How to check if a user session is active in Java application server

Similar Messages

• User Role problems in Sun Java Application Server Platform Edition 8

  I am having two problems setting up user roles in Sun Java Application Server Platform Edition 8. At first, I thought that it was a problem with the higher level features that I was using, so I created a very simple example using the simplest authentication I can use, but the problem still occurs. I am using the file realm and configuring the users in the App Server Admin Console. I create 2 users in different roles. One user should have access, the other should not.
  1) The first problem is that both users can access the page
  2) The second problem is that the isUserInRole() method returns false for both users with the role that it should be authenticating against.
  Here is a sample of my code:
  Users Configured in Console:
  username password roles
  user1 ********** admin
  user2 ********** noaccess
  web.xml
       <security-role>
            <role-name>admin</role-name>
       </security-role>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>My Protected Area</web-resource-name>
                 <url-pattern>/*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                 <role-name>admin</role-name>
            </auth-constraint>
            <user-data-constraint>
                 <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>file</realm-name>
       </login-config>
       <servlet>
            <servlet-name>
                 TestServlet
            </servlet-name>
            <servlet-class>
                 mypackage.TestServlet
            </servlet-class>
            <security-role-ref>
                 <role-name>admin</role-name>
                 <role-link>admin</role-link>
            </security-role-ref>
       </servlet>
       <servlet-mapping>
            <servlet-name>
                 TestServlet
            </servlet-name>
            <url-pattern>
                 /TestServlet
            </url-pattern>
       </servlet-mapping>
  TestServlet.java:
            out.println("admin role: " + request.isUserInRole("admin") + "<BR/>");
  Thanks before hand for any responses.
  - Brian

  Hi Jeanfrancois,
  Your suggestion has lead me to find my problem. There were actually three problems.
  1) First, you suggestion to reorder my xml file did not cause any errors to occur. I got suspicious that my web.xml file was wrong. I looked at some sample web-xml files and found that I was missing the header as follows:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
  2) When I added this information, the deploy feature failed stating the my web.xml file was out of order. I fixed the ordering. It now deployed, but the security still wasn't working.
  3) I then added the sun-web.xml file. This file was missing before hand as I thought it was unnessary. However, this file added the essential mapping from a role to a group. After adding this, it now started to work.
  Thanks so much for you time and effort. You really did help me.
  - Brian Blank

• How to check whether a user session is null or not

  Hi
  I am using Jdeveloper 11.1.2.2
  I have a use case of running some Junit test case, this is the problem I have :
  There are some Junit tests which are written for some VO's. While testing insert and update operation in Junit there is two mandatory columns Created by and Updated by to be entered for committing into the database.
  These values are taken from the UserName of the current UserSession .
  So for getting the these values for each user I thought of displaying a JPanel before the test is run, where the user enters the Username and password which is validated and the user is verified.
  First, I need to check whether there is a session present or not. For checking this, I wrote a createUserSession() and did like this inside it :
  if(fixture.getApplicationModule().getSession().getUserData().isEmpty())If so to show the Jpanel and get the user details and verify the user.
  But while running the test itself I found that the session is already present, now I just have to input the values based on who is the user.
  But Junit doesn't run the tests in the order in which the test are written. So I have to call this in all the test cases.
  The Question is :
  How can I check whether the session is already present or not, so that I don't have to ask the user every time while every test is running to enter the Username and Password ?
  Thanks,
  Nigel.
  Edited by: Nigel Thomas on Jul 30, 2012 10:26 AM

  Hi,
  wondering why don't you create test users and then automatically log them in as Jan Vervecken did on the threads I pointed you to. This way your test cases run without user interaction. To test if a session exists for a user, I would put a custom property into user data. If this property exists, the user session is an existing one. However, make sure the information you save into the user data survives passivation as otherwise the information you get out of this is not accurate. See: http://tompeez.wordpress.com/2011/07/08/jdev-always-test-your-app-with-applicationmodule-pooling-turned-off/
  Frank

• How to check if a user has a particular role in sql server

  Is it possible to check to see if a user has a particular role in sql server? For instance, I need to check to see if the user logging in has wite ability to the database. Thanks in advance.

  To answer your question from a Java-perspective, since this is a Java-forum: No.
  The JDBC 3.0 specification does not state that the driver has to implement a user credential mechanism.
  However, the DriverManager will throw an SQLException if user credentials are not met at all and the Connection should throw you a SQLException when trying to create or execute a statement that you are not alowed to do.

• How to check whether file exist in a folder at the application server

  Hi to all experts.
  if suppose there is a file at the application server test.txt my requirement if the one more file is created of the same name before overwriting the file a warning message is to displayed to the user that the file already exist .
  how to do it

  HI Mohammed,
  use The FM DX_FILE_EXISTENCE_CHECK
  or static class CL_GUI_FRONTEND_SERVICES=>FILE_EXIST
  For more info
  search file in application server
  application server
  hope it helps you.
  Regards!

• Deploying session bean on sun java application server

  Hi,
  I'm using sun java system application server 8.2.
  I just want to deploy a session bean (stateless) on it.
  Please tell me the procedure.
  Thanks

  problem is coming in Resource Type and Factory class when configuring JNDI.
  what value I should give for the Resource Type and Factory class?
  Please tell me.
  Thanks

• How to know if user (session) is authenticated in other application (SSO)

  Hi folks!
  We've deployed various J2EE applications in some OC4J instances. So far the applications used SSO Authentication against OiD (LDAP), but we need a public access application.
  The problem is the following: we need a different behaviour in this last application (without authentication characteristics) depending on one user is authenticated within other application that required SSO login.
  How could check if current user (session) si authenticated against SSO, for example, in ADF-STRUTS DataAction class?
  We tested the gerRemoteUser() method but is only works within the applications requering login.
  Please, anyone could guide me?
  Mike
  Thanks!

  Hi,
  Oracle AS Single Sign ON stores some of the attributes of an authenticated user in a browser cookie - the name of the Cookie is SSO_ID.
  You cannot get any information from this Cookie. The Cookie is avaliable only to the Oracle AS Single Sign ON and is meant to be used only by it. You cannot read any useful information from the Cookie as it is higly encrypted.
  If you need to know the name of the currently logged in user, your application should be a Partner Application or an External Applciation to Oracle AS Single Sign On.
  The reason is simple - you can use your browser to connect to many Websites protected by Oracle AS Single Sign ON. Thus, if your application isn't a Partner or an External Application registered with SSO, your application can't establish a context.
  Hence, your application needs to be registered as a Partner Application or an External Application with SSO.
  An application which is nto registered with SSO cannot get the User information from SSO. The getRemoteUser() method would always return a null in such cases.
  Regards,
  Sandeep

• How to check if the user has only the display authority of a message

  hi,
  How to check if the user has only the display authority of a message but does not have the change authority for a certain message?
  Best regards,

  hi blake
  though i am an application consultant and for authorisation u need to have help of BASIS person if u r not the one but still i can guide u regarding the same,
  Basically Authorization Management 
  Use
  You can use the following authorization objects to control the authorizations for maintaining business partner data:
  •        Authorization objects for the Business Partner:
  •     &#61601;        B_BUPA_GRP
  •     &#61601;        B_BUPA_ATT
  •     &#61601;        B_BUPA_FDG
  •     &#61601;        B_BUPA_RLT•       
  Authorization objects for relationships:
  •     &#61601;        B_BUPR_BZT
  •     &#61601;        B_BUPR_FDG
  In addition, you can assign an authorization group to a business partner in the dialog. The authorization group controls which users may maintain data for this business partner.
  You can also define authorizations for fields and field groups using the Business Data Toolset (BDT). Depending on the settings you have made, the system carries out the relevant authorization checks.
  In the dialog in the SAP GUI, you can display an overview of the authorizations assigned to you by pressing the button Settings.
  For more information on authorization management, see the Implementation Guide (IMG) of the Business Partner, as well as in the Developer’s Handbook for the BDT under  Authorizations.
  IntegrationAuthorization management for the Business Partner forms part of the  SAP authorization concept.
  Prerequisites
  You have made the necessary settings in Customizing of the Business Partner under Basic Settings--> -Address Management.
  Moving over
  AS ABAP Authorization Concept 
  The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.
  To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.
  Authorization Checks 
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  •        Starting SAP transactions (authorization object S_TCODE)
  •        Starting reports (authorization object S_PROGRAM)
  •        Calling RFC function modules (authorization object S_RFC)
  •        Table maintenance with generic tools (S_TABU_DIS)
  Checking at Program Level with AUTHORITY-CHECK
  Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
  AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
  Starting SAP Transactions
  When a user starts a transaction, the system performs the following checks:
  •        The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
  •        The system then checks whether the user has authorization to start the transaction.
  The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.
  •     &#61601;        The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.
  •     &#61601;        If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).
  If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).
  •        The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.
  The check is not performed in the following cases:
  You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction SE93. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.
  This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.
  •     &#61601;        You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.
  •     &#61601;        So that the entries that you have made with transactions SU24 and SU25 become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to “Y” (using transaction RZ10).
  All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.
  Starting Report Classes
  You can perform additional authorization checks by assigning reports to authorization classes (using report RSCSAUTH). You can, for example, assign all PA* reports to an authorization class for PA (such as PAxxx). If a user wants to start a PA report, he or she requires the appropriate authorization to execute reports in this class.
  We do not deliver any predefined report classes. You must decide yourself which reports you want to protect in this way. You can also enter the authorization classes for reports with the maintenance functions for report trees. This method provides a hierarchical approach for assigning authorizations for reports. You can, for example, assign an authorization class to a report node, meaning that all reports at this node automatically belong to this class. This means that you have a more transparent overview of the authorization classes to which the various reports are transported.
  You must consider the following:
  •     •         After you have assigned reports to authorization classes or have changed assignments, you may have to adjust objects in your authorization concept (such as roles (activity groups), profiles, or user master records).
  •     •         There are certain system reports that you cannot assign to any authorization class. These include:
  •     •         RSRZLLG0
  •     •         STARTMEN (as of SAP R/3 4.0)
  •     •         Reports that are called using SUBMIT in a customer exit at logon (such as SUSR0001, ZXUSRU01).
  •     •         Authorization assignments for reports are overwritten during an upgrade. After an upgrade, you must therefore restore your customer-specific report authorizations.
  Calling RFC Function Modules
  When RFC function modules are called by an RFC client program or another system, an authorization check is performed for the authorization object S_RFC in the called system. This check uses the name of the function group to which the function module belongs. You can deactivate this check with parameter auth/rfc_authority_check.
  Checking Assignment of Authorization Groups to Tables
  You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
  You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
  please See also:
  •        SAP Notes 7642, 20534, 23342, 33154, and 67766
  guess this info will help you,there is one graphic which actually explain the hierarchy of authorisation,i will find some time out to let u know more info about the authorisation
  but if u sit with ur BASIS guy then u can learn lot of things in PFCG
  i guess u r a basis guy,then its not a problem
  best regards
  ashish

• How to check the unused users in portal.

  Hi Guru,
  We are doing auditing in Portal server.Can any tell us
  How to check the unused users in portal?.
  Regards,
  Vivek

  Use portal activity reporting  for monitoring the users. This way you can monitor the users in the portal who logged on to the portal.
  Below are things you can monitor from portal activity report iview
  1) number of users logged on during the period of time.
  2) Details of the users who logged on
  3) monitoring particular iview/page
  Check the below threads for more help
  http://help.sap.com/saphelp_nw04s/helpdata/en/47/87329cc84a199ce10000000a42189d/frameset.htm
  http://help.sap.com/saphelp_nw04s/helpdata/en/47/87346dc84a199ce10000000a42189d/frameset.htm
  Raghu

• How to Check when the user is connected to different desktop.

  How to Check when the user is connected to different desktop.Sometimes the user maynot see the theme in the personalize theme list. In that case the person must be using different kind of desktop.How to check, I need a path.And how to apply the theme to that user?
  Thanks,
  Paturi

  Hi,
  you can create the new portal desktop from
  System Administration => Portal display => Desktop and Display Themes
  Select your folder from Portal Content and from its context create new Desktop.
  Add The Framework page and the theme to this desktop page.
  Go to your folder from Portal Content and from the context of the framework page select add framework page to portal desktop.
  Adding Theme to desktop
  From Portal content select Theme folder and select the theme right click it and select Add theme to Portal Desktop.
  Create rule for the Desktop.
  Navigate to System Administration => Portal Display => Desktop and Display Themes Portal Content => Portal Administrators => Super Administrators =>main_rules.
  Click Add IF Expression.
  create the expression if user = xyz then click on apply
  Select the then clause of the if and navigate to your folder where Desktop is created ,Add it and Click Apply.
  Save the Changes to the rule.
  Hope it helps you.
  (reward points if its helpful)
  Thanks,
  Gunjan

• How to know time in which session last activity is done

  Hi ,
  I want to know that in which users session last activity time is done. I am seeing inactive session but i want to be sure that the last activity is done on the same day when i am going to kill the session after checking users session by v$session.
  Regards,
  Vikas

  Look at V$SESSION.LAST_CALL_ET.
  Quoting the documentation :
  LAST_CALL_ET NUMBER
  If the session STATUS is currently ACTIVE, then the value represents the elapsed time in seconds since the session has become active.
  If the session STATUS is currently INACTIVE, then the value represents the elapsed time in seconds since the session has become inactive.
  Hemant K Chitale

• How to check weather a material created is active or not

  Dear Friends
  1    How to check weather a material created is active or not.
  2  MIGO standard document has a check button, can we have similar check button in other documents like Purchase requisition.
  3   In case of material valuation is Standard (Price control), the costing is done on the basis of the Standard Price or actual cost of the raw material.
  I will be thankful for your advice.
  Sanjeev

  1 How to check weather a material created is active or not.
  There is a Blue "i" button for the Material, pls click that it will show you the current status..
  2 MIGO standard document has a check button, can we have similar check button in other documents like Purchase requisition.
  for PR you can see the check button( CtrlShiftF3) beside personal settings

• How to check the tran code for specific activity.

  Hello friends ,
  could you please let me know how to check the tran code for specific activity . AS in table , i can check , what transaction does what ? But now i need to check the transaction for specific activity .
  E.g , For Administrator workbench , there is transcation like RSA1 .
  thanks in advance
  Regards

  Hi,
  try the TSTC table with SE16.
  Hope it helps,
  MG

• How to delete string or line from unix file(dataset) of application server

  Hi  All,
  After transfer workarea information or all records into dataset(unix file). When I see the file in application server automatically the last line is shown a blank line. I am not passing any blank line.
  I have tried for single record than also the file generates the last line(2nd line) also a blank line.
  When I m reading the dataset, it is not reading the last blank line but why it is showing the last blank line?
  How to delete string or line from unix file(dataset) of application server?
  Please give your comments to resolve this.
  Thanks
  Tirumula Rao Chinni

  Hi Rio,
  I faced similar kind of issue working with files on UNIX platform.
  The line is a line feed to remove it use
  DATA : lv_carr_linefd TYPE abap_cr_lf VALUE cl_abap_char_utilities=>cr_lf. 
    DATA : lv_carr_return TYPE char1,                                   
           lv_line_feed   TYPE char1.                                          
    lv_line_feed   = lv_carr_linefd(1).
    lv_carr_return = lv_carr_linefd+1(1).
  Note: IMP: The character in ' ' is not space but is a special
  character set by pressing ALT and +255 simultaneosly
    REPLACE ALL OCCURRENCES OF lv_line_feed IN l_string WITH ' '.
    REPLACE ALL OCCURRENCES OF lv_carr_return IN l_string WITH ' '.

• Password cache - for user identity that share the same application server

  I have different user identity that share the same application server passwords.
  When I create a password cache entry for an an application server I have to be specified the User identity for the application server. Is there a way to indicate multiple User identity in order to avoid to create different entry (one for each user identity)?

  No. An SGD user can only have a single username for an application server.
  There may be a way to craft a solution:
  - create several ENS application server objects pointing to the same real application server
  - cache different usernames against each ENS application server
  - create multiple, identical application objects, assigning a different application server to each, OR
  - create a single application object and assign all the ENS servers to it, along with the "SGD Broker" for dynamic launch.