > -
>> > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
>> > > > > >
>> > > > > >
>> > > > >
>> > > > > --
>> > > > > ------------------------------
>> > > > >
>> > > > > "You can lead a horse to water but you cannot make it
>> > float on its
>> > > > > back."
>> > > > >
>> > > > > ~Dakota Jack~
>> > > > >
>> > > > > "You can't wake a person who is pretending to be asleep."
>> > > > >
>> > > > > ~Native Proverb~
>> > > > >
>> > > > > "Each man is good in His sight. It is not necessary for
>> > > > eagles to be
>> > > > > crows."
>> > > > >
>> > > > > ~Hunkesni (Sitting Bull), Hunkpapa Sioux~
>> > > > >
>> > > > > -----------------------------------------------
>> > > > >
>> > > > > "This message may contain confidential and/or privileged
>> > > > information.
>> > > > > If you are not the addressee or authorized to receive
>> > this for the
>> > > > > addressee, you must not use, copy, disclose, or take any
>> > > > action based
>> > > > > on this message or any information herein. If you have
>> > > > received this
>> > > > > message in error, please advise the sender immediately by
>> > > > reply e-mail
>> > > > > and delete this message. Thank you for your cooperation."
>> > > > >
>> > > > >
>> > > >
>> > --------------------------------------------------------------------
>> > > > -
>> > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
>> > > > >
>> > > > >
>> > > >
>> > > >
>> > > > --
>> > > > ------------------------------
>> > > >
>> > > > "You can lead a horse to water but you cannot make it
>> > float on its
>> > > > back."
>> > > >
>> > > > ~Dakota Jack~
>> > > >
>> > > > "You can't wake a person who is pretending to be asleep."
>> > > >
>> > > > ~Native Proverb~
>> > > >
>> > > > "Each man is good in His sight. It is not necessary for
>> > eagles to be
>> > > > crows."
>> > > >
>> > > > ~Hunkesni (Sitting Bull), Hunkpapa Sioux~
>> > > >
>> > > > -----------------------------------------------
>> > > >
>> > > > "This message may contain confidential and/or privileged
>> > > > information. If you are not the addressee or authorized
>> > to receive
>> > > > this for the addressee, you must not use, copy, disclose, or take
>> > > > any action based on this message or any information
>> > herein. If you
>> > > > have received this message in error, please advise the sender
>> > > > immediately by reply e-mail and delete this message.
>> > Thank you for
>> > > > your cooperation."
>> > > >
>> > > >
>> > --------------------------------------------------------------------
>> > > > -
>> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > > > For additional commands, e-mail: [EMAIL PROTECTED]
>> > > >
>> > > > --
>> > > > No virus found in this incoming message.
>> > > > Checked by AVG Anti-Virus.
>> > > > Version: 7.0.300 / Virus Database: 265.7.0 - Release Date:
>> > > > 17/01/2005
>> > > >
>> > > >
>> > >
>> > > --
>> > > No virus found in this outgoing message.
>> > > Checked by AVG Anti-Virus.
>> > > Version: 7.0.300 / Virus Database: 265.7.0 - Release Date:
>> > 17/01/2005
>> > >
>> > >
>> >
>> >
>> > --
>> > ------------------------------
>> >
>> > "You can lead a horse to water but you cannot make it float
>> > on its back."
>> >
>> > ~Dakota Jack~
>> >
>> > "You can't wake a person who is pretending to be asleep."
>> >
>> > ~Native Proverb~
>> >
>> > "Each man is good in His sight. It is not necessary for
>> > eagles to be crows."
>> >
>> > ~Hunkesni (Sitting Bull), Hunkpapa Sioux~
>> >
>> > -----------------------------------------------
>> >
>> > "This message may contain confidential and/or privileged
>> > information. If you are not the addressee or authorized to
>> > receive this for the addressee, you must not use, copy,
>> > disclose, or take any action based on this message or any
>> > information herein. If you have received this message in
>> > error, please advise the sender immediately by reply e-mail
>> > and delete this message. Thank you for your cooperation."
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > For additional commands, e-mail: [EMAIL PROTECTED]
>> >
>> >
>> > --
>> > No virus found in this incoming message.
>> > Checked by AVG Anti-Virus.
>> > Version: 7.0.300 / Virus Database: 265.7.0 - Release Date: 17/01/2005
>> >
>> >
>>
>> --
>> No virus found in this outgoing message.
>> Checked by AVG Anti-Virus.
>> Version: 7.0.300 / Virus Database: 265.7.0 - Release Date: 17/01/2005
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
> 
> 
> --
> ------------------------------
> 
> "You can lead a horse to water but you cannot make it float on its back."
> 
> ~Dakota Jack~
> 
> "You can't wake a person who is pretending to be asleep."
> 
> ~Native Proverb~
> 
> "Each man is good in His sight. It is not necessary for eagles to be
> crows."
> 
> ~Hunkesni (Sitting Bull), Hunkpapa Sioux~
> 
> -----------------------------------------------
> 
> "This message may contain confidential and/or privileged information.
> If you are not the addressee or authorized to receive this for the
> addressee, you must not use, copy, disclose, or take any action based
> on this message or any information herein. If you have received this
> message in error, please advise the sender immediately by reply e-mail
> and delete this message. Thank you for your cooperation."
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to