tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <Yoav.Shap...@mpi.com>
Subject RE: SessionListener
Date Tue, 02 Dec 2003 14:00:26 GMT

Howdy,
Senor Basu, your solution is seriously not thread-safe.  But that's for
you to worry about it, maybe it's good enough for your needs ;)

As for Senor Hart's questions:
- HttpSessionListener goes in web.xml, as do all other Servlet
Specification listeners.
- SessionListener goes in server.xml, as do all other Tomcat-specific
listeners.

SessionListener is not tied to HttpSessionListener or HttpSession
directly.  You have to do a series of casts.  The event object in the
SessionListener's SessionEvent is a catalina-specific Session
implementation.  It will also implement the HttpSession interface.  So
you can get from one to another by casting, but it's ugly (as is the
whole SessionListener solution).

Let's step back a minute: you have this whole hassle because you want
the user's password.  You want the user's password in order to
authenticate the user.  But with the getUserPrincipal approach, the user
is already authenticated if the Principal is not null.  Alternatively,
if you have some input screen where the user enters the username and
password, grab them there instead of from the session.  I think what's
missing here is the big picture: tell us what you're trying to do, what
authentication mechanism you're using, and let's forget about the
tomcat-specific hacks for a minute ;)

Yoav Shapira
Millennium ChemInformatics


>-----Original Message-----
>From: Atreya Basu [mailto:atreya@greenfieldresearch.ca]
>Sent: Monday, December 01, 2003 4:37 PM
>To: Tomcat Users List
>Subject: Re: SessionListener
>
>Hi,
>
>Here is how I use the HttpSessionListener.
>
>First I create a Class that implements HttpSessionListener:
>package com.gri.web;
>import javax.servlet.http.*;
>public MySessionListener implements HttpSessionListener
>{
>   private static int num_sessions = 0;
>   private HttpSession session = null;
>
>   public void sessionCreated(HttpSessionEvent se)
>    {
>        num_sessions++;
>        session = se.getSession();
>    }
>    public void sessionDestroyed(HttpSessionEvent se)
>    { num_session--;}
>    public static int getNumSessions() {return num_sessions; }
>     public static HttpSession getLastSession() { return session;}
>}
>
>Now include this in the web.xml for your context (directly after
>filter&filter-mapping but before Servlet element):
>
>|<listener>|
>|||  <listener-class>com.gri.web.MySessionListener</listener-class>
></listener>||
>
>now all you have to do is create a JSP:
><jsp:root xmlns:jsp="http://java.sun.com/JSP/Page">
><jsp:directive.page import="com.gri.web.*" />
><jsp:text>
><html>
><body>
>|Last user in session:
></jsp:text>
><jsp:expression>
>MySessionListener.getLastSession().getAttribute("j_username")
></jsp:expression>
>|<jsp:text>
>|Username of current person
></jsp:text>
><jsp:expression>
>session.getAttribute("j_username")
></jsp:expression>
>|</jsp:root>
>
>|</body>
></html>
></jsp:root>
>Hart, Justin wrote:
>
>>Ok, still, I haven't found any documentation on how to add a
>SessionListener in the server.xml file, and adding one using the
listener
>tags defined for web.xml files doesn't seem to work.
>>
>>I also haven't seen how to get a user's credentials from a
HttpSession, or
>how to get a Session from an HttpSessionListener.  Could you throw me a
>bone?
>>
>>Justin
>>
>>-----Original Message-----
>>From: Shapira, Yoav [mailto:Yoav.Shapira@mpi.com]
>>Sent: Monday, December 01, 2003 2:52 PM
>>To: Tomcat Users List
>>Subject: RE: SessionListener
>>
>>
>>
>>Howdy,
>>A SessionListener of the org.apache.catalina variety would go in the
>>same place as all tomcat-specific features:
>>$CATALINA_HOME/conf/server.xml.  That means the class specified there
>>must be accessible to the server classloaders, i.e. must reside in
>>common/lib or higher on the classloader hierarchy.
>>
>>The above is true for Valves, Realms, Listeners, etc, that are
>>proprietary to tomcat.
>>
>>Yoav Shapira
>>Millennium ChemInformatics
>>
>>
>>
>>
>>>-----Original Message-----
>>>From: Hart, Justin [mailto:JHart@sfa.com]
>>>Sent: Monday, December 01, 2003 11:53 AM
>>>To: Tomcat Users List
>>>Subject: RE: SessionListener
>>>
>>>Ok, so, the listener in there must implement HttpSessionListener,
where
>>>
>>>
>>can
>>
>>
>>>I use SessionListeners?
>>>
>>>Justin
>>>
>>>-----Original Message-----
>>>From: Hart, Justin
>>>Sent: Monday, December 01, 2003 11:34 AM
>>>To: Tomcat Users List (E-mail)
>>>Subject: SessionListener
>>>
>>>
>>>My SessionListener doesn't seem to be firing, any help?
>>>
>>>I have a SessionListener that I want to go off when a user
>>>
>>>
>>authenticates to
>>
>>
>>>my web app (this is a correct usage, right?)
>>>
>>>So, in the web.xml of my app, I would put the lines:
>>>
>>><web-app>
>>>	<listener>
>>>		<listener-class>
>>>			the class
>>>		</listener-class>
>>>	</listener>
>>></web-app>
>>>
>>>This should fire off when the user signs in to the page, correct?
>>>
>>>Justin
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>
>>
>>
>>
>>This e-mail, including any attachments, is a confidential business
>communication, and may contain information that is confidential,
>proprietary and/or privileged.  This e-mail is intended only for the
>individual(s) to whom it is addressed, and may not be saved, copied,
>printed, disclosed or used by anyone else.  If you are not the(an)
intended
>recipient, please immediately delete this e-mail from your computer
system
>and notify the sender.  Thank you.
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>>
>
>--
>____________________________________
>Developer
>Greenfield Research Inc.
>atreya(AT)greenfieldresearch(DOT)ca
>(902)422-9426
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message