0

I set security for web application with WildFly JAAS security domain. I have a page with some properties and want to make single user access to for this page.

example: /secured/property.xhtml Ted is login and went to this page. Other user can not login or can login but do not have access to this page an will be redirected to /secured/sorry.xhtml with "Sorry Ted now use property page". When Ted left the page Tobi access to this page and for other users access will be locked again and they will be redirected to sorry.xhtml page.

I was trying to make this with filter and singleton bean with user presence flag. but I failed because JAAS login interceptor works before my filter and user after login redirects on the page even if its in use.

How can I do such concurrency access?

Mr Blowder
  • 138
  • 2
  • 9
  • While your use-case seems convoluted, you should be able to get away with using an application-scoped bean to back the jsf page. In that bean, set a variable that indicates that the page is currently occupied by a user, and on page-load, check the value of that variable to determine whether or not you're going to allow access to that page – kolossus Jan 18 '15 at 19:05
  • omg its just so simple. I will hide content for other users with jsf "rendered" method in the page and show message "Sorry %username% now use property page" and thats all. Rendered attribute in panel tag will take boolean value from application-scoped singleton bean. Thank you for your help kolossus. – Mr Blowder Jan 18 '15 at 19:58
  • Just one off side correction : Application scoped beans do not mean that they are *singleton*. Although a single, application-wide instance exists for an application scoped bean, nothing can prevent you from creating more than one instance of an application scoped bean. A true singleton, on the other hand, is something which is completely different. – Tiny Jan 21 '15 at 03:54
  • What is the functional requirement of doing this? It implies that you want only a single user to access a particular page at any given point in time. If that page however, is attempted by other user(s), the access must be denied/delayed until the currently occupied page is released by the user in question. The situation is better handled by the server itself - in combination with OS. There should not be a need to deal with this kind of situations. What are the benefits of doing this? – Tiny Jan 21 '15 at 04:14
  • Thanks for correction, I used : Named Singleton AplicationScope. This page works with property file through several layers of abstraction. I want to prevent to use this file by few users in same time. – Mr Blowder Jan 21 '15 at 13:03

0 Answers0