tag:blogger.com,1999:blog-5396570633771229267.post5249522682719920104..comments2024-03-29T08:43:05.719+01:00Comments on The BalusC Code: User session filterBalusChttp://www.blogger.com/profile/00299057045960008647noreply@blogger.comBlogger26125tag:blogger.com,1999:blog-5396570633771229267.post-488566879716377912017-08-13T13:25:43.242+02:002017-08-13T13:25:43.242+02:00Hi, I'm following this tutorial and trying to ...Hi, I'm following this tutorial and trying to understand section below <br />if (userSession == null) {<br /><br /> // No ID found in cookie, or no UserSession found in DB.<br /> // Create new UserSession.<br /> // Do your "INSERT INTO UserSession VALUES values" thing."<br /><br /> ......<br /> ......<br />}<br />If there's no UserSession in the DB why are CPereranoreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-91732200042514314502014-05-13T11:45:38.605+02:002014-05-13T11:45:38.605+02:00Hi, I'm new to java servlet/JSP developing but...Hi, I'm new to java servlet/JSP developing but i need to create a web site for a course of my university. I found this tutorial very good but i have a problem, this code is for JSF can i use it in a JSP/Servlet (MVC) website?? For what i understand filters are compatible with my problem but i don't understand how to adapt the final part.<br /><br />Thanks Diego,<br />Sorry for my english,Anonymoushttps://www.blogger.com/profile/00791102962214564020noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-27008165416564073102012-09-05T10:31:32.864+02:002012-09-05T10:31:32.864+02:00Hi
It's an old post but hopefully you're ...Hi<br /><br />It's an old post but hopefully you're still answering questions.<br /><br />I'm trying to understand how it's meant to work in general and if I've understood correctly the goal of the filter is to get/create and save the userSession to the HttpSession if it doesn't exist or else just continue.<br /><br />This will happen for each and every request so even cerebushttps://www.blogger.com/profile/03587317814922974731noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-15356650077217898352012-09-05T10:02:25.913+02:002012-09-05T10:02:25.913+02:00This comment has been removed by the author.Anonymoushttps://www.blogger.com/profile/14557622138930847036noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-13470509668296459682012-08-09T12:14:17.848+02:002012-08-09T12:14:17.848+02:00Hi..
How to avoid externally created session ident...Hi..<br />How to avoid externally created session identifiers in jsf 2.0. I'm getting "Do not accept externally created session identifiers" and "Session Identifier Not Updated" issues during security audit run on my jsf web application. Please help me...Anonymoushttps://www.blogger.com/profile/18413949213967734448noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-53515080383381389592010-12-31T03:36:32.899+01:002010-12-31T03:36:32.899+01:00@Sam: use DATE or DATETIME type for dates or date+...@Sam: use DATE or DATETIME type for dates or date+time and create a new table for User which you reference as FK on usersession table.BalusChttps://www.blogger.com/profile/00299057045960008647noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-23574650313793486512010-12-09T16:55:36.191+01:002010-12-09T16:55:36.191+01:00Hi, firstly thankyou for all the tutorials on here...Hi, firstly thankyou for all the tutorials on here, they are very useful. I have a question regarding the DTO for a usersession. The dto contains Dates & User objects, what is the best way to represent these in a MySQL table ? Implementing serializeable seems like a over complicated way of doing things and so I feel I am missing the easy answer.Unknownhttps://www.blogger.com/profile/13268361822673739162noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-55505147442042712892010-10-07T10:08:39.137+02:002010-10-07T10:08:39.137+02:00Hey Balusc!
Thx for your great Tutorial and all y...Hey Balusc!<br /><br />Thx for your great Tutorial and all your shared JSF-Knowledge ;-)<br /><br />Is this still an up to date way to do User Authentification and Security or would you recommend another way in our year 2010 with jsf-2.0?Tobihttps://www.blogger.com/profile/11051865810527660823noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-67926893947943705842010-09-29T15:29:40.327+02:002010-09-29T15:29:40.327+02:00Hi.
I would like to know how to face the next pro...Hi.<br /><br />I would like to know how to face the next problem. The user close the browser, so all the logic is skipped.<br /><br />For example: in a bank application the web page works exactly the same when the user logout using the button or closing the browser.<br /><br />Any idea to control this stuff???<br /><br />Thanksdavidhttps://www.blogger.com/profile/11056448018382810822noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-81889281964277322062010-04-30T15:30:35.021+02:002010-04-30T15:30:35.021+02:00I'm not using it in a panelGroup, instead i us...I'm not using it in a panelGroup, instead i use the #{sessionBean.isLoggedIn} in f:view. But i tried in h:form. I'll try to use it in panelGroup to see if he allows me to call a non-string function. But i saw in JSF API that h:panelGroup also has java.lang.String as type for rendered so im hopeless lol.<br /><br />Regarding to the cache, i tried that also, but the browser seems to ignore solidformshttps://www.blogger.com/profile/11973247863501626891noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-63684054562892349362010-04-29T23:41:08.381+02:002010-04-29T23:41:08.381+02:00@Solidforms: 1) that was a typo in the code. It sh...@Solidforms: 1) that was a typo in the code. It should be `#{userSession.loggedIn}`. 2) disable browser caching by setting the response headers accordingly. You can find here an overview: http://stackoverflow.com/questions/49547/making-sure-a-web-page-is-not-cached-across-all-browsers/2068407#2068407BalusChttps://www.blogger.com/profile/00299057045960008647noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-44699544409451418302010-04-29T23:13:47.468+02:002010-04-29T23:13:47.468+02:00Hi Mr BalusC i followed your tutorial and everythi...Hi Mr BalusC i followed your tutorial and everything is woriking perfectly. However i have two problems.<br />1st:<br />If i call in rendered a isLogged as boolean it gives me a ServletException: Property not found for type... Can you help me solving this?<br />2nd:<br />how do you handle the back button of the browser? i have the request bean and the session bean, but after login if i go back itsolidformshttps://www.blogger.com/profile/11973247863501626891noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-16148960959111776872010-03-30T23:42:03.839+02:002010-03-30T23:42:03.839+02:00Hi! Great example. Was very useful to me. I'm...Hi! Great example. Was very useful to me. I'm having some problems on my JSF application in the Filter, maybe you can helpme a little. I have a filter similar to yours, but when I use it, the getRequestURI() method always have the source URI, not the one where I'm trying to go. So I can't validate. Do you know what could be happening? Thanks!Tatuinfhttps://www.blogger.com/profile/00503817027415229390noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-91954898348911336492010-03-30T23:41:17.096+02:002010-03-30T23:41:17.096+02:00Hi! Great example. Was very useful to me. I'm...Hi! Great example. Was very useful to me. I'm having some problems on my JSF application in the Filter, maybe you can helpme a little. I have a filter similar to yours, but when I use it, the getRequestURI() method always have the source URI, not the one where I'm trying to go. So I can't validate. Do you know what could be happening? Thanks!Tatuinfhttps://www.blogger.com/profile/00503817027415229390noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-58488664510091910712009-08-02T02:03:27.088+02:002009-08-02T02:03:27.088+02:00Thanks for nice Article.
I wonder if it is possib...Thanks for nice Article.<br /><br />I wonder if it is possible to integrate this "session filter" in an application that relies on container-managed security like Tomcat 6.<br /><br />If its not possible, as (per my info) j_security_check login page couldn't be intercepted by filters. <br /><br />What could be other ideal solution to manage security inside a web- app and still use Jaleadhttps://www.blogger.com/profile/18295358026348998332noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-79660546934887309682009-07-03T13:14:23.226+02:002009-07-03T13:14:23.226+02:00You need to cast the Object back to User. And when...You need to cast the Object back to User. And when you want to get something meaningful when you do System.out.println(user), then you need to override toString() method.BalusChttps://www.blogger.com/profile/00299057045960008647noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-77571635657090234332009-07-03T05:24:49.085+02:002009-07-03T05:24:49.085+02:00Hi BalusC, i got a problem even if the user have l...Hi BalusC, i got a problem even if the user have login the userSession wont give me null value but it return me something like this bean.User@1777b1.Bloggerhttps://www.blogger.com/profile/08885310029311473366noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-20035853781219561192009-06-30T03:52:48.607+02:002009-06-30T03:52:48.607+02:00Ohhh thanks, i understand alreadyOhhh thanks, i understand alreadyBloggerhttps://www.blogger.com/profile/08885310029311473366noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-8539947515978460112009-06-29T13:08:36.993+02:002009-06-29T13:08:36.993+02:00If you don't need the "Remember me" ...If you don't need the "Remember me" thing, then this whole article is in fact irrelevant for you. <br /><br />In your case on login you just need to put the User object in HttpSession. On logout just remove the User object from HttpSession. The session timeout on its turn can be configured in web.xml.BalusChttps://www.blogger.com/profile/00299057045960008647noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-57946328383225136492009-06-29T07:07:15.632+02:002009-06-29T07:07:15.632+02:00Hi, I have read your User session filter post, If ...Hi, I have read your User session filter post, If I don't implement the cookies (Remember Me in this computer), Can it still done in this way? I only want the user logout or close the browser or in certain period let say 30 min then destroy the session. <br />And stored the session id inside the database will this more secure? I dont really understand why store the session id inside the Bloggerhttps://www.blogger.com/profile/08885310029311473366noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-5337487072871461772008-06-28T08:12:00.000+02:002008-06-28T08:12:00.000+02:00Hi, i use the same code and use JSP as front, but ...Hi,<BR/> i use the same code and use JSP as front, but it doesn't works fine for me.. Can u help me?Anonymoushttps://www.blogger.com/profile/14448663957692616817noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-74983237899534308722008-06-16T13:37:00.000+02:002008-06-16T13:37:00.000+02:00This kind of code doesn't belong in JSP. You can j...This kind of code doesn't belong in JSP. You can just write SQL code in the DAO class and this can be done for any database server who has a JDBC driver available. See my previous comment for the links.BalusChttps://www.blogger.com/profile/00299057045960008647noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-7581403915258380802008-06-16T11:57:00.000+02:002008-06-16T11:57:00.000+02:00Hi BalusC, I watch your code where you did ...Hi BalusC,<BR/> I watch your code where you did it using DAO. Can i do it using MySQL???? and i want to code it in JSP... Could i use the same bean class that to use it in JSP..<BR/><BR/>Thanks in advance<BR/><BR/>P.B.RajkumarAnonymoushttps://www.blogger.com/profile/14448663957692616817noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-28321344046093142702008-06-02T06:11:00.000+02:002008-06-02T06:11:00.000+02:00Ohh, i understood what DAO is mean :D, sorry for m...Ohh, i understood what DAO is mean :D, sorry for my bad java.<BR/>Thanks balusc!Unknownhttps://www.blogger.com/profile/13112013426430027751noreply@blogger.comtag:blogger.com,1999:blog-5396570633771229267.post-87920450875587330292008-05-31T13:35:00.000+02:002008-05-31T13:35:00.000+02:00Also read the code comments to understand what you...Also read the code comments to understand what you should be doing. For example: "// Do your "SELECT * FROM UserSession WHERE SessionID" thing.". Learn <A HREF="http://java.sun.com/docs/books/tutorial/jdbc/index.html" REL="nofollow">JDBC</A> and <A HREF="http://www.w3schools.com/sql/default.asp" REL="nofollow">SQL</A> and write a DAO (Data Access Object) class which does the task. In this exampleBalusChttps://www.blogger.com/profile/00299057045960008647noreply@blogger.com