1 2 Previous Next 25 Replies Latest reply: Jul 26, 2011 9:16 AM by 367265 Go to original post RSS
      • 15. Re: how to prevent multiple logins by using HttpBindingListener
        EJP
        EJP has said this several times in this post.
        I haven't said any of that at any time. Don't put words into my mouth.

        In fact that part of it is perfectly clear. He doesn't want two logins from the same user anywhere. What he hasn't told us is why not. Even though I did ask that at least once.
        • 16. Re: how to prevent multiple logins by using HttpBindingListener
          367265
          Hi,
          I have 2 jsp and 1 java class for me to implement. First LoginModel.jsp is for me to do a db connection for verifying login user.

          /* LoginModel.jsp */
          String username = request.getParameter("username") != null ? request.getParameter("username") : "";
          String password = request.getParameter("password") != null ? request.getParameter("password") : "";
          
          Vector<> vector = new Vector();
          vector.addElement(username);
          vector.addElement(password);
          
          boolean success = (Boolean) ClientProxy.getInstance().invokeServer(ClientProperties.LOGIN, "doLogin", vector);
          if (success) {
             session.invalidate();
             session = request.getSession(true);
                              
             User user;
             synchronized(session)
             {
                  user = (User) session.getAttribute("user");                        
                  if(user == null)
                  {
                     user = new User(ClientSecurityEngine.getInstance().getUserBean().getUsername());
                     session.setAttribute("user", user);
                  }
                                  
                  response.sendRedirect("../../main.jsp");
              }
          } else {
             response.sendRedirect("../../index.jsp?MSG=Login Fail");
          }
          /* User */
          public class User implements HttpSessionBindingListener {
          
              private static Map<String, HttpSession> logins = Collections.synchronizedMap(new HashMap<String, HttpSession>());
              private String username;
          
              public User(String username) {
                  this.username = username;        
              }
          
              public String getUsername() {
                  return username;
              }
              
              @Override
              public void valueBound(HttpSessionBindingEvent event) {
                  if (logins.containsKey(getUsername())) {
                      HttpSession session = logins.remove(getUsername());
                      if (session != null) {
                          session.invalidate();
                      }
                      logins.put(getUsername(), event.getSession());
                  } else {
                      logins.put(getUsername(), event.getSession());
                  }
              }
          
              @Override
              public void valueUnbound(HttpSessionBindingEvent event) {
                  logins.remove(getUsername());
              }
          }
          /* main.jsp */
          <%
          
              User user = (User) session.getAttribute("user");
              System.out.print("@@@@@@@@ " + user);
              if (user == null) {
                  PrintWriter out1 = response.getWriter();
                  out1.println("<html>");
                  out1.println("<script>");
                  out1.println("alert ('Session timeout')");
                  out1.println("window.open ('index.jsp','_parent')");
                  out1.println("</script>");
                  out1.println("</html>");
              }
          %>
          I use these 3 files to validate login users.

          Now the scenario is, when i use username aa to login system (mozilla browser), system shows me username : aa, fine...no problem with this. When i use another browser (IE) to login system again by providing username : bb, i manage to login as well. But when i browse system in mozilla browser, it shows me my username is bb instead of aa. If i use mozilla browser to login aa again, i can see that my IE browser username will be replaced with aa once i click on the IE browser. Last login user always replace previous login user.
          • 17. Re: how to prevent multiple logins by using HttpBindingListener
            367265
            Hi,
            Only 1 requirement.

            No same user logins to system at the same time (from different machines/browsers)
            • 18. Re: how to prevent multiple logins by using HttpBindingListener
              EJP
              I suggest that ClientSecurityEngine.getInstance().getUserBean() is returning the wrong value. I don't see how it can possibly return the right value unless you provide the session as a parameter.
              • 19. Re: how to prevent multiple logins by using HttpBindingListener
                367265
                Hi,
                Below is the code for ClientSecurityEngine
                private static ClientSecurityEngine instance = null;
                    private String username = "";
                    private String password = "";
                    private String[][] accessLevel = new String[21][5];
                    private String version = "version 1.0";
                    private UserBean userBean = null;
                
                    private ClientSecurityEngine() {
                    }
                
                    public static ClientSecurityEngine getInstance() {
                        if (instance == null) {
                            instance = new ClientSecurityEngine();
                        }
                
                        return instance;
                    }
                
                    public void reset() {
                        username = "";
                        password = "";
                    }
                
                    public String getPassword() {
                        return password;
                    }
                
                    public void setPassword(String password) {
                        this.password = password;
                    }
                
                    public String getUsername() {
                        return username;
                    }
                
                    public void setUsername(String username) {
                        this.username = username;
                    }
                
                    public String[][] getAccessLevel() {
                        return accessLevel;
                    }
                
                    public String getVersion() {
                        return version;
                    }
                
                    public UserBean getUserBean() {
                        return userBean;
                    }
                
                    public void setUserBean(UserBean userBean) {
                        this.userBean = userBean;
                    }
                /* Code for UserBean */
                public class UserBean implements java.io.Serializable {
                
                    private int userID = 0;
                    private int userTypeCode = 0;
                    private String username;
                    private String password;
                    private String nickname;
                    private String firstName;
                    private String lastName;
                    private String contactNumberPrefix;
                    private String contactNumber;
                    private String faxNumberPrefix;
                    private String faxNumber;    
                    private java.util.Date creationDateTime;
                    private java.util.Date lastLoginDateTime;
                    private java.util.Date lastUpdatedDateTime;
                    private java.util.Date passwordExpiryDateTime;
                    private String lastLoginIP;   
                
                    public UserBean() {
                    }
                
                    public int getUserID() {
                        return userID;
                    }
                
                    public void setUserID(int userID) {
                        this.userID = userID;
                    }
                
                    public int getUserTypeCode() {
                        return userTypeCode;
                    }
                
                    public void setUserTypeCode(int userTypeCode) {
                        this.userTypeCode = userTypeCode;
                    }
                
                    public String getUsername() {
                        return username;
                    }
                
                    public void setUsername(String username) {
                        this.username = username;
                    }
                
                    public String getPassword() {
                        return password;
                    }
                
                    public void setPassword(String password) {
                        this.password = password;
                    }
                
                    public String getNickname() {
                        return nickname;
                    }
                
                    public void setNickname(String nickname) {
                        this.nickname = nickname;
                    }
                
                    public String getFirstName() {
                        return firstName;
                    }
                
                    public void setFirstName(String firstName) {
                        this.firstName = firstName;
                    }
                
                    public String getLastName() {
                        return lastName;
                    }
                
                    public void setLastName(String lastName) {
                        this.lastName = lastName;
                    }
                
                    public String getContactNumberPrefix() {
                        return contactNumberPrefix;
                    }
                
                    public void setContactNumberPrefix(String contactNumberPrefix) {
                        this.contactNumberPrefix = contactNumberPrefix;
                    }
                
                    public String getContactNumber() {
                        return contactNumber;
                    }
                
                    public void setContactNumber(String contactNumber) {
                        this.contactNumber = contactNumber;
                    }
                
                    public String getFaxNumberPrefix() {
                        return faxNumberPrefix;
                    }
                
                    public void setFaxNumberPrefix(String faxNumberPrefix) {
                        this.faxNumberPrefix = faxNumberPrefix;
                    }
                
                    public String getFaxNumber() {
                        return faxNumber;
                    }
                
                    public void setFaxNumber(String faxNumber) {
                        this.faxNumber = faxNumber;
                    }
                   
                    public java.util.Date getCreationDateTime() {
                        return creationDateTime;
                    }
                
                    public void setCreationDateTime(java.util.Date creationDateTime) {
                        this.creationDateTime = creationDateTime;
                    }
                
                    public java.util.Date getLastLoginDateTime() {
                        return lastLoginDateTime;
                    }
                
                    public void setLastLoginDateTime(java.util.Date lastLoginDateTime) {
                        this.lastLoginDateTime = lastLoginDateTime;
                    }
                
                    public java.util.Date getLastUpdatedDateTime() {
                        return lastUpdatedDateTime;
                    }
                
                    public void setLastUpdatedDateTime(java.util.Date lastUpdatedDateTime) {
                        this.lastUpdatedDateTime = lastUpdatedDateTime;
                    }
                
                    public java.util.Date getPasswordExpiryDateTime() {
                        return passwordExpiryDateTime;
                    }
                
                    public void setPasswordExpiryDateTime(java.util.Date passwordExpiryDateTime) {
                        this.passwordExpiryDateTime = passwordExpiryDateTime;
                    }
                
                    public String getLastLoginIP() {
                        return lastLoginIP;
                    }
                
                    public void setLastLoginIP(String lastLoginIP) {
                        this.lastLoginIP = lastLoginIP;
                    }
                }
                Don't you think when new user logins system, an instance of ClientSecurityEngine will be initialized for each user?
                • 20. Re: how to prevent multiple logins by using HttpBindingListener
                  gimbal2
                  marcalena wrote:
                  Don't you think when new user logins system, an instance of ClientSecurityEngine will be initialized for each user?
                  I must be more stupid than usual today. But ClientSecurityEngine looks like a singleton to me, as in there is only ever ONE instance.
                  • 21. Re: how to prevent multiple logins by using HttpBindingListener
                    EJP
                    Below is the code for ClientSecurityEngine
                    This may come as a shock but I don't care about the code for ClientSecurityEngine. What I care about is whether it returns the correct results. If it doesn't accept a session parameter, I don't see how it can possibly know what user belongs to the current session. What it is actually doing is to return the UserBean for the most recently logged in user. Which is a design and coding error on your part, and nothing whatsoever to do with HttpBindingListeners, valueBound()/valueUnbound(), get/setAttribute(), sessions being 'overwritten since i use setAttribute() method in servlet', or any of the code you posted originally.
                    • 22. Re: how to prevent multiple logins by using HttpBindingListener
                      ramp
                      EJP wrote:
                      EJP has said this several times in this post.
                      I haven't said any of that at any time. Don't put words into my mouth.
                      You have asked the OP at least once to state the problem clearly and I was alluding to that. If it did not come across that way or you still think the same, I am sorry.

                      >
                      In fact that part of it is perfectly clear. He doesn't want two logins from the same user anywhere. What he hasn't told us is why not. Even though I did ask that at least once.
                      No its not clear, not to me. I am posting what I quoted again
                      My problem is when i login system from my windows, i use username aa to login system (using mozilla browser), so i can see from my application my username is >aa. After that i open another browser (IE) and login to system again by using username bb, i manage to login system successfully by providing username bb and >password. So now i have two browsers (mozilla & IE) to login system by using two different username (aa & bb). ok now the problem comes, when i use my first >browser(mozilla) to browse around in system and my username will be replaced with bb (2nd login in IE). 2nd login user overwrites 1st login user.
                      It says that he is logging into the same system, first as user 'aa' and later as 'bb' and the sessions get overwritten.

                      ram.

                      Edit: Reading that again, I can see that the OP meant the server when he referred to the 'same system'. I first thought 'same system' meant the same 'client machine' (and different browsers) that he was using to log on to the application.
                      • 23. Re: how to prevent multiple logins by using HttpBindingListener
                        ramp
                        gimbal2 wrote:
                        marcalena wrote:
                        Don't you think when new user logins system, an instance of ClientSecurityEngine will be initialized for each user?
                        I must be more stupid than usual today. But ClientSecurityEngine looks like a singleton to me, as in there is only ever ONE instance.
                        On the dot. And I think thats where the problem lies.
                        OP, can you show us where the UserBean is set to the ClientSecurityEngine? Regardless of that, you need a ClientSecurityEngine object per user.

                        On a tangential note, your design will not help you if you have a clustered environment.
                        • 24. Re: how to prevent multiple logins by using HttpBindingListener
                          EJP
                          You have asked the OP at least once to state the problem clearly and I was alluding to that. If it did not come across that way or you still think the same, I am sorry.
                          Thank you for your apology, but I'm not sure you actually understand what you're apologizing for. For your elucidation, what you actually said was this: 'EJP has said this several times in this post. Let me repeat ...' and you then went on to 'repeat' a number of things that I hadn't said at all, and that in fact nobody had said.
                          No its not clear, not to me.
                          Maybe not but that doesn't justify dragging my name into your confusion.

                          When you say someone has 'said this' you need to make sure that they really did say 'this'. It is an elementary courtesy and it also serves to keep the discussion on track and bounded.
                          • 25. Re: how to prevent multiple logins by using HttpBindingListener
                            367265
                            Hi,
                            I have rewritten ClientSecurityEngine as below :
                            public class ClientSecurityEngine {
                            
                                private static ClientSecurityEngine instance = null;
                                private String username = "";
                                private String password = "";
                                private String version = "version 1.0";
                                private Vector<UserBean> userVector = new Vector<UserBean>();
                                private HttpSession session = null;
                            
                                private ClientSecurityEngine() {
                                }
                            
                                public static ClientSecurityEngine getInstance() {
                                    if (instance == null) {
                                        instance = new ClientSecurityEngine();
                                    }
                            
                                    return instance;
                                }
                            
                                public String getPassword(HttpSession session) {
                                    String psword = "";
                            
                                    try {
                                        User user = (User) session.getAttribute("user");
                                        Iterator ite = userVector.iterator();
                                        while (ite.hasNext()) {
                                            UserBean usrBean = (UserBean) ite.next();
                                            if (usrBean.getUserID() == user.getUserID()) {
                                                psword = usrBean.getPassword();
                                            }
                                        }
                                    } catch (Exception ex) {
                                        ex.printStackTrace();
                                    }
                                    return psword;
                                }
                            
                                public String getPassword() {
                                    return password;
                                }
                            
                                public void setPassword(String password) {
                                    this.password = password;
                                }
                            
                                public String getUsername(HttpSession session) {
                                    String usrname = "";
                            
                                    try {
                                        User user = (User) session.getAttribute("user");
                                        Iterator ite = userVector.iterator();
                                        while (ite.hasNext()) {
                                            UserBean usrBean = (UserBean) ite.next();
                                            if (usrBean.getUserID() == user.getUserID()) {
                                                usrname = usrBean.getUsername();
                                            }
                                        }
                                    } catch (Exception ex) {
                                        ex.printStackTrace();
                                    }
                                    return usrname;
                                }
                            
                                public String getUsername() {
                                    return username;
                                }
                            
                                public void setUsername(String username) {
                                    this.username = username;
                                }
                                public String getVersion() {
                                    return version;
                                }
                            
                                public UserBean getUserBean(HttpSession session) {
                                    UserBean userBean = null;
                            
                                    try {
                                        User user = (User) session.getAttribute("user");
                                        if(user != null)
                                        {
                                        Iterator ite = userVector.iterator();
                                        while (ite.hasNext()) {
                                            UserBean usrBean = (UserBean) ite.next();
                                            if (usrBean.getUserID() == user.getUserID()) {
                                                userBean = usrBean;
                                            }
                                        }
                                        }
                                    } catch (Exception ex) {
                                        ex.printStackTrace();
                                    }
                                    return userBean;
                                }
                            
                                public void addUserBean(UserBean userBean) {
                                    try {
                                        userVector.addElement(userBean);
                                    } catch (Exception ex) {
                                        ex.printStackTrace();
                                    }
                                }
                            
                                public void clearUserVector() {
                                    userVector.clear();
                                }
                            below is my LoginModel.jsp
                                String username = request.getParameter("username") != null ? request.getParameter("username") : "";
                                String password = request.getParameter("password") != null ? request.getParameter("password") : "";
                                String selectLanguage = request.getParameter("selectLanguage") != null ? request.getParameter("selectLanguage") : "1";
                                System.out.print("@@@@@@@@@selectLanguage:" + selectLanguage);
                                try {
                                    ClientSecurityEngine.getInstance().setUsername(username);
                                    ClientSecurityEngine.getInstance().setPassword(password.trim());
                                    CommonUtil.getInstance().setLanguageCode(Integer.parseInt(selectLanguage));
                            
                                    Vector vCredentials = new Vector();
                                    vCredentials.addElement(username);
                                    vCredentials.addElement(password);
                            
                                    Object[] values = (Object[]) ClientProxy.getInstance().invokeServer(ClientProperties.LOGIN_SERVLET, "doLogin", vCredentials, session);
                                    boolean success = Boolean.parseBoolean(String.valueOf(values[0]));
                                    int userType = Integer.parseInt(String.valueOf(values[1]));
                            
                                    if (success) {
                                        session = request.getSession(true);
                            
                                        ClientSecurityEngine.getInstance().addUserBean((UserBean) values[2]);
                            
                                        User user;
                                        synchronized (session) {
                                        user = (User) session.getAttribute("user");
                                        if (user == null) {
                                            user = new User(((UserBean) values[2]).getUserID());
                                            session.setAttribute("user", user);
                                        }
                            
                                        response.sendRedirect("../../main.jsp");
                                    } else {
                                            response.sendRedirect("../../index.jsp?MSG=Invalid Login");
                                    }        
                                } catch (Exception ex) {
                                    ex.printStackTrace();
                                }
                            Now i can successfully login system (another machine) by providing username "aa" and username "bb", but i found it very weird, i always encounter NullPointerException for 1st login user(aa) after a very short timeframe (5 seconds). What i noticed is that 1st login user was being called ValueUnbound to kill his session. After another 5 seconds, 2nd login user (bb) always encountered same exception (NullPointerException). Anyone has ideas regarding this?

                            Below is my code in main.jsp for validating session. user always became null value after 5 seconds. But when i checked back my configuration for setting timeout, it's being set 60 seconds.
                            User user = (User)session.getAttribute("user");    
                                if (user == null) {
                                    session.invalidate();
                                    PrintWriter out1 = response.getWriter();
                                        out1.println("<html>");
                                        out1.println("<script>");
                                        out1.println("alert ('Session timeout')");
                                        out1.println("window.open ('index.jsp','_parent')");
                                        out1.println("</script>");
                                        out1.println("</html>");
                                }
                            1 2 Previous Next