-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lyallex,
Lyallex wrote: | The problem comes when a superuser wants to remove a role from a user | and that user may be logged in. | What I need to be able to do is to view all the currently active | sessions and log the relevant user out (by invalidating the session | for example) so that when they next try to access a protected resource | they have to log in again ... I can't give any more details I'm | afraid. The only ways to do something to all sessions (like searching them and perhaps killing one or more of them) is to either write a HttpSessionListener and register all new sessions in your own registry (which will work across all containers), or use whatever LambdaProbe does to find all application sessions (probably JMX) and risk tying your code to a particular container. | I think I may be able to do this by allowing a superuser account to | access this information using JMX (mbeans) and do appropriate stuff. | This is a sanity check with the experts on this list as I have never | used JMX before and I would like to know if I am pointing in the right | direction. If I were doing this, I would probably go the HttpSessionListener route, but that's just biased based on my own experience with listeners and lack of experience with JMX -- JMX actually sounds like a better deal since I'm guessing this will be an rarely-used feature, and adding the overhead of managing all the sessions yourself seems like it might not be worth it. | I do not want to expose the tomcat management console to superusers as | they will be (business) domain experts, not Tomcat users or | developers/sysadmins This is a good idea. Whatever you do should be fool-proof ;) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhbugQACgkQ9CaO5/Lv0PBfaQCcClWiumQjpf9fGMQAH+lyaWvO FeIAn1R7dXJmUuVr52KRHYCBo0hGfb4v =HS4n -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
