jsf - How to properly logout other users -


in web app trying achieve functionality, admin able logout other logged in users.

what have done far:

  • i created pojo store significant user information, including referrence users http session.
  • this pojo implementing httpsessionbindinglistener
  • during login process put instance of pojo sessionmap. via valuebound method putting static map, stores such logged-in-userinformation (on unbound-event removing again
  • in seperated admin section able access httpsession of specific user , invalidate it
  • the logged-out user gets informed via websocket has been logged-out

invalidating httpsession works fine , mentioned unbound method called. however, problem if in way logged out user still able ajax requests. new instance of hte viewscoped bean created , assigned client , request goes against new instance.

what expect (or achieve) sth viewexpiredexception thrown instead , redirecting user login page instead.
or missing important part in concept?

would enough set proper security-constraints in web.xml or hide conceptual problem?

(if it's important, bean not jsf bean cdi viewscoped bean.)

application running on glassfish 4.1,, mojarra 2.2.12

sessionbindinglistener:

@requiredargsconstructor @equalsandhashcode(of = {"user"}) public class usersessioninfo implements httpsessionbindinglistener {      @getter private static final map<usersessioninfo, usersessioninfo> sessions           = new hashmap<>(10);      @getter private final string user;     @getter private httpsession session;      @override     public void valuebound(httpsessionbindingevent event) {         usersessioninfo usi = sessions.remove(this);         if (usi != null) {             httpsession hs = usi.session;             if (hs != null) {                 hs.invalidate();             }         }         this.session = event.getsession();         sessions.put(this, this);     }      @override     public void valueunbound(httpsessionbindingevent event) {         sessions.remove(this);     }  }

login-method

public string login() {         facescontext context = facescontext.getcurrentinstance();                 httpservletrequest request =             (httpservletrequest) context.getexternalcontext().getrequest();         try {             request.login(username, password);             context                 .getexternalcontext()                 .getsessionmap().put(username, new usersessioninfo(/* ...*/)));             // ..         }          // ....         return "/index?faces-redirect=true";     }

admin-method logging out other user:

public void logoff(usersessioninfo usr) {     eventbus eventbus = eventbusfactory.getdefault().eventbus();             eventbus.publish(channel, new dialogmessage(/*...*/));             usr.getsession().invalidate();            }

if session of user invalidated, requests should fail, ajax or not.

in 1 of app, have :

  • security restrictions, through roles in web.xml
  • session tracking httpsessionlistener , filter (the filter way detect new sessions created tomcat on login, avoid session fixation)
  • the possibility "kill" session, using session.invalidate

if session recreated "in back", must because have unrestricted area being access. require auth all, rule such :

<security-constraint>     <display-name>authenticated users</display-name>     <web-resource-collection>         <web-resource-name>authenticated users</web-resource-name>         <url-pattern>/*</url-pattern>         <http-method>get</http-method>         <http-method>post</http-method>     </web-resource-collection>     <auth-constraint>         <role-name>*</role-name>     </auth-constraint>     <user-data-constraint>         <transport-guarantee>confidential</transport-guarantee>     </user-data-constraint> </security-constraint>

in web.xml, , should ok.


Comments

Post a Comment

Popular posts from this blog

html - Outlook 2010 Anchor (url/address/link) -

i'm trying link specific pdf page msoutlook'10 or msword'10, #page=... anchor particularly useful , works fine elsewhere. unfortunately when click [ctr-k] in outlook or winword, links re-formatted assuming unc path. pdf file located on shared drive. using "file:" prefix links open pdf in adobe reader (outside of browser), , "http:" open inside browser. issue seem need open in browser "file:" prefix in order anchor work. know anchors work inside browser. outlook uses windows/explorer default program (based on file extension) seems open in adobe reader neglecting anchor. is aware of solution, link specific page or bookmark of shared-pdf ms outlook and/or winword link? common references: mailermailer.com/...anchor-tags-html-emails campaignmonitor.com/...anchor-links-in-email-newsletters/ stackoverflow.com/...anchor-in-pdf-document
Read more

javascript - Why does running this loop 9 times take 100x longer than running it 8 times? -

consider code: test = function() { } t = new test(); (var = 0; < 8; i++) { result = t instanceof test; } if change number of iterations 8 9 , loop take 100 times longer complete in latest version of firefox (41.0.1). tested on 2 different pcs , magic limit 8. here jsperf test used: http://jsperf.com/instanceof-8-times-vs-9-times does have idea why might happen? seems specific instanceof . not happen if else object, example check property. note: filed bugzilla bug this. jan de mooij mozilla team has posted details in bugzilla thread . here's simplistic interpretation of highly technical answers: in i < 8 case, firefox smart enough hoist result = t instanceof test; statement out of loop (according tests, doesn't seem omit altogether). in i < 9 case, apparently doesn't optimization . why? reason not clear, related fact 9 iterations threshold above function considered "hot" enough run through jit compiler. i < 8 cas...
Read more

Getting gateway time-out Rails app with Nginx + Puma running on Digital Ocean -

following this guide setup app on digital ocean droplet, not working. site not loading , it's throwing: "gateway time-out". the puma server works, since ps aux | grep puma prints: root 15878 0.0 0.4 376832 2168 ? sl 12:50 0:00 puma 2.13.4 (unix:///var/www/myapp/shared/tmp/sockets/myapp-puma.sock) [20150930164940] root 15881 0.0 0.7 903676 3692 ? sl 12:50 0:06 puma: cluster worker 0: 15878 [20150930164940] root 24654 0.0 0.1 11748 916 pts/2 s+ 18:00 0:00 grep --color=auto puma my nginx config: user root; worker_processes 1; events { worker_connections 1024; } http { upstream puma { server unix:///var/www/myapp/shared/tmp/sockets/myapp-puma.sock; } server { listen 80; server_name myapp.com; root /var/www/myapp/current/public; access_log /var/www/myapp/current/log/access.log; error_log /...
Read more