• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

Gettin' logged User's ID

 
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello folks!

I have a small java web application with jsf, primefaces, mysql and tomcat and i'm trying to keep the logged user's id safe in some place to be used later.

So, everytime a user is logged into the web application, the server will need to know who's online and use this user's ID to update or delete registers that the user's may want to do so. This ID will be used in the WHERE clause of my Controller's and ManagedBean classes.

Perhaps, in the FacesContext, the .getAttribute("id") is the JSESSION id and not the user's id that i get from the database.

Should i set the user's ID by gettin' from resultSet and point to a static or final variable, or sessionMap or any other way?

Thanks!
 
Saloon Keeper
Posts: 10308
217
  • Likes 1 Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'd just store the User ID in the session. That way, the user is logged out when the browser session ends. If you want to log the user out before the browser session ends, just clear the session programmatically.

If you want to keep the user logged in between browser sessions, you can store a login token in a secure http-only cookie, and look up the user ID in a table that tracks login tokens.
 
Bruno John Mccoy
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:I'd just store the User ID in the session. That way, the user is logged out when the browser session ends. If you want to log the user out before the browser session ends, just clear the session programmatically.

If you want to keep the user logged in between browser sessions, you can store a login token in a secure http-only cookie, and look up the user ID in a table that tracks login tokens.



Hi Stephan!

I know that we use setAttribute("field", object) to save information into session. But i dont know how do i get the information and point to a variable, for example. maybe Integer userId = session.getAttribute("id", userInstance)?

I would appreciate if you would give an example!

Thank you!
 
Bartender
Posts: 20842
125
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:I'd just store the User ID in the session.



This is not necessary if you use standard J2EE container security. And you should, especially for JSF (although JSF does have special requirements). Because if you're not using a professionally-designed login system, you almost certainly WILL get hacked in 15 minutes or less.

With container security, the logged-in user ID is always available via the HttpServletRequest getRemoteUser() method. If the user is not logged in, this method will return null.

The JSF API doesn't have a direct API to get this userid last time I looked, but it does have ways to get the HttpServletRequest object and other standard J2EE objects (HttpSession, HttpServletResponse and so forth). That's because JSF wasn't originally intended to be a web-only GUI. So to localize all the web-specific stuff, I generally create a JSFUtils class that does the necessary rummaging around and invoke abstract methods I've defined for it such as getUserId(), isUserInRole(), and get/setSession().
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!