Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: SessionListener
Date: Tue, 2 Dec 2003 09:00:26 -0500
Message-ID: <9C5166762F311146951505C6790A9CF83464E1@US-VS1.corp.mpi.com>
Thread-Topic: SessionListener
Thread-Index: AcO4U2x+F/wLsDgKQcG/Wyz1m0JhtwAiKdqw
From: "Shapira, Yoav" <Yoav.Shapira@mpi.com>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>


Howdy,
Senor Basu, your solution is seriously not thread-safe.  But that's fo=
r
you to worry about it, maybe it's good enough for your needs ;)

As for Senor Hart's questions:
- HttpSessionListener goes in web.xml, as do all other Servlet
Specification listeners.
- SessionListener goes in server.xml, as do all other Tomcat-specific
listeners.

SessionListener is not tied to HttpSessionListener or HttpSession
directly.  You have to do a series of casts.  The event object in the
SessionListener's SessionEvent is a catalina-specific Session
implementation.  It will also implement the HttpSession interface.  So=

you can get from one to another by casting, but it's ugly (as is the
whole SessionListener solution).

Let's step back a minute: you have this whole hassle because you want
the user's password.  You want the user's password in order to
authenticate the user.  But with the getUserPrincipal approach, the us=
er
is already authenticated if the Principal is not null.  Alternatively,=

if you have some input screen where the user enters the username and
password, grab them there instead of from the session.  I think what's=

missing here is the big picture: tell us what you're trying to do, wha=
t
authentication mechanism you're using, and let's forget about the
tomcat-specific hacks for a minute ;)

Yoav Shapira
Millennium ChemInformatics


>-----Original Message-----
>From: Atreya Basu [mailto:atreya@greenfieldresearch.ca]
>Sent: Monday, December 01, 2003 4:37 PM
>To: Tomcat Users List
>Subject: Re: SessionListener
>
>Hi,
>
>Here is how I use the HttpSessionListener.
>
>First I create a Class that implements HttpSessionListener:
>package com.gri.web;
>import javax.servlet.http.*;
>public MySessionListener implements HttpSessionListener
>{
>   private static int num_sessions =3D 0;
>   private HttpSession session =3D null;
>
>   public void sessionCreated(HttpSessionEvent se)
>    {
>        num_sessions++;
>        session =3D se.getSession();
>    }
>    public void sessionDestroyed(HttpSessionEvent se)
>    { num_session--;}
>    public static int getNumSessions() {return num_sessions; }
>     public static HttpSession getLastSession() { return session;}
>}
>
>Now include this in the web.xml for your context (directly after
>filter&filter-mapping but before Servlet element):
>
>|<listener>|
>|||  <listener-class>com.gri.web.MySessionListener</listener-class>
></listener>||
>
>now all you have to do is create a JSP:
><jsp:root xmlns:jsp=3D"http://java.sun.com/JSP/Page">
><jsp:directive.page import=3D"com.gri.web.*" />
><jsp:text>
><html>
><body>
>|Last user in session:
></jsp:text>
><jsp:expression>
>MySessionListener.getLastSession().getAttribute("j_username")
></jsp:expression>
>|<jsp:text>
>|Username of current person
></jsp:text>
><jsp:expression>
>session.getAttribute("j_username")
></jsp:expression>
>|</jsp:root>
>
>|</body>
></html>
></jsp:root>
>Hart, Justin wrote:
>
>>Ok, still, I haven't found any documentation on how to add a
>SessionListener in the server.xml file, and adding one using the
listener
>tags defined for web.xml files doesn't seem to work.
>>
>>I also haven't seen how to get a user's credentials from a
HttpSession, or
>how to get a Session from an HttpSessionListener.  Could you throw me=
 a
>bone?
>>
>>Justin
>>
>>-----Original Message-----
>>From: Shapira, Yoav [mailto:Yoav.Shapira@mpi.com]
>>Sent: Monday, December 01, 2003 2:52 PM
>>To: Tomcat Users List
>>Subject: RE: SessionListener
>>
>>
>>
>>Howdy,
>>A SessionListener of the org.apache.catalina variety would go in the=

>>same place as all tomcat-specific features:
>>$CATALINA_HOME/conf/server.xml.  That means the class specified ther=
e
>>must be accessible to the server classloaders, i.e. must reside in
>>common/lib or higher on the classloader hierarchy.
>>
>>The above is true for Valves, Realms, Listeners, etc, that are
>>proprietary to tomcat.
>>
>>Yoav Shapira
>>Millennium ChemInformatics
>>
>>
>>
>>
>>>-----Original Message-----
>>>From: Hart, Justin [mailto:JHart@sfa.com]
>>>Sent: Monday, December 01, 2003 11:53 AM
>>>To: Tomcat Users List
>>>Subject: RE: SessionListener
>>>
>>>Ok, so, the listener in there must implement HttpSessionListener,
where
>>>
>>>
>>can
>>
>>
>>>I use SessionListeners?
>>>
>>>Justin
>>>
>>>-----Original Message-----
>>>From: Hart, Justin
>>>Sent: Monday, December 01, 2003 11:34 AM
>>>To: Tomcat Users List (E-mail)
>>>Subject: SessionListener
>>>
>>>
>>>My SessionListener doesn't seem to be firing, any help?
>>>
>>>I have a SessionListener that I want to go off when a user
>>>
>>>
>>authenticates to
>>
>>
>>>my web app (this is a correct usage, right?)
>>>
>>>So, in the web.xml of my app, I would put the lines:
>>>
>>><web-app>
>>>	<listener>
>>>		<listener-class>
>>>			the class
>>>		</listener-class>
>>>	</listener>
>>></web-app>
>>>
>>>This should fire off when the user signs in to the page, correct?
>>>
>>>Justin
>>>
>>>-------------------------------------------------------------------=
--
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.or=
g
>>>
>>>
>>>-------------------------------------------------------------------=
--
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.or=
g
>>>
>>>
>>
>>
>>
>>
>>This e-mail, including any attachments, is a confidential business
>communication, and may contain information that is confidential,
>proprietary and/or privileged.  This e-mail is intended only for the
>individual(s) to whom it is addressed, and may not be saved, copied,
>printed, disclosed or used by anyone else.  If you are not the(an)
intended
>recipient, please immediately delete this e-mail from your computer
system
>and notify the sender.  Thank you.
>>
>>
>>--------------------------------------------------------------------=
-
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org=

>>
>>
>>--------------------------------------------------------------------=
-
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org=

>>
>>
>>
>>
>
>--
>____________________________________
>Developer
>Greenfield Research Inc.
>atreya(AT)greenfieldresearch(DOT)ca
>(902)422-9426
>
>
>
>---------------------------------------------------------------------=

>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


This e-mail, including any attachments, is a confidential business com=
munication, and may contain information that is confidential, propriet=
ary and/or privileged.  This e-mail is intended only for the individua=
l(s) to whom it is addressed, and may not be saved, copied, printed, d=
isclosed or used by anyone else.  If you are not the(an) intended reci=
pient, please immediately delete this e-mail from your computer system=
 and notify the sender.  Thank you.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org