Win a copy of Escape Velocity: Better Metrics for Agile Teams this week in the Agile and Other Processes forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Paul Clapham
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Frank Carver
  • Junilu Lacar
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Frits Walraven
  • fred rosenberger

Session tracking in client-server model ?

 
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Iam writing a client-server app with three types of users with
different privileges. Is there a session tracking type mechanism for
client server apps ?

If not I would just have to write a different user interface with access to
different data based on the type of the user. Is this the best approach ?

thanks,

J.C
 
Ranch Hand
Posts: 356
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hello,

you could use TCP. If you use RMI, you can use a different remote object on the server for each user, so that you can identify a user by that.

Kai
 
(instanceof Sidekick)
Posts: 8791
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Kai points up some interesting things we don't know yet ... What protocol do your client and server use to communicate? Is your server a standard like a servlete container, or something you made yourself?
 
James Clarke
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi guys,

thanks for the response. My server is one that I will be writing myself
using RMI working over a Windows NT network.

I was planning on using different remote objects for different types of users but Iam not sure if this is the best design ?
Anyone have any other suggestions ?

thanks,

J.C
 
Ranch Hand
Posts: 456
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
well, i might have understood your needs wrongly, but i don't think so.

my approach _always_ is to assign a role to a user. to be more precise: a collection of roles. later, those roles get connected with certain rights. this can be hardcoded by the application or maintainable through any sort of administration UI.

i would not - really not - bother to put anything about rights in the (http?)session or even in the protocol. just make sure that you can identify your user, typically by its id and check everything about his roles and rights on the server-side at run time.

hope it helps,
jan
[ February 14, 2006: Message edited by: Jan Groth ]
 
Stan James
(instanceof Sidekick)
Posts: 8791
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A "session" is not magical. It's just some state kept on the server related to a particular user. You could make your own Session object and put it in a static HashMap keyed by the user's IP or a token they send on every request or whatever works in your environment. I don't know RMI ... maybe it has something suitable for the key or even the object.

I agree with Jan. A user has roles and a role has rights. At runtime you can ask a simple API if this user has this right: isAuthorized(user,right). You might need userid on the session but the rest of the mappings should be neatly hidden behind the authorization API.

I have to admit I did one system where the client loaded all the rights at startup and didn't have to ask the server after that. But internally it kept the rights private had the identical isAuthorized() API. Any time the client tried to do something the server double checked the authorization. Don't trust the clients!
 
James Clarke
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Guys,

Thanks for the responses but the system I am talking about is a client-server system using RMI, so HTTP session tracking doesn't apply.

And I don't think there is a session tracking mechanism for client-server apps....

thanks,
J.C
 
author
Posts: 23928
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by James Clarke:
Hi Guys,
Thanks for the responses but the system I am talking about is a client-server system using RMI, so HTTP session tracking doesn't apply.

And I don't think there is a session tracking mechanism for client-server apps....

thanks,
J.C



Session tracking services is provided with http, mainly because it was a pain to implement. (No real parameters -- either it is cookies or part of the URL)

With RMI, it is not necessary. When you need a session, just create a new handle object that you pass back. Whenever a call is made, the handle is passed back to the server to signify the session. This handle is used by the server to find the state of the session.

Henry
 
I promise I will be the best, most loyal friend ever! All for this tiny ad:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic