-
1. Re: How to remove a logged user from security context?
6sic6 Apr 28, 2008 6:37 PM (in response to 6sic6)I mean.. remove programmatically a specific user from the security context
-
2. Re: How to remove a logged user from security context?
skajotde Apr 28, 2008 7:03 PM (in response to 6sic6)Maybe Identity.cear() ?
-
3. Re: How to remove a logged user from security context?
shane.bryzak Apr 29, 2008 1:45 AM (in response to 6sic6)Identity.unauthenticate() if you don't want to invalidate the user's session, otherwide use Identity.logout().
-
4. Re: How to remove a logged user from security context?
6sic6 Apr 29, 2008 10:30 AM (in response to 6sic6)Hy guys,
yes I know Identity.logout() method but I don't want to inalidate directly the current user..
I mean, I'm currently logged in as Admin and I'm blocking a specific User. Now I want to logout() this User form the context if he is logged in at the moment. If I try to call Identity.logout() I think that the Admin will be logged out and not the User..
So I need something to retrive the Identity of this User from the context and then call logout() on it I think...? -
5. Re: How to remove a logged user from security context?
shane.bryzak Apr 29, 2008 10:39 AM (in response to 6sic6)Ok, I see what you want now. The short answer is no, you can't reach across sessions to kill/modify something in someone else's session, the servlet container (and specification) prevents this. You could potentially
hack
something to achieve a similar result by having the admin user setting some flag somewhere and then using a servlet filter that checks the flag, and if it is set then invalidate that user. -
6. Re: How to remove a logged user from security context?
mcoffin Apr 29, 2008 4:45 PM (in response to 6sic6)Seam's security is lacking some features in this area.
You can probably do this if you implement Acegi and Spring.
Have a look at this article:
Acegi Concurrent Sessions (kicking logged in users)
Acegi has some nice features like limiting users to a single session.
If you using Rich Faces, you'll have to setup Acegi with JSF. There's plenty of articles on the net on how to do this.
Hopefully Seam can implement some of these features in the future.
-
7. Re: How to remove a logged user from security context?
shane.bryzak Apr 30, 2008 1:49 AM (in response to 6sic6)Feel free to raise this as a feature request in JIRA.
-
8. Re: How to remove a logged user from security context?
nuno.caneco Jun 19, 2008 6:13 PM (in response to 6sic6)I really needed that feature, also.
I looked up JIRA and didn't find any feature request.So I've reported a feature request in this JIRA Issue