Limit user sso sessions
Hi
I'm not really sure if this is the right forum to post this question, but here it goes...
I would like to limit the sso sessions per user meaning that if a user logged in, throught a browser, to an application and if he opens another browser window, and tries to access the same application, instead of being redirect to the login page, he would be told that he already logged in!
I hope that I made myself clear
Thanks in advanced
Vitor
we had the same need but according to Oracle, this functionality is not integrated into the tool.
It could be done by programming (table WWCTX_SSO_SESSION$) but the user must disconnect himself properly from the application. If not (browser crash by example, ...), he will not be able to reconnect before a timeout (8 hours by default).
Regards,
Nicolas Stiévenard
Similar Messages
-
Hi folks
Using PHP/MySQL to allow the logged in user access to
protected pages it seems
that the default session which is established does not time
expire but remains
valid for the duration of that browser session.
What is the prescribed method for placing a time limit on a
given browser
session?
Thanks in advance for any pointers.
Ronnie MacGregor
Scotland
Ronnie at
dBASEdeveloper
dot co dot uk
www.dBASEdeveloper.co.ukRonnie:
Sorry for the delay in responding. To be honest, I'm not sure
how to do
this. 8(
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
==================
"Ronnie MacGregor" <[email protected]> wrote in message
news:[email protected]..
> Hi folks
>
> Using PHP/MySQL to allow the logged in user access to
protected pages it
> seems
> that the default session which is established does not
time expire but
> remains
> valid for the duration of that browser session.
>
> What is the prescribed method for placing a time limit
on a given browser
> session?
>
> Thanks in advance for any pointers.
>
> --
> Ronnie MacGregor
> Scotland
>
> Ronnie at
> dBASEdeveloper
> dot co dot uk
>
> www.dBASEdeveloper.co.uk
>
>
> -
Limit user session in ADF security
I want single user work in web application only with a single session at any time. How can I limit user sessions?
Hi,
+1. How can I override ADF security (based on JAAS) credentials checking mechanism j_security_check ?+
Why do you want to override this?
+2. How can I store users log-in log-out information in database? Which classess and which methods must be overriden? Can you show code sample of your realisation, please?+
Authentication is not handled by ADF but WebLogic Server. If you want to track database login information you will need to write a custom JAAS Login Module and configure it as an authentication provider in WLS
How can I check if user closed browser?
I would use a temporary cookie with no lifetime. This way, when the browser is closed, the cokie is unavailable, indicating that the user is good to login again. However, this then allows users to start 2 sessions using different browsers (again something you would need to check)
Frank -
Sso session timeout per partner application
Hello,
I was just wondering if it is possible to configure SSO session timeouts per partner application? I'm looking to log out users of a particular application after 15 minutes, but don't want this change to affect any of my other SSO enabled applications. Is this possible?
Thanks,Hi,
I do not think so, you can not specify specail parameter for one application in SSO.
Why because SSO is one component (within your Infra) through which you logon different apps.
Another solution may be it will expensive is that you 'll need to use different infra for this specific application.
Regards,
Hamdy -
SSO SDK does not monitor expired SSO sessions
I am currently integrating APEX 4.2 with Oracle Single Sign-on server 10g using the SSO SDK. I have configured multiple applications and I am able to authenticate with 1 then seamlessly authenticate into the others.
What I am attempting to resolve is the SSO SDK’s inability to detect when an SSO session has expired and requires re-authentication. The scenario is as follows:
1. SSO Global Inactivity Timeout set to 30 minutes.
2. APEX application Idle times set to 30 minutes.
3. Authenticate with SSO using Self Service Console.
4. Leave console idle for 30 minutes.
5. Click tab in Self Service console. Session expiry page displayed and user asked to re-authenticate.
6. Open partner APEX application. APEX session is not authenticated, so redirects to SSO server.
7. As the session has expired and requires re-authentication then user should be directed to login screen, but is authenticated and returned to the APEX application.
Is this expected behaviour with the SSO SDK and APEX?
Oracle’s recommendation is to incorporate the SSO SDK with Apex for SSO authentication. However, it seems like session management within the SSO SDK has been neglected. We really need someone at Oracle to provide best practise for APEX, SSO and session management.
Thanks in advanceScott,
Thanks for your reply. I double check instruction and re-done all steps. I try to start demo application (I didn't even go further tneh step 4 in Install.txt!)
from ...\ssosdk307_032101\demo\plsql\Readme.txt 5. To verify the web server setup, go to the following URL to see the test page:
http://<hostname>:<port>/pls/<dad_name>/<schema_name>.test_setup
, but I receive the same error messages in IE and in Apache error_logs.
I see at this point one weak area - this is DAD. As I understand I need to create dad in dads.conf, am I right?
Maybe I didn't created it right?
Could you post some working dad for SingleSignOn?
Thanks,
Sergiy -
Communications Express doesn't create access Manager SSO session
Hi all,
I'm running Communications Express, Sun Access Manager and Sun messaging server, each on seperate hosts.
Single Sign On works i.e. when users have a valid session and point their browser at the Communications Express URL they can access their mail, calendar and addressbooks without further ado.
When they don't have a valid session though and the users go to the Communications Express URL they get a username and password prompt. If they enter valid credentials they will be logged in, but the session created is only a local session, not an Access Manager SSO session. This behaviour has changed from the previous versions of Comm Exp which wouldn't work at all without SSO.
Is it possible to configure communications express to either redirect users to the Access Manager's authentication page or have Comm Exp create the SSO session on the users behalf?
TIA
Herman
Versions:
- Communications Express 6.3 update 1
- Sun Java(tm) System Messaging Server 6.3-4.01 (built Aug 3 2007; 32bit)
libimta.so 6.3-4.01 (built 17:13:29, Aug 3 2007; 32bit)Hi Shane,
as always your anwer is better then I could have expected. A more or less complete manual
just hours after asking my question. Thanks!
shane_hjorth wrote:
The cleanest solution I could develop to address the behavioural change was to
leverage a web-server policy agent to perform the redirections.
I wrote up a guide but never received any feedback unfortunately so results-may-vary.
I have republished this guide externally - feedback is welcome:
http://msg.wikidoc.info/index.php/AM_redirection_using_Policy_AgentTook me some time to implement, test and write feedback:
The setup we have is a little more complex then the a single box scenario you
have tested on:
From the internet working inwards we have load balanced
SSL accelerators (apache+SSL doing reverse proxy) in front of
dedicated application servers running communications express.
Mail is retrieved from separate mail-store clusters.
Access manager is configured similarly: load balanced SSL accelerators
in front of application servers running the login page (disributed
authentication UI). Those then talk to the access manager cluster.
Firewalls and access lists between each of those layers. None of the
applications can be accessed directly from the internet and they are
limited in what they can access in the DMZ as well.
I followed your recipe to the letter. After a bit of tweaking everything
worked like a charm. Policy agent installed and configured on the
SUN webserver where communications express is deployed.
Instructions were very good on detail and easy to follow.
We deploy uwc in the root of the server not in /uwc. Something I didn't notice right away.
It would seem that the policy agent expects the values com.sun.am.naming.url
(The URL for the Access Manager Naming service) and
com.sun.am.policy.am.login.url (The URL of the login page on the Access Manager
where users should enter their credentials) to be the same host.
In our setup the URL/host users have to use to log in can't be accessed by the policy agent.
The policy agent should verify sessions directly against the access manager cluster.
I played with some of the override settings in the policy agent configuration file but
without much success. Eventually I used the hostname our users have to use to log
in and abused the /etc/hosts file to map the external hostname to the internal address
of the access manager cluster. Users end up on the correct login page, and the policy
agent can verify the sessions. Ugly, but it works.
The other issue is that the policy agent redirects to:
com.sun.am.policy.am.login.url?goto=URL_Protected_by_Policy_Agent
When a users enters incorrect credentials they get the default login url, without the
goto parameter. (May be bug in access manager or by design...) After entering their
credentials correctly on their second or third try users won't be redirected back to UWC,
but will end up on the default page defined by their iplanet-am-user-success-url LDAP attribute.
I solved that in the policy agents configuration file by adding the gotoOnFail=URL in the
definition of com.sun.am.policy.am.login.url:
com.sun.am.policy.am.login.url = https://login.domain.com:443/amserver/UI/Login?gotoOnFail=https://uwc.domain.com:443When you enter incorrect credentials you'll be redirected back to uwc (where the policy agent
will again intercept you and send you on to the login page for your next try). May be more of
an issue in the policy agent then your manual.
Regards,
Herman -
How open multiple responsibilities in the same user login session in R12 ?
Dear All,
Can anyone help me to know how to open multiple responsibility in the same user login session in R12 ?
Thanks..
Edited by: G-oracle on Sep 18, 2011 11:22 AMCan anyone help me to know how to open multiple responsibility in the same user login session in R12 ?What do you mean by open multiple responsibilities in the same session? You can only see the menu of one responsibility at a time, so how to do you expect the application to let you see multiple responsibilities/menus in one session?
You could open another session and this way you can access more than one responsibility at the same time.
Thanks,
Hussein -
Hi,
We are using AS 10.1.3.5 to deploy our EAR.(platfoem is OEL 5)
In our EAR we are Hibernate 3.0 and Struts 2.0 Framework,using JDeveloper 10.1.3.5 and also we are using the SessionAware Interface of Struts 2 to implement session management.
We have configured this as a partner Application with SSO and OID(10.1.4.3) using "Note 403164.1 " and invoking AS 10.1.2 Reports from our EAR.
So,we need to use the same SSO session throughout our J2EE Application.
Where as we need to add some session attribute to the SSO session which we are picking from our custom db table and we need to use those session attributes throughout our application (as long as the SSO session is valid).
We do not have any idea on using this SSO sessions.(before making this a partner application we were using Servlet Sessions)
Please suggest how to set some attibutes in the SSO session and retireve the same in our EAR.
Edited by: Susmit on Jun 14, 2011 7:05 PMSusmit
There are 2 ways you will be configuring SSO in OHS of OAS.
Static and dynamic.
Which one you are using ?
If you are using dynamic i.e using java program, you have the control of the flow. You can make entries of that after successful authentication and delete the entries when the session expires.
You can always check the session status using java api.
If you are using static, you should have one servlet filter to track the session.
Regards
Chinna -
Upload file with iframe loos session user and session id in wwv_flow_files
Hello every one, hope someone could help us with this problem.
What we are trying to do is to upload a file from a jquery dialog in a appex page by redirecting the POST action of the wwvFlowForm to the iframe.
*1. In the javascript there is the function call to open my modal window with the input*
function add_fichier_form(numeroProjet,idCat){
$("#div_upload_fichier").dialog(
modal : true ,
autoOpen : false ,
resizable: false ,
width: 700
$('#div_upload_fichier').parent().appendTo('#div_base');
$('#upload_button').unbind('click').click(function(){
if ($('#P4010_FILE_FICHIER').val() != '') {
$('#upload_iframe_v2').unbind('load').load(function () {
$('#upload_status').html(' déplacement du fichier...');
// move the file
$('#upload_status').html('Fichier transféré avec succès');
//file transfer ok
//calling the javascript function to add everything in my own table;
//we see the file in the wwv_flow_file_objects$ without
add_fichier_form_db();
// set the form target to the iframe, submit, then remove the target
$('#wwvFlowForm').attr('target','upload_iframe_v2').submit().removeAttr('target');
$('#upload_status').html(' Téléchargement du fichier...');
}else {
alert('Veuillez sélectionner un fichier');
$("#div_upload_fichier").dialog("option", "title", "Ajout d'un fichier");
$("#div_upload_fichier").dialog("open");
}*2. At this point we see the file in the table but without the user and session credential*
select *
from wwv_flow_file_objects$
The result is that the field security_group_id is assign to 0 AND created_by = APEX_PUBLIC_USER
*3. add_fichier_form_db(); the javascript function making the ajax call to a procedure plsql*
function add_fichier_form_db(){
//alert ('Dasn fichier form db');
vNumeroProjet = document.getElementById('P4010_CAT_NUMERO_PROJET').value;
vIdCat = document.getElementById('P4010_CAT_ID').value;
vFichierNom = document.getElementById('P4010_NOM_FICHIER').value;
vFichierDesc = document.getElementById('P4010_DESC_FICHIER').value;
vFichierFile = document.getElementById('P4010_FILE_FICHIER_NAME').value;
var ajaxRequest = new htmldb_Get(null , 300, 'APPLICATION_PROCESS=ADD_FICHIER_FORM_DB', 4010);
ajaxRequest.add( "P4010_CAT_NUMERO_PROJET", vNumeroProjet);
ajaxRequest.add( "P4010_F_CAT_ID", vIdCat);
ajaxRequest.add( "P4010_FICHIER_NOM", vFichierNom);
ajaxRequest.add( "P4010_FICHIER_DESC", vFichierDesc);
ajaxRequest.add( "P4010_FILE_FICHIER_NAME", vFichierFile);
var gReturn = ajaxRequest.get();
if (gReturn){
$x("getlistfichier").innerHTML = gReturn;
closeForm();
}else{
alert ('Problèmes dans le call Ajax ADD_REPERTOIRE_FORM_DB \n La valeur retournée est: \n' + gReturn);
}*4. PLSQL PROCEDURE *
h1. WHEN the query is executing it's return ORA-01403: no data found. WHY ????
PROCEDURE P_ADD_FICHIER_FORM_DB(
P_NUMERO_PROJET number,
P_CAT_ID number,
P_FICHIER_NOM varchar2,
P_FICHIER_DESC varchar2,
P_FILE_FICHIER_NAME in varchar2)
AS
vNumeroProjet number;
vFichierNom varchar(255);
vFichierDesc varchar(2000);
vCatId number;
vActif number;
vDocSize number;
vNomUsager varchar(10);
vDateCreation date;
vFichierTypeId number;
vNomReel varchar2(1000);
vNomReel2 varchar2(1000);
vCurVal number;
BEGIN
SELECT FILENAME,DOC_SIZE,CREATED_ON
INTO
vNomReel,vDocSize,vDateCreation
FROM WWV_FLOW_FILES
WHERE FILENAME = P_FILE_FICHIER_NAME;
/*GET ERROR sqlerrm:ORA-01403: no data found */
END P_ADD_FICHIER_FORM_DB;h4. hope someone help us soon
Thanks in advance
jocelynFinally we find what was wrong so i give you the solution.
In the javascript on the function add_fichier_form
We need to append the div of the form to the default form of apex wwvFlowForm
so the line*
$('#div_upload_fichier').parent().appendTo('#div_base');
should be change to*
$('#div_upload_fichier').parent().appendTo('#wwvFlowForm');Edited by: jocbed on 2012-01-26 11:08 -
How to edit other user's session from a session id?
I want to ban a person on real time for example. Website's database ban checking is on the login level. So if i ban someone the user's session must be expired and relogin. But if i change user's session attiributes it will be real time ban.
Shortly how can i edit some user's session from their session ids.
Thanks
nullUse a filter and have it check with every page load (as one obvious solution).
-
TIPS(16) : PROVIDING USERS WITH SESSION INFORMATION
제품 : SQL*PLUS
작성날짜 : 1996-11-12
TIPS(16) : Providing Users with Session Information
===================================================
rem
rem orasessn.sql
rem
rem
rem This script is used to provide users with information regarding their
rem oracle sessions.
rem The USER_SESSION view provides information related only to the
rem current session for a user; while the ALL_SESSIONS relates to all
rem sessions within the database for a user.
rem The DBA_SESSION can only be viewed by the
rem Oracle sys id (and anyone granted select on this view).
rem The DBA_SESSION lists all oracle sessions excluding the Oracle
rem generic processes (dbwr, pmon, smon, etc.).
rem The SID and SERIAL# can be used with killing sessions.
This script must be run from the Oracle sys id.
rem --------------------------------------------------------------------------
rem
set echo on;
spool orasessn;
rem
drop public synonym ALL_SESSIONS;
create or replace view ALL_SESSIONS
(USERNAME, OS_USER, SID, SERIAL#, STATUS, SERVICE, DATABASE,
CURSORS, MACHINE, TERMINAL, PROGRAM)
as
select substr(v1.username,1,20), substr(v1.osuser,1,12),
to_char(v1.sid,'999'), to_char(v1.serial#,'999999'),
v1.status, v1.server, substr(v3.value,1,10), v2.value,
substr(v1.machine,1,15), v1.terminal, v1.program
from v$session v1, v$sesstat v2, v$parameter v3
where v1.username = user
and v2.sid = v1.sid
and v2.statistic# = 3
and v3.name = 'db_name' ;
grant select on ALL_SESSIONS to PUBLIC;
create public synonym ALL_SESSIONS for ALL_SESSIONS;
rem
drop public synonym USER_SESSIONS;
create or replace view USER_SESSIONS
(USERNAME, OS_USER, SID, SERIAL#, STATUS, SERVICE, DATABASE,
CURSORS, MACHINE, TERMINAL, PROGRAM)
as
select substr(v1.username,1,20), substr(v1.osuser,1,12),
to_char(v1.sid,'999'), to_char(v1.serial#,'999999'),
v1.status, v1.server, substr(v3.value,1,10), v2.value,
substr(v1.machine,1,15), v1.terminal, v1.program
from v$session v1, v$sesstat v2, v$parameter v3
where v1.audsid = userenv('SESSIONID')
and v2.sid = v1.sid
and v2.statistic# = 3
and v3.name = 'db_name' ;
grant select on USER_SESSIONS to PUBLIC;
create public synonym USER_SESSIONS for USER_SESSIONS;
rem
create or replace view DBA_SESSIONS
(USERNAME, OS_USER, SID, SERIAL#, STATUS, SERVICE, DATABASE,
CURSORS, MACHINE, TERMINAL, PROGRAM)
as
select substr(v1.username,1,20), substr(v1.osuser,1,12),
to_char(v1.sid,'999'), to_char(v1.serial#,'999999'),
v1.status, v1.server, substr(v3.value,1,10), v2.value,
substr(v1.machine,1,15), v1.terminal, v1.program
from v$session v1, v$sesstat v2, v$parameter v3
where v1.username is not null
and v2.sid = v1.sid
and v2.statistic# = 3
and v3.name = 'db_name' ;
rem -------------------------------------------------------------------
spool off;제품 : SQL*PLUS
작성날짜 : 1996-11-12
TIPS(16) : Providing Users with Session Information
===================================================
rem
rem orasessn.sql
rem
rem
rem This script is used to provide users with information regarding their
rem oracle sessions.
rem The USER_SESSION view provides information related only to the
rem current session for a user; while the ALL_SESSIONS relates to all
rem sessions within the database for a user.
rem The DBA_SESSION can only be viewed by the
rem Oracle sys id (and anyone granted select on this view).
rem The DBA_SESSION lists all oracle sessions excluding the Oracle
rem generic processes (dbwr, pmon, smon, etc.).
rem The SID and SERIAL# can be used with killing sessions.
This script must be run from the Oracle sys id.
rem --------------------------------------------------------------------------
rem
set echo on;
spool orasessn;
rem
drop public synonym ALL_SESSIONS;
create or replace view ALL_SESSIONS
(USERNAME, OS_USER, SID, SERIAL#, STATUS, SERVICE, DATABASE,
CURSORS, MACHINE, TERMINAL, PROGRAM)
as
select substr(v1.username,1,20), substr(v1.osuser,1,12),
to_char(v1.sid,'999'), to_char(v1.serial#,'999999'),
v1.status, v1.server, substr(v3.value,1,10), v2.value,
substr(v1.machine,1,15), v1.terminal, v1.program
from v$session v1, v$sesstat v2, v$parameter v3
where v1.username = user
and v2.sid = v1.sid
and v2.statistic# = 3
and v3.name = 'db_name' ;
grant select on ALL_SESSIONS to PUBLIC;
create public synonym ALL_SESSIONS for ALL_SESSIONS;
rem
drop public synonym USER_SESSIONS;
create or replace view USER_SESSIONS
(USERNAME, OS_USER, SID, SERIAL#, STATUS, SERVICE, DATABASE,
CURSORS, MACHINE, TERMINAL, PROGRAM)
as
select substr(v1.username,1,20), substr(v1.osuser,1,12),
to_char(v1.sid,'999'), to_char(v1.serial#,'999999'),
v1.status, v1.server, substr(v3.value,1,10), v2.value,
substr(v1.machine,1,15), v1.terminal, v1.program
from v$session v1, v$sesstat v2, v$parameter v3
where v1.audsid = userenv('SESSIONID')
and v2.sid = v1.sid
and v2.statistic# = 3
and v3.name = 'db_name' ;
grant select on USER_SESSIONS to PUBLIC;
create public synonym USER_SESSIONS for USER_SESSIONS;
rem
create or replace view DBA_SESSIONS
(USERNAME, OS_USER, SID, SERIAL#, STATUS, SERVICE, DATABASE,
CURSORS, MACHINE, TERMINAL, PROGRAM)
as
select substr(v1.username,1,20), substr(v1.osuser,1,12),
to_char(v1.sid,'999'), to_char(v1.serial#,'999999'),
v1.status, v1.server, substr(v3.value,1,10), v2.value,
substr(v1.machine,1,15), v1.terminal, v1.program
from v$session v1, v$sesstat v2, v$parameter v3
where v1.username is not null
and v2.sid = v1.sid
and v2.statistic# = 3
and v3.name = 'db_name' ;
rem -------------------------------------------------------------------
spool off; -
How to trace other user's session?
Dear Experts,
I would like to trace other user's session, I am on Oracle 10g R2 (10.2.0.4) on a Windows box. I did search on google and found tons of articles explaining about tracing techniques. But unfortunately, trace file is not getting generated in my case. Below are the steps I am following:
SQL> conn /as sysdba
Connected.
SQL>
SQL> select sid, serial# from v$session where username = 'TEST';
SID SERIAL#
38 17
SQL> show parameter user_d
NAME TYPE VALUE
user_dump_dest string C:\DB10G\UDUMP
SQL> show parameter timed_s
NAME TYPE VALUE
timed_statistics boolean TRUE
SQL>Connect a new SQL*Plus session as TEST and then
SQL> show user
USER is "SYS"
SQL>
SQL> select sid, serial# from v$session where username = 'TEST';
SID SERIAL#
19 24465
38 17
SQL> exec dbms_system.set_ev(38,17, 10046, 12, '');
PL/SQL procedure successfully completed.
SQL> exec dbms_system.set_ev(38,17, 10046, 0, '');
PL/SQL procedure successfully completed.
SQL> grant execute on dbms_system to test;
Grant succeeded.
SQL> exec dbms_system.set_ev(38,17, 10046, 12, '');
PL/SQL procedure successfully completed.in the new session (TEST):
SQL> select * from tab;
TNAME TABTYPE CLUSTERID
T TABLE
T3 TABLE
T1 TABLE
T2 TABLE
MYEMP TABLE
SQL>Yet, no trace file is generated in "C:\db10g\udump" folder.
C:\db10g\udump>dir
Volume in drive C is SYSTEM
Volume Serial Number is AC21-0462
Directory of C:\db10g\udump
12/15/2008 12:36 PM <DIR> .
12/15/2008 12:36 PM <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 9,891,508,224 bytes free
C:\db10g\udump>Your help/advice in this regard will be very helpful.
RegardsYou must be using shared server.
You can verify this by referring to the SERVER column of v$session.
In shared server several servers will execute your code, so that's why you don't find a trace file.
The method described in this article should work in your case also:
http://technology.amis.nl/blog/1794/how-to-trace-a-java-application-through-a-connection-pool-using-dbms_monitor-6
Hth
Sybrand Bakker
Senior Oracle DBA -
How do I limit user to put certain format in JTextField
I want to create a JTextField which will limit user to put date format only like (##/##/####) a date format. how do I do it? thanks
boosta,
Are you limited to a text based interface? I mean why not a visual calendar control?
I just googled "java calendar control" and came up with http://builder.com.com/5100-6370-1045263.html and http://www.toedter.com/en/jcalendar/ on the first page...
If you must use a JTextField you'll need to use EventListener(s) to filter keyboard input... I've never tried it... I've never had to.... and if this is not specific stated requirement then I'd drop it like a gun.
I (like many other users) hate fancy custom interfaces which don't behave as you expect... and I (like many other users) am just to lazy to RTFM.
keith. -
Remotely view web user's session
Okay, we have web users doing stuff on a website we host & control. Sometimes web users have trouble using the web/site. So they call for support and help getting them through some process (like making a payment over the web).
What the business wants (at an admin level) is the ability to see what the user sees. Not so much like Remote Desktop or whatever, but something non-obtrusive (no install to the client). The thought is currently that we could take the user's HttpSession object and expose it to an admin or support person, so that they can both go to the same page and see the same thing. This way, the admin can walk the user through the process quite smoothly.
We are using WebSphere so we can share sessions accross WARs, but not sure about doing so accross EARs. So we can store the user's session in the database, but can we pull it out and use it?
So how does this idea sound?
Is there a better approach?
Any major obvious gotchas?
All ideas welcome!Here is some prototype code that I fixed up. It will store the last jsp or servlet that the user has viewed but not html pages. Still working on that:
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class MyServlet extends HttpServlet {
public void init(ServletConfig config) throws ServletException {
super.init(config);
* Handles request posted by the client using "GET" method.
* @param request Object containing HTTP request from the client.
* @param response The response to be sent back to the client.
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
* Handles request posted by the client using "POST" method.
* @param request Object containing HTTP request from the client.
* @param response The response to be sent back to the client.
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
if (request.getParameter("fetchFile") != null) {
if (request.getParameter("user") == null) {
response.getWriter().print("No USER ID Supplied for fetch");
return;
System.out.println("Fetching file");
File file = new File("c:/temp/" + request.getParameter("user"));
FileReader fr = new FileReader(file);
int EOF = 0;
char[] cbuf = new char[1024];
response.getWriter().print("THIS IS THE FETCHED FILE <BR>");
while (fr.read(cbuf) != -1) {
response.getWriter().print(cbuf);
response.getWriter().print("<br>END OF FETCHED FILE <BR>");
return;
ServletOutputStream sos = response.getOutputStream();
sos.print("<html><head></head><body>");
sos.print("<p>output printed to the servletoutput stream<P>");
sos.print("</body></html>");
sos.close();
* MyFilter.java
* Created on November 2, 2005, 11:13 AM
package com.filter;
import javax.servlet.http.*;
import javax.servlet.*;
import java.io.*;
* @author Tolmke
public class MyFilter implements Filter {
// The filter configuration object we are associated with. If
// this value is null, this filter instance is not currently
// configured.
private FilterConfig filterConfig = null;
private static final boolean debug = false;
private long start = 0;
private long end = 0;
public MyFilter() {
private void doBeforeProcessing(ServletRequest request, ServletResponse response)
throws IOException, ServletException {
if (debug) log("MyFilter:DoBeforeProcessing");
System.out.print("In Filter ");
this.start = System.currentTimeMillis();
System.out.println((new java.util.Date()).toString() +
" start request ");
private void doAfterProcessing(ServletRequest request, ServletResponse response)
throws IOException, ServletException {
if (debug) log("MyFilter:DoAfterProcessing");
System.out.println("Completion Time = " + (System.currentTimeMillis() - start));
* @param request The servlet request we are processing
* @param result The servlet response we are creating
* @param chain The filter chain we are processing
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet error occurs
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
if (debug) log("MyFilter:doFilter()");
doBeforeProcessing(request, response);
Throwable problem = null;
MyResponseWrapper wrapper = new MyResponseWrapper((HttpServletResponse)response);
try {
chain.doFilter(request, wrapper);
if (wrapper.getMode() == 1) {
response.getOutputStream().println(wrapper.toString());
if (request.getParameter("user") != null) {
File file = new File("c:/temp/" + request.getParameter("user"));
BufferedWriter bw = new BufferedWriter(new FileWriter(file));
bw.write(wrapper.toString());
bw.close();
} else if (wrapper.getMode() == 2) {
response.getOutputStream().write(wrapper.getData());
if (request.getParameter("user") != null) {
File file = new File("c:/temp/" + request.getParameter("user"));
BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(file));
bos.write(wrapper.getData());
bos.close();
} else if (wrapper.getMode() == 0) {
System.out.println("DOING NOTHING");
catch(Throwable t) {
problem = t;
t.printStackTrace();
doAfterProcessing(request, response);
// If there was a problem, we want to rethrow it if it is
// a known type, otherwise log it.
if (problem != null) {
if (problem instanceof ServletException) throw (ServletException)problem;
if (problem instanceof IOException) throw (IOException)problem;
sendProcessingError(problem, response);
* Return the filter configuration object for this filter.
public FilterConfig getFilterConfig() {
return (this.filterConfig);
* Set the filter configuration object for this filter.
* @param filterConfig The filter configuration object
public void setFilterConfig(FilterConfig filterConfig) {
this.filterConfig = filterConfig;
* Destroy method for this filter
public void destroy() {
* Init method for this filter
public void init(FilterConfig filterConfig) {
this.filterConfig = filterConfig;
if (filterConfig != null) {
if (debug) {
log("MyFilter:Initializing filter");
* Return a String representation of this object.
public String toString() {
if (filterConfig == null) return ("MyFilter()");
StringBuffer sb = new StringBuffer("MyFilter(");
sb.append(filterConfig);
sb.append(")");
return (sb.toString());
private void sendProcessingError(Throwable t, ServletResponse response) {
String stackTrace = getStackTrace(t);
if(stackTrace != null && !stackTrace.equals("")) {
try {
response.setContentType("text/html");
PrintStream ps = new PrintStream(response.getOutputStream());
PrintWriter pw = new PrintWriter(ps);
pw.print("<html>\n<head>\n</head>\n<body>\n"); //NOI18N
// PENDING! Localize this for next official release
pw.print("<h1>The resource did not process correctly</h1>\n<pre>\n");
pw.print(stackTrace);
pw.print("</pre></body>\n</html>"); //NOI18N
pw.close();
ps.close();
response.getOutputStream().close();;
catch(Exception ex){ }
else {
try {
PrintStream ps = new PrintStream(response.getOutputStream());
t.printStackTrace(ps);
ps.close();
response.getOutputStream().close();;
catch(Exception ex){ }
public static String getStackTrace(Throwable t) {
String stackTrace = null;
try {
StringWriter sw = new StringWriter();
PrintWriter pw = new PrintWriter(sw);
t.printStackTrace(pw);
pw.close();
sw.close();
stackTrace = sw.getBuffer().toString();
catch(Exception ex) {}
return stackTrace;
public void log(String msg) {
filterConfig.getServletContext().log(msg);
* CharResponseWrapper.java
* Created on November 2, 2005, 11:09 AM
package com.filter;
import javax.servlet.http.*;
import javax.servlet.*;
import java.io.*;
* @author Tolmke
public class MyResponseWrapper extends HttpServletResponseWrapper {
private CharArrayWriter myOut = new CharArrayWriter();
private FilterServletOutputStream fos = new FilterServletOutputStream();
private int mode;
private int contentLength;
private String contentType;
public String toString() {
return myOut.toString();
public MyResponseWrapper(HttpServletResponse response){
super(response);
this.myOut = new CharArrayWriter();
public PrintWriter getWriter(){
this.setMode(1);
return new PrintWriter(this.myOut);
public ServletOutputStream getOutputStream()
throws java.io.IOException {
this.setMode(2);
return this.fos;
public byte[] getData() {
return this.fos.getData();
public void setContentType(String type) {
this.contentType = type;
super.setContentType(type);
public String getContentType() {
return this.contentType;
public int getContentLength() {
return contentLength;
public void setContentLength(int length) {
this.contentLength=length;
super.setContentLength(length);
public int getMode() {
return mode;
public void setMode(int mode) {
this.mode = mode;
* FilterServletOutputStream.java
* Created on November 2, 2005, 11:34 AM
package com.filter;
import javax.servlet.*;
import java.io.*;
* @author Tolmke
public class FilterServletOutputStream extends ServletOutputStream {
private ByteArrayOutputStream baos;
public FilterServletOutputStream() {
baos = new ByteArrayOutputStream();
public byte[] getData() {
return baos.toByteArray();
public void write(int b) throws IOException {
baos.write(b);
public void write(byte[] b) throws IOException {
baos.write(b);
public void write(byte[] b, int off, int len) throws IOException {
baos.write(b, off, len);
public void print(String s)
throws IOException
if(s == null)
s = "null";
int len = s.length();
for(int i = 0; i < len; i++)
char c = s.charAt(i);
if((c & 0xff00) != 0)
String errMsg = "err.not_iso8859_1";
Object errArgs[] = new Object[1];
errArgs[0] = new Character(c);
throw new CharConversionException(errMsg);
this.write(c);
-
Limit user login in multiple RODC
I have 2 RODC and a RWDC.i prepopulate some password on RODC1 And Some on RODC2 cache database. i already read this article http://www.frickelsoft.net/blog/?p=232
I want to limit user login in multiple RODC.(for example user1 can not login to os in different RODC).
So i want to know is there is a way to limit user to login just from its RODC cache database not RWDC active directory?(i want user in RODC1 cant not login to RODC2.How can i do this?)Hi,
Do you want to restrict users from logging into a client computer that belongs to another site? Or do you want the users to get authenticated only to the RODC's where their credentials cached?
If you configured your sites and services properly the clients will choose the DC belongs to their own site and subnet. DC locator is the service name which is responsible for assigning a logon DC to the client.If the DC's are in different sites you
can configure the sites and services to point the client to correct DC in a site. AD authentication always distributed based on the sites and services you configured.
You can configure ldapsrv records to authenticate against specific DC.
RODCs do not register Domain Name System (DNS) general records (records that are associated with the domain itself and not with a specific site), as read/write domain controllers (RWDCs) do. This is the default behavior of RODCs. Although you can tune an
RODC to register DNS general records, we recommend that you not change the default behavior.
The main impact of RODCs not registering DNS general records is that a client computer cannot find an RODC in its site without reaching an RWDC (that is, a domain controller that registers the general records) if the client computer does not have a record
for the name of the site where the client computer is placed.
Source: Placing Several RODCs in the Same Site
http://technet.microsoft.com/en-us/library/ee522995(WS.10).aspx
Domain Controller Locator : an overview
http://blogs.technet.com/b/arnaud_jumelet/archive/2010/07/05/domain-controller-locator-an-overview.aspx
LdapSrvWeight & LdapSrvPriority
http://blogs.dirteam.com/blogs/carlos/archive/2006/05/10/How-to-lessen-your-PDC_1920_s-load.aspx
http://technet.microsoft.com/en-us/library/cc816793%28WS.10%29.aspx
Regards,
Rafic
If you found this post helpful, please give it a "Helpful" vote.
If it answered your question, remember to mark it as an "Answer".
This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!
Maybe you are looking for
-
TS3694 ERROR 1611 WHATS THAT AND HOW DO I SOLVE IT
im getting error 1611 wen i try to restore my phone
-
Maximum import file size?
What is the maximum image file size one can import into LR?
-
I keep getting a message to update and download a new version of Adobe Flash Player I also received
I keep getting a message to downlod an updated version of Adobe Flash Player. I also received a notice to change my password because of phishing problems. I changed my password but should I download the different Flash Player or is that phishing al
-
HT2417 Iphone model MC608LL. Why won't it switch back to ringer from vibrate?
Have 3G Iphone model MC608LL. Why won't it switch back to ringer from vibrate? Local repair shop said it was a software issue. AT&T store said to back it up and update OS version. Did all that. The switch still won't take it off vibrate.
-
Why won't my mp3s import?
When I try to import an mp3 from the desktop of my Mac to my iTunes, there is no result. Does this have nothing to do with 'privileges?' I know nothing about them. The icons of the mp3s are the little iTunes symbol with an 'mp3.' Does that help? Any