jsf - How to properly logout other users -


in web app trying achieve functionality, admin able logout other logged in users.

what have done far:

  • i created pojo store significant user information, including referrence users http session.
  • this pojo implementing httpsessionbindinglistener
  • during login process put instance of pojo sessionmap. via valuebound method putting static map, stores such logged-in-userinformation (on unbound-event removing again
  • in seperated admin section able access httpsession of specific user , invalidate it
  • the logged-out user gets informed via websocket has been logged-out

invalidating httpsession works fine , mentioned unbound method called. however, problem if in way logged out user still able ajax requests. new instance of hte viewscoped bean created , assigned client , request goes against new instance.

what expect (or achieve) sth viewexpiredexception thrown instead , redirecting user login page instead.
or missing important part in concept?

would enough set proper security-constraints in web.xml or hide conceptual problem?

(if it's important, bean not jsf bean cdi viewscoped bean.)

application running on glassfish 4.1,, mojarra 2.2.12

sessionbindinglistener:

@requiredargsconstructor @equalsandhashcode(of = {"user"}) public class usersessioninfo implements httpsessionbindinglistener {      @getter private static final map<usersessioninfo, usersessioninfo> sessions           = new hashmap<>(10);      @getter private final string user;     @getter private httpsession session;      @override     public void valuebound(httpsessionbindingevent event) {         usersessioninfo usi = sessions.remove(this);         if (usi != null) {             httpsession hs = usi.session;             if (hs != null) {                 hs.invalidate();             }         }         this.session = event.getsession();         sessions.put(this, this);     }      @override     public void valueunbound(httpsessionbindingevent event) {         sessions.remove(this);     }  }

login-method

public string login() {         facescontext context = facescontext.getcurrentinstance();                 httpservletrequest request =             (httpservletrequest) context.getexternalcontext().getrequest();         try {             request.login(username, password);             context                 .getexternalcontext()                 .getsessionmap().put(username, new usersessioninfo(/* ...*/)));             // ..         }          // ....         return "/index?faces-redirect=true";     }

admin-method logging out other user:

public void logoff(usersessioninfo usr) {     eventbus eventbus = eventbusfactory.getdefault().eventbus();             eventbus.publish(channel, new dialogmessage(/*...*/));             usr.getsession().invalidate();            }

if session of user invalidated, requests should fail, ajax or not.

in 1 of app, have :

  • security restrictions, through roles in web.xml
  • session tracking httpsessionlistener , filter (the filter way detect new sessions created tomcat on login, avoid session fixation)
  • the possibility "kill" session, using session.invalidate

if session recreated "in back", must because have unrestricted area being access. require auth all, rule such :

<security-constraint>     <display-name>authenticated users</display-name>     <web-resource-collection>         <web-resource-name>authenticated users</web-resource-name>         <url-pattern>/*</url-pattern>         <http-method>get</http-method>         <http-method>post</http-method>     </web-resource-collection>     <auth-constraint>         <role-name>*</role-name>     </auth-constraint>     <user-data-constraint>         <transport-guarantee>confidential</transport-guarantee>     </user-data-constraint> </security-constraint>

in web.xml, , should ok.


Comments

Post a Comment

Popular posts from this blog

java - WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/board/] in DispatcherServlet with name 'appServlet' -

this question has answer here: why spring mvc respond 404 , report “no mapping found http request uri […] in dispatcherservlet”? 3 answers i trying making simple bbs i'm encountering following error, warn : org.springframework.web.servlet.pagenotfound - no mapping found http request uri [/board/] in dispatcherservlet name 'appservlet' i have tried solve error many times, have failed. how can solve error? here web.xml, controllerand , servlet-context. my web.xml <?xml version="1.0" encoding="utf-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <filter> <filter-nam...
Read more

1111. appearing after print sequence - php -

morning, i have code takes string of shoe sizes, explodes , puts in table. code works , info displayed correctly on page after table there few 1's after table. i'm confused this. so table looks (in columns of 3 on webpage) available in following sizes: 3 4 5 6 9 10 111 here's codes, purpose of example $x = 3|4|6|10|9 function get_sizes_pipe($x) { $counter = 0; $splits = explode("|",$x); asort($splits); $x = print "<table class='greentable'>"; $x .= print "<thead><tr><th scope='col' colspan='3' abbr='starter'>available in following sizes:</th></tr></thead><tbody><tr>"; foreach ($splits $split) { $entry = print "<td>".$split."</td>"; if($counter == 2){ $entry .= print "</tr><tr>"; $counter =0; } else { $counter++; ...
Read more

android - How to create dynamically Fragment pager adapter -

i unable create dynamic layout each tabs, able create tabs dynamically constructor(public mypageradapter(fragmentmanager fm , int nooftabs)), coudn't inflate view each tabs creating each fragment should dyanmic. public class mypageradapter extends fragmentpageradapter { private final string[] titles = { "categories", "home", "top paid", "top free", "top grossing", "top new paid", "top new free", "trending" }; int nooftabs; **public mypageradapter(fragmentmanager fm , int nooftabs) { super(fm); this.nooftabs = nooftabs; }** /*public mypageradapter(fragmentmanager fm) { super(fm); }*/ @override public charsequence getpagetitle(int position) { return titles[position]; } @override public int getcount() { ...
Read more