• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Ganesh Patekar
  • Stephan van Hulst
  • Pete Letkeman
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Ron McLeod
  • Vijitha Kumara

preventing access based on all sessions  RSS feed

 
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
here's what we're after. if a user is working with an order (is on the order detail page), no other users can work with that order. if they try to go to the order detail page, it should show the order as being worked on by _user1_.

we currently have the users and the order they're working on in their http session. so, my thought is that when user2 goes to the order detail page, the servlet can query to see if any sessions have that order as being used.

i'm not sure how this could be done at all, so if anyone has some thoughts it would be most appreciated.
 
Ranch Hand
Posts: 264
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mark,

1. You can store associations between user names and the resources in a static variable e.g.: Map<User, Resources>
In this case, you will have to consider the fact that since you are tied to the static variable, you will NOT be able to scale. A solution could be to have this association object as a JNDI resource (But, make sure your container supports writable JNDI contexts, i know tomcat doesn't)

2. We have this exact same problem, and we store the associations in the database. But, we have to consider the cases where the server crashes/ user does not sign off but just closes the browser etc. The cleanup is the MAJOR part of the headache.

Which ever approach you take, make sure you have support from your application framework level.

You can make use of the HttpSessionBindingListener or one of the other session listeners (beware, atleast one of them behaves quite differently between J2EE 1.3 and 1.4)

Dushy
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!