Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Immediately Invalidate another user's session after admin locks a user or changes a user's authoriti

 
Eugene Smola
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Folks

Could you please help me with my problem?

We are using spring 3 and spring security.
Our problem is that we need invalidate another user's session immediately (or almost immediately) after admin locks a user in admin panel.
User could be logged in at that moment. Then the admin locks the user, and after the user tries to make any activity on server side by clicking some buttons, it will be redirected to login page and have to login again.

Is there something embedded in spring security to do so?
Maybe get somehow a logged users list, then mark particular session as invalid?
 
Eugene Smola
Greenhorn
Posts: 10
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi folks!

The answer is:
There is no embedded solutions in spring 3.0

but can offer several solutions:


1. Maintain own user management container:

like this

HttpSession session = se.getSession();
ServletContext context = session.getServletContext();
HashMap activeUsers = (HashMap)context.getAttribute("activeUsers");
activeUsers.put(session.getId(), session);
context.setAttribute("activeUsers", activeUsers);

in sessionCreated method of sessionListner in i successsfully get the list of active user's name and there session id but when i do like that

HttpSessionContext context=request.getSession().getSessionContext();
ServletContext sc=request.getSession().getServletContext();
HashMap activeUsers = (HashMap)sc.getAttribute("activeUsers");
HttpSession session=request.getSession();
if(activeUsers.containsKey(this.sessionID)==true){ session.invalidate(); }
http://www.coderanch.com/t/497470/Servlets/java/invalidate-user-session-forcefully

2. Using jmx beans:
The same problem described and solved there
http://blog.springsource.org/2009/01/02/spring-security-customization-part-2-adjusting-secured-session-in-real-time/
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic