Solved

Oracle active user control with jsp

Posted on 2004-08-25
10
186 Views
Last Modified: 2010-04-01
Hi dear experts,
I am developing intranet site  with jsp & oracle.   I opened database user in oracle for every intranet user. so When a user enter his username and password i connect he to db with this username&password. as long as  a user actives in db with his username and password  i dont want anybody to   use this username and password. Shortly  i dont want to open 2 sessions for same username and password in my applicatin.
To do this,  should i check it from db ? if so how can i do this with oracle ? or should i do it with sessions ?
sincrely,

   
0
Comment
Question by:elmakarge
  • 5
  • 2
10 Comments
 
LVL 35

Expert Comment

by:TimYates
ID: 11891573
Yeah, you can do this with a sessionlistener

When a user logs in, add them to a static hashtable with their username as the key, and the session as a value

When someone logs in, if the username already exists in the hashtable, then get the session that it was tied to, and invalidate it

When they log out, remove them from the hashtable

When the session is removed (due to timeout), remove them from the hashtable

That should work :-)

Tim
0
 

Author Comment

by:elmakarge
ID: 11891635
Ok! I got it
I dont know much about session time out in jsp.   how can i handle it and how i can i understand  time out of session ?
0
 
LVL 35

Expert Comment

by:TimYates
ID: 11891810
It will be kinda like this:

http://www.experts-exchange.com/Web/Web_Languages/JSP/Q_20514811.html

and this

http://www.experts-exchange.com/Programming/Programming_Languages/Java/Q_20146121.html

And you can put this into your WEB-INF/web.xml

    <session-timeout>60</session-timeout>

which will time out the session in 60 minutes :-)  (you can change the 60 obviously) :-)

Hope I've helped!

Tim
0
 
LVL 35

Accepted Solution

by:
TimYates earned 63 total points
ID: 11891864
Also this should help:

Adapted from http://saloon.javaranch.com/cgi-bin/ubb/ultimatebb.cgi?ubb=get_topic&f=18&t=000652

This counts the number of users, you want to store their sessions in a hashtable...should be a relatively minor change :-)

----------------

pcakage listener ;

import javax.servlet.http.HttpSessionListener;
import javax.servlet.http.HttpSessionEvent;

public class AppSessionCounter implements HttpSessionListener
{
    private static int activeSessions = 0;

    // Create a new session.
    public void sessionCreated(HttpSessionEvent se){
        System.out.println("Inside sessionCreated");
        System.out.println("Before New session createb = " + activeSessions);
        activeSessions++;
        System.out.println("After New session count = " + activeSessions);
    }

    // Destroy the session
    public void sessionDestroyed(HttpSessionEvent se){
        System.out.println("Inside sessionDestroyed");
        if (activeSessions > 0)
        {
            System.out.println("Count before destroyed = " + activeSessions);
            activeSessions--;
            System.out.println("Count after destroyed = " + activeSessions);
        }
    }

    // get the count of active session.
    public static int getActiveSessions(){
        return activeSessions;
    }
}

put that class into WEB-INF/classes/listener and add this in WEB-INF/web.xml

<listener>
    <listener-class>
        listener.AppSessionCounter
    </listener-class>
</listener>

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 27

Expert Comment

by:rrz
ID: 11892068
> private static int activeSessions = 0;
Tim, why do you use  "static"  ?  
Won't the  container  make one instance of  AppSessionCounter   ?        rrz
0
 
LVL 35

Expert Comment

by:TimYates
ID: 11892091
Yeah, but then you have to get at the value from other classes, and I don't know of any way to "lookup" a filter using the applicationContext...

There could be a way I don't know about though...

Otherwise, how would you get the value from a jsp, or another class?
0
 
LVL 27

Assisted Solution

by:rrz
rrz earned 62 total points
ID: 11892388
Tim, I don't know if his code is any better but in Matry Hall's book "More Servlets ....."  he stores the listener object in the servlet context.  

httpSessionEvent.getSession().getServletContext().setAttribute("sessionCounter", this);
and in JSP he uses
<jsp:useBean .....          rrz
0
 
LVL 35

Expert Comment

by:TimYates
ID: 11892674
oooh...  I s'pose it's neater :-)  But maybe a bit more transparent?

I dunno...it's decisions like these that I tend to toss a coin on ;-)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
immutable object concept 5 110
Spring MVC - sending raw charset to backend 3 188
eclipse luna javeEE perspecive missing 5 95
I get error: useBean: Duplicate bean name: {0} 1 115
Often, people trade privacy and security for convenience. However in today's concrete jungle, this is an extremely foolish decision considering the vast amount of technologies being used against consumer interest. First off, I won't waste any time e…
With more and more people tethered to the internet, advertisers can reach you in new and creative ways. Push notifications on your smartphone, customized advertisements based on your previous searches, and email inboxes filled with promotional pitch…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…
A short film showing how OnPage and Connectwise integration works.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now