[jboss-user] [Security & JAAS/JBoss] - Re: LoginFilter vs. WebAuthenticator
ragavgomatam
do-not-reply at jboss.com
Wed Nov 19 14:40:21 EST 2008
Try this.
When person 1 logs in, use a filter to capture the credentials & store it in the ServletContext. This should remain in the ServletContext as long as person 1's session is valid. When person 1 logs out, call invalidate on HttpSession, set up a HttpSessonListener, that will call the ServletContext & remove the credientials from there.
If Person 1 tries to log in from another computer or another browser, while he is logged in , the filter checks to see if the credential exists in the ServletContext. If it exists there, it rejects the log in, else allows it to proceed through.
Here we use the ServletContext, as it is shared across the whole application. You may try with the get the ServletContext from a method available in the FilterConfig
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190616#4190616
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4190616
More information about the jboss-user
mailing list