• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Immediately Invalidate another user's session after admin locks a user or changes a user's authoriti

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Folks

Could you please help me with my problem?

We are using spring 3 and spring security.
Our problem is that we need invalidate another user's session immediately (or almost immediately) after admin locks a user in admin panel.
User could be logged in at that moment. Then the admin locks the user, and after the user tries to make any activity on server side by clicking some buttons, it will be redirected to login page and have to login again.

Is there something embedded in spring security to do so?
Maybe get somehow a logged users list, then mark particular session as invalid?
 
Eugene Smola
Greenhorn
Posts: 10
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi folks!

The answer is:
There is no embedded solutions in spring 3.0

but can offer several solutions:


1. Maintain own user management container:

like this

HttpSession session = se.getSession();
ServletContext context = session.getServletContext();
HashMap activeUsers = (HashMap)context.getAttribute("activeUsers");
activeUsers.put(session.getId(), session);
context.setAttribute("activeUsers", activeUsers);

in sessionCreated method of sessionListner in i successsfully get the list of active user's name and there session id but when i do like that

HttpSessionContext context=request.getSession().getSessionContext();
ServletContext sc=request.getSession().getServletContext();
HashMap activeUsers = (HashMap)sc.getAttribute("activeUsers");
HttpSession session=request.getSession();
if(activeUsers.containsKey(this.sessionID)==true){ session.invalidate(); }
https://coderanch.com/t/497470/Servlets/java/invalidate-user-session-forcefully

2. Using jmx beans:
The same problem described and solved there
http://blog.springsource.org/2009/01/02/spring-security-customization-part-2-adjusting-secured-session-in-real-time/
 
reply
    Bookmark Topic Watch Topic
  • New Topic