tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Crowther" <>
Subject RE: SSO question
Date Fri, 11 Nov 2005 09:20:15 GMT
> From: Klotz Jr, Dennis [] 
> Is it possible using LDAP, whether it is using custom JAAS code or a
> third party product such as Vintela's VSJ
> (, to do the following:
> "... prevent, control or limit the simultaneous active usage 
> of the same
> user id. The number of simultaneous active sessions shall be settable
> per user id."
> The show stopper for me is whether I can inform the LDAP 
> server when the
> user has logged out. The default JNDIRealm does not, to my knowledge,
> provide that ability. JNDIRealm is just for authenticating and role
> retrieval.

You *could* do something like this by storing a custom attribute in LDAP
and incrementing/decrementing that when a user logs in/out.  I'm not
sure where it'd get you, though, given users' distressing habits of
closing browsers without logging out of an app and hence leaving the
session open for a period.  That sounds like it's come straight out of a
requirements doc.  I'd ask who wrote the requirements doc, what's the
business reason behind that requirement, and can it be accomplished
another way?

		- Peter

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message