RE: [JBoss-user] List of active users logged in thru JAAS
Scott, could you point us at the documentation for this new feature? thanks. .peter -Original Message- From: Scott M Stark [mailto:[EMAIL PROTECTED]] Sent: Friday, January 10, 2003 5:17 PM To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] List of active users logged in thru JAAS Its been added for 3.0.5 Scott Stark Chief Technology Officer JBoss Group, LLC - Original Message - From: "Meyer-Willner, Bernhard" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 09, 2003 9:02 AM Subject: Re: [JBoss-user] List of active users logged in thru JAAS Thanks for your two solutions, you guys. Unfortunately I don't have a web layer, but instead a Swing GUI based app talking directly to the EJB-based business logic via business delegates. So this solution won't work for me like that :( Are there any other ways to get a list of active users from the JAAS LoginContext? Cheers, Bernhard -Ursprüngliche Nachricht- Von: Luttrell, Peter [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 9. Januar 2003 17:45 An: '[EMAIL PROTECTED]' Betreff: RE: [JBoss-user] List of active users logged in thru JAAS I've done a very similar solution. I had problems getting the HttpSessionListener to work so i used the HttpSessionAttributeListener instead. This meant that my solution was Jetty specific but in the end, that was ok. Here's the code, stripped of exception handling and such: public class HttpSessionEventHandler implements HttpSessionAttributeListener { public void attributeAdded( HttpSessionBindingEvent event ) { if ( "org.mortbay.jetty.Auth".equalsIgnoreCase( event.getName() ) ) { String sessionKey = event.getSession().getId(); String applicationKey = event.getSession().getServletContext().getServletContextName(); String userKey = event.getValue().toString(); MonitorService.getMonitorService().registerSession( sessionKey, userKey, applicationKey ); } } public void attributeRemoved( HttpSessionBindingEvent event ) { if ( "org.mortbay.jetty.Auth".equalsIgnoreCase( event.getName() ) ) { MonitorService.getMonitorService().removeSession( event.getSession().getId() ); } } public void attributeReplaced( HttpSessionBindingEvent event ) { } } Filter: public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain ) throws IOException, ServletException { //do this before hand so that the actual page that is displaying the results gets updated, but // it doens't work all the time before because the user might night be authenticated, thus // ignore any such error because it will be done after the request processing as well... HttpServletRequest httpRequest = ( HttpServletRequest ) request; MonitorService.getMonitorService().updateSession( httpRequest.getSession().getId() ); chain.doFilter( request, response ); HttpServletRequest httpRequest = ( HttpServletRequest ) request; MonitorService.getMonitorService().updateSession( httpRequest.getSession().getId() ); } The underlying storage of session tracking info can of course be done many ways, such as a singleton or MBean. Mine has the concept of applications and usernames. I use the session id for the uniquekey identifying the session in the service. enjoy. .peter -Original Message- From: Krishnakumar N [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 9:12 AM To: [EMAIL PROTECTED] Subject: RE: [JBoss-user] List of active users logged in thru JAAS We use a combination of a filter and a HttpSessionListener to achieve something like this (we do not store the list of currently stored users in a db). The filter checks whether the current user is logged in and if yes, adds the user id to a application context hashtable. The same hashtable is used by the same filter to prevent multiple simultaneous logins on the same userid. The timeout, in case of browser crash/hang/close, is handled via Session.setMaxInactiveInterval() along with the sessionDestroyed event handler in the HttpSessionListener . Cheers, Krishna -Original Message- From: Meyer-Willner, Bernhard [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 7:14 PM To: JBoss-User (E-Mail) Subject: [JBoss-user] List of active users logged in thru JAAS Hi, I'm using JAAS to authenticate users logging in against a database. I was wondering if there is any way to find out if a user's LoginContext has timed out (is active respectively). Thing is, for business logic reasons, we also have to keep information about all logged in users in a database table. If for some reason the client app hangs or the user doesn't log out properly these user record sets remain in the database. We're planning o
Re: [JBoss-user] List of active users logged in thru JAAS
Its been added for 3.0.5 Scott Stark Chief Technology Officer JBoss Group, LLC - Original Message - From: "Meyer-Willner, Bernhard" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 09, 2003 9:02 AM Subject: Re: [JBoss-user] List of active users logged in thru JAAS Thanks for your two solutions, you guys. Unfortunately I don't have a web layer, but instead a Swing GUI based app talking directly to the EJB-based business logic via business delegates. So this solution won't work for me like that :( Are there any other ways to get a list of active users from the JAAS LoginContext? Cheers, Bernhard -Ursprüngliche Nachricht- Von: Luttrell, Peter [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 9. Januar 2003 17:45 An: '[EMAIL PROTECTED]' Betreff: RE: [JBoss-user] List of active users logged in thru JAAS I've done a very similar solution. I had problems getting the HttpSessionListener to work so i used the HttpSessionAttributeListener instead. This meant that my solution was Jetty specific but in the end, that was ok. Here's the code, stripped of exception handling and such: public class HttpSessionEventHandler implements HttpSessionAttributeListener { public void attributeAdded( HttpSessionBindingEvent event ) { if ( "org.mortbay.jetty.Auth".equalsIgnoreCase( event.getName() ) ) { String sessionKey = event.getSession().getId(); String applicationKey = event.getSession().getServletContext().getServletContextName(); String userKey = event.getValue().toString(); MonitorService.getMonitorService().registerSession( sessionKey, userKey, applicationKey ); } } public void attributeRemoved( HttpSessionBindingEvent event ) { if ( "org.mortbay.jetty.Auth".equalsIgnoreCase( event.getName() ) ) { MonitorService.getMonitorService().removeSession( event.getSession().getId() ); } } public void attributeReplaced( HttpSessionBindingEvent event ) { } } Filter: public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain ) throws IOException, ServletException { //do this before hand so that the actual page that is displaying the results gets updated, but // it doens't work all the time before because the user might night be authenticated, thus // ignore any such error because it will be done after the request processing as well... HttpServletRequest httpRequest = ( HttpServletRequest ) request; MonitorService.getMonitorService().updateSession( httpRequest.getSession().getId() ); chain.doFilter( request, response ); HttpServletRequest httpRequest = ( HttpServletRequest ) request; MonitorService.getMonitorService().updateSession( httpRequest.getSession().getId() ); } The underlying storage of session tracking info can of course be done many ways, such as a singleton or MBean. Mine has the concept of applications and usernames. I use the session id for the uniquekey identifying the session in the service. enjoy. .peter -Original Message- From: Krishnakumar N [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 9:12 AM To: [EMAIL PROTECTED] Subject: RE: [JBoss-user] List of active users logged in thru JAAS We use a combination of a filter and a HttpSessionListener to achieve something like this (we do not store the list of currently stored users in a db). The filter checks whether the current user is logged in and if yes, adds the user id to a application context hashtable. The same hashtable is used by the same filter to prevent multiple simultaneous logins on the same userid. The timeout, in case of browser crash/hang/close, is handled via Session.setMaxInactiveInterval() along with the sessionDestroyed event handler in the HttpSessionListener . Cheers, Krishna -Original Message- From: Meyer-Willner, Bernhard [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 7:14 PM To: JBoss-User (E-Mail) Subject: [JBoss-user] List of active users logged in thru JAAS Hi, I'm using JAAS to authenticate users logging in against a database. I was wondering if there is any way to find out if a user's LoginContext has timed out (is active respectively). Thing is, for business logic reasons, we also have to keep information about all logged in users in a database table. If for some reason the client app hangs or the user doesn't log out properly these user record sets remain in the database. We're planning on running a scheduler MBean service that removes recordsets above a certain age from time to time. However, to be sure that the user isn't actively using our app/system any more we would like to check, if he's still authenticated in JBoss. Is there any way to find this out and get a l
Re: [JBoss-user] List of active users logged in thru JAAS
I'm doing that, but the issue is knowing whether the credentials are still in the authentication cache or if they have timed out. -Ursprüngliche Nachricht- Von: Geer, Benjamin [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 9. Januar 2003 19:09 An: '[EMAIL PROTECTED]' Betreff: RE: [JBoss-user] List of active users logged in thru JAAS Meyer-Willner, Bernhard wrote: > Are there any other ways to get a list of active > users from the JAAS LoginContext? Why not create the list yourself as users log in? Benjamin --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
RE: [JBoss-user] List of active users logged in thru JAAS
Meyer-Willner, Bernhard wrote: > Are there any other ways to get a list of active > users from the JAAS LoginContext? Why not create the list yourself as users log in? Benjamin --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] List of active users logged in thru JAAS
No, this is essentialy the valid keys in the authentication cache. I'll look at adding access to this. Scott Stark Chief Technology Officer JBoss Group, LLC - Original Message - From: "Meyer-Willner, Bernhard" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 09, 2003 9:02 AM Subject: Re: [JBoss-user] List of active users logged in thru JAAS Thanks for your two solutions, you guys. Unfortunately I don't have a web layer, but instead a Swing GUI based app talking directly to the EJB-based business logic via business delegates. So this solution won't work for me like that :( Are there any other ways to get a list of active users from the JAAS LoginContext? Cheers, Bernhard --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] List of active users logged in thru JAAS
Thanks for your two solutions, you guys. Unfortunately I don't have a web layer, but instead a Swing GUI based app talking directly to the EJB-based business logic via business delegates. So this solution won't work for me like that :( Are there any other ways to get a list of active users from the JAAS LoginContext? Cheers, Bernhard -Ursprüngliche Nachricht- Von: Luttrell, Peter [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 9. Januar 2003 17:45 An: '[EMAIL PROTECTED]' Betreff: RE: [JBoss-user] List of active users logged in thru JAAS I've done a very similar solution. I had problems getting the HttpSessionListener to work so i used the HttpSessionAttributeListener instead. This meant that my solution was Jetty specific but in the end, that was ok. Here's the code, stripped of exception handling and such: public class HttpSessionEventHandler implements HttpSessionAttributeListener { public void attributeAdded( HttpSessionBindingEvent event ) { if ( "org.mortbay.jetty.Auth".equalsIgnoreCase( event.getName() ) ) { String sessionKey = event.getSession().getId(); String applicationKey = event.getSession().getServletContext().getServletContextName(); String userKey = event.getValue().toString(); MonitorService.getMonitorService().registerSession( sessionKey, userKey, applicationKey ); } } public void attributeRemoved( HttpSessionBindingEvent event ) { if ( "org.mortbay.jetty.Auth".equalsIgnoreCase( event.getName() ) ) { MonitorService.getMonitorService().removeSession( event.getSession().getId() ); } } public void attributeReplaced( HttpSessionBindingEvent event ) { } } Filter: public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain ) throws IOException, ServletException { //do this before hand so that the actual page that is displaying the results gets updated, but // it doens't work all the time before because the user might night be authenticated, thus // ignore any such error because it will be done after the request processing as well... HttpServletRequest httpRequest = ( HttpServletRequest ) request; MonitorService.getMonitorService().updateSession( httpRequest.getSession().getId() ); chain.doFilter( request, response ); HttpServletRequest httpRequest = ( HttpServletRequest ) request; MonitorService.getMonitorService().updateSession( httpRequest.getSession().getId() ); } The underlying storage of session tracking info can of course be done many ways, such as a singleton or MBean. Mine has the concept of applications and usernames. I use the session id for the uniquekey identifying the session in the service. enjoy. .peter -Original Message- From: Krishnakumar N [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 9:12 AM To: [EMAIL PROTECTED] Subject: RE: [JBoss-user] List of active users logged in thru JAAS We use a combination of a filter and a HttpSessionListener to achieve something like this (we do not store the list of currently stored users in a db). The filter checks whether the current user is logged in and if yes, adds the user id to a application context hashtable. The same hashtable is used by the same filter to prevent multiple simultaneous logins on the same userid. The timeout, in case of browser crash/hang/close, is handled via Session.setMaxInactiveInterval() along with the sessionDestroyed event handler in the HttpSessionListener . Cheers, Krishna -Original Message- From: Meyer-Willner, Bernhard [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 7:14 PM To: JBoss-User (E-Mail) Subject: [JBoss-user] List of active users logged in thru JAAS Hi, I'm using JAAS to authenticate users logging in against a database. I was wondering if there is any way to find out if a user's LoginContext has timed out (is active respectively). Thing is, for business logic reasons, we also have to keep information about all logged in users in a database table. If for some reason the client app hangs or the user doesn't log out properly these user record sets remain in the database. We're planning on running a scheduler MBean service that removes recordsets above a certain age from time to time. However, to be sure that the user isn't actively using our app/system any more we would like to check, if he's still authenticated in JBoss. Is there any way to find this out and get a list of active/logged on users, authenticated thru JAAS? Thanks for any ideas. Bernie This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used b
RE: [JBoss-user] List of active users logged in thru JAAS
I've done a very similar solution. I had problems getting the HttpSessionListener to work so i used the HttpSessionAttributeListener instead. This meant that my solution was Jetty specific but in the end, that was ok. Here's the code, stripped of exception handling and such: public class HttpSessionEventHandler implements HttpSessionAttributeListener { public void attributeAdded( HttpSessionBindingEvent event ) { if ( "org.mortbay.jetty.Auth".equalsIgnoreCase( event.getName() ) ) { String sessionKey = event.getSession().getId(); String applicationKey = event.getSession().getServletContext().getServletContextName(); String userKey = event.getValue().toString(); MonitorService.getMonitorService().registerSession( sessionKey, userKey, applicationKey ); } } public void attributeRemoved( HttpSessionBindingEvent event ) { if ( "org.mortbay.jetty.Auth".equalsIgnoreCase( event.getName() ) ) { MonitorService.getMonitorService().removeSession( event.getSession().getId() ); } } public void attributeReplaced( HttpSessionBindingEvent event ) { } } Filter: public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain ) throws IOException, ServletException { //do this before hand so that the actual page that is displaying the results gets updated, but // it doens't work all the time before because the user might night be authenticated, thus // ignore any such error because it will be done after the request processing as well... HttpServletRequest httpRequest = ( HttpServletRequest ) request; MonitorService.getMonitorService().updateSession( httpRequest.getSession().getId() ); chain.doFilter( request, response ); HttpServletRequest httpRequest = ( HttpServletRequest ) request; MonitorService.getMonitorService().updateSession( httpRequest.getSession().getId() ); } The underlying storage of session tracking info can of course be done many ways, such as a singleton or MBean. Mine has the concept of applications and usernames. I use the session id for the uniquekey identifying the session in the service. enjoy. .peter -Original Message- From: Krishnakumar N [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 9:12 AM To: [EMAIL PROTECTED] Subject: RE: [JBoss-user] List of active users logged in thru JAAS We use a combination of a filter and a HttpSessionListener to achieve something like this (we do not store the list of currently stored users in a db). The filter checks whether the current user is logged in and if yes, adds the user id to a application context hashtable. The same hashtable is used by the same filter to prevent multiple simultaneous logins on the same userid. The timeout, in case of browser crash/hang/close, is handled via Session.setMaxInactiveInterval() along with the sessionDestroyed event handler in the HttpSessionListener . Cheers, Krishna -Original Message- From: Meyer-Willner, Bernhard [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 7:14 PM To: JBoss-User (E-Mail) Subject: [JBoss-user] List of active users logged in thru JAAS Hi, I'm using JAAS to authenticate users logging in against a database. I was wondering if there is any way to find out if a user's LoginContext has timed out (is active respectively). Thing is, for business logic reasons, we also have to keep information about all logged in users in a database table. If for some reason the client app hangs or the user doesn't log out properly these user record sets remain in the database. We're planning on running a scheduler MBean service that removes recordsets above a certain age from time to time. However, to be sure that the user isn't actively using our app/system any more we would like to check, if he's still authenticated in JBoss. Is there any way to find this out and get a list of active/logged on users, authenticated thru JAAS? Thanks for any ideas. Bernie This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user --- This SF.NET email i
RE: [JBoss-user] List of active users logged in thru JAAS
We use a combination of a filter and a HttpSessionListener to achieve something like this (we do not store the list of currently stored users in a db). The filter checks whether the current user is logged in and if yes, adds the user id to a application context hashtable. The same hashtable is used by the same filter to prevent multiple simultaneous logins on the same userid. The timeout, in case of browser crash/hang/close, is handled via Session.setMaxInactiveInterval() along with the sessionDestroyed event handler in the HttpSessionListener . Cheers, Krishna -Original Message- From: Meyer-Willner, Bernhard [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 7:14 PM To: JBoss-User (E-Mail) Subject: [JBoss-user] List of active users logged in thru JAAS Hi, I'm using JAAS to authenticate users logging in against a database. I was wondering if there is any way to find out if a user's LoginContext has timed out (is active respectively). Thing is, for business logic reasons, we also have to keep information about all logged in users in a database table. If for some reason the client app hangs or the user doesn't log out properly these user record sets remain in the database. We're planning on running a scheduler MBean service that removes recordsets above a certain age from time to time. However, to be sure that the user isn't actively using our app/system any more we would like to check, if he's still authenticated in JBoss. Is there any way to find this out and get a list of active/logged on users, authenticated thru JAAS? Thanks for any ideas. Bernie This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] List of active users logged in thru JAAS
Hi, I'm using JAAS to authenticate users logging in against a database. I was wondering if there is any way to find out if a user's LoginContext has timed out (is active respectively). Thing is, for business logic reasons, we also have to keep information about all logged in users in a database table. If for some reason the client app hangs or the user doesn't log out properly these user record sets remain in the database. We're planning on running a scheduler MBean service that removes recordsets above a certain age from time to time. However, to be sure that the user isn't actively using our app/system any more we would like to check, if he's still authenticated in JBoss. Is there any way to find this out and get a list of active/logged on users, authenticated thru JAAS? Thanks for any ideas. Bernie This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user