0

I have restricted my web application for time validity like 1 year on the basis of date. I maintain one table with purchase-date, expireydate, NumberofUsers and all this records in my table on the basis of this records, I validate web application for specific time period:

Timestampvalidity timestamp=timestampDao.findByUsername(username);  
        Date expdate=timestamp.getExpireyDtae();
           System.out.println(expdate);
        if(loginDate.before(expdate))
        {
            return true;
        }else
        return false;
    }

Using this function, I restrict for perticular user for valid timeperiod. Now I want to secure my web application for limited number of user accesss.
So how can I restrict my web application to provide this security?

  • You misspelled 'date' (twice?). Also, when writing code, make sure your code explains itself. Additionally, lower your cyclomatic complexity a bit by only performing one action in each method (IE have a separete method for `.getUserLoginTimestamp()` and `.getUserLoginCount()`, `etc...`) – Matthew Peters Sep 25 '15 at 12:39
  • No sir i am not misspelled date ,actually i validate the time validity what date is in table on the basis of date comparison i validate and work fine, but now i want to restrict the user for particular organization(each organization contain different user limit), so for limit the access to this user and give security, so i maintain one Table for that to save each user login date time, an his other detail. – sachin Sep 26 '15 at 12:58

1 Answers1

1

Perhaps the best way to limit users to n number of logins per year would be to simply collect, store, and compute on the login timestamp metadata.

For instance:

  • Each time username logs in, get the serverside timestamp.
  • Store this in a special area with the username. (I like noSQL DBs myself)
  • Keep storing these logins with timestamps.
  • When validating a user login, calculate the current timestamp minus the time restraint (IE a year) now check to see how many logins the username has within the range (time restraint <-> current time).

This method is scalable because you can call it with either the parameter looking up a certain username or without that parameter and thus grabbing all the users (you can sort by uniqueIds as well) which will give you the total number of unique users that have logged in within the time constraint -which seems to be the gist of your actual question.

Matthew Peters
  • 1,861
  • 2
  • 14
  • 16