• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Bear Bibeault
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • salvin francis
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Frits Walraven
Bartenders:
  • Jj Roberts
  • Carey Brown
  • Scott Selikoff

JDBC REALM Tomcat Retrieve the Session.

 
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Guys,

When I log in using JDBCrealm, Tomcat Create a session. When I click logout, I want to use invalidate(). How to do it? I tried using the struts2 but I think in sturts2 you need to put a value on the SessionMap.. And remove the value of the Session Map by invalidate().. How can we do that in JDBCrealm?

This is the link that I am saying.

Invalidate() Sample but not for JDBC realm.. struts2
 
Saloon Keeper
Posts: 23284
158
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The Realm does not create the session. That's done by the internal authentication process that's part of Tomcat. All a Realm does is provide a plug-in component for verifying credentials and roles.

To invalidate a session (logout), simply obtain the HttpSession object from the HttpServletRequest object and invoke its invalidate() method. There are no parameters and it doesn't matter whether you are using Struts, JSF, raw JSP/servlets or whatever.

Once you call session.invalidate(), all session attributes are discarded and the UserPrincipal and username objects that Tomcat attaches to the HttpServletRequest should likewise be considered invalid - they will be null on subsequent incoming requests until the user logs on again.
 
victor chiong
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Thank you very much. It worked One more thing.. Is their a way to like add a logic after J_security_check is done? Maybe it is good to place a value in the session map.

Here is my code.

 
Tim Holloway
Saloon Keeper
Posts: 23284
158
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
J2EE does not call any application code to let the webapp know when a user has logged in. This is partly because if you are using a Single Signon Realm, you may never log in at all because you logged in somewhere else at some other time, so there's no guarantee that a "login event" would occur.

If you have a compelling need to know when a login has occurred, you can keep a session variable with a suitable value such as the userID from the previous HTTP request and detect that a login happened by comparing that value with the userId in the incoming HTTPServletRequest. After login, this value is no longer null, so by detecting the change from null to not-null, you will know that the current HTTP request forced a login to occur.
 
victor chiong
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Yup, That is what i want, however how can I place a detector for for J_Security check? In struts, I'll just make an action.. I have no idea how to do it in J_Security check.... any hint?
 
Tim Holloway
Saloon Keeper
Posts: 23284
158
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You would have to modify Tomcat itself. The j_security_check action is not part of the web application and it doesn't call any part of the web application.
 
victor chiong
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Do you mean that the code of J_Security is found on the Tomcat Server?

regards,
Vic
 
Tim Holloway
Saloon Keeper
Posts: 23284
158
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's why they call it Container Managed Security.
 
victor chiong
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Man

I think I am cool now. I can start from here I will edit the J_security check Thank you for your help. Very much Appreciated


regards,
Vic
 
reply
    Bookmark Topic Watch Topic
  • New Topic