How to easily implement "who is online" in Grails or Java Application?

Question

I am building a community website in grails (using Apache Shiro for security and authentication system) and I would like to implement the feature "who is online?".

This url http://cksource.com/forums/viewonline.php (see snapshot below if you do not have acess to this Url) gives an example of what I would like to achieve.

How can I do that in the most simple way? Is there any existing solution in Grails or in Java ?

Thank you.

Snapshot : Snapshot of Who is online page http://www.freeimagehosting.net/uploads/th.2de8468a86.png or see here : http://www.freeimagehosting.net/image.php?2de8468a86.png

This URL requires a login, so it's useless for anyone who isn't or won't register on that site. — BalusC, Jul 17 '10 at 13:53

BalusC · Answer 1 · 2013-03-08T02:08:21.490

23

You need to collect all logged in users in a Set<User> in the application scope. Just hook on login and logout and add and remove the User accordingly. Basically:

public void login(User user) {
    // Do your business thing and then
    logins.add(user);
}

public void logout(User user) {
    // Do your business thing and then
    logins.remove(user);
}

If you're storing the logged-in users in the session, then you'd like to add another hook on session destroy to issue a logout on any logged-in user. I am not sure about how Grails fits in the picture, but talking in Java Servlet API, you'd like to use HttpSessionListener#sessionDestroyed() for this.

public void sessionDestroyed(HttpSessionEvent event) {
    User user = (User) event.getSession().getAttribute("user");
    if (user != null) {
        Set<User> logins = (Set<User>) event.getSession().getServletContext().getAttribute("logins");
        logins.remove(user);
    }
}

You can also just let the User model implement HttpSessionBindingListener. The implemented methods will be invoked automagically whenever the User instance is been put in session or removed from it (which would also happen on session destroy).

public class User implements HttpSessionBindingListener {

    @Override
    public void valueBound(HttpSessionBindingEvent event) {
        Set<User> logins = (Set<User>) event.getSession().getServletContext().getAttribute("logins");
        logins.add(this);
    }

    @Override
    public void valueUnbound(HttpSessionBindingEvent event) {
        Set<User> logins = (Set<User>) event.getSession().getServletContext().getAttribute("logins");
        logins.remove(this);
    }

    // @Override equals() and hashCode() as well!

}

edited Mar 08 '13 at 02:08

answered Jul 17 '10 at 13:57

BalusC

1,082,665
372
3,610
3,555

Perhaps also add a lease and refresh it upon user actions in order to filter out inactive sessions without proper logout. – b_erb Jul 17 '10 at 14:53
What if users don't logout explicitly but just close their browser? – Burt Beckwith Jul 17 '10 at 15:19
@Partly and @Burt: just hooking on servletcontainer-managed session destroy as described in the last paragraph is sufficient. – BalusC Jul 17 '10 at 16:01
@BalusC. Thank you for your answer. However, this will not work for returning users that have enabled the "Remember me" cookie, right ? – fabien7474 Jul 17 '10 at 16:17
@fabien: this will work. The "remember me" cookie doesn't rely on the session. The "remember me" logic usually checks the presence of both the long-living cookie and the logged in `User` and if the `User` is absent, then it will invoke the login (putting in session). You just hook (listen) on whatever method/approach it is using to login the `User`. – BalusC Jul 17 '10 at 16:19
@BalusC. I'll try your solution and update this thread on the results. Thank you very much. – fabien7474 Jul 18 '10 at 20:38
2

This solution doesn't work across server restarts if the web server is serializing and restoring sessions. Still looking for a workaround to this. – JMB Dec 06 '13 at 21:35
@BalusC If I go with the first approach, with HttpSessionListener, at what point do I set the "logins" attribute in the session? – madness Aug 22 '16 at 13:48
@madness: It's not set in session scope, it's set in application scope. Look, it's an attribute of `ServletContext`. Just do it during application init in some `ServletContextListener`, or manually when it's absent. Or, when you're using CDI, just use an `@ApplicationScoped` bean. – BalusC Aug 22 '16 at 13:50

score 2 · Answer 2 · answered Jul 17 '10 at 14:17

2

This has been discussed some time ago on the mailing list: http://grails.1312388.n4.nabble.com/Information-about-all-logged-in-users-with-Acegi-or-SpringSecurity-in-Grails-td1372911.html

answered Jul 17 '10 at 14:17

Stefan Armbruster

39,465
6
87
97

Thank you Stefan. However the thread you are pointing is about Spring Security and unfortunately I am using Shiro. – fabien7474 Jul 17 '10 at 16:14
Hi Fabien, I did not read that carefully enough - the link I've posted just works for acegi. – Stefan Armbruster Jul 18 '10 at 20:34

How to easily implement "who is online" in Grails or Java Application?

2 Answers2

Linked