Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Core >> Core APIs

Seperate instances of server class for authentication

I'd like to implement some form of authentication in my server class. I thought about adding a few login routines and while the client hasn't authenticated itself all calls to functions other than the login stuff will throw Exceptions.

However, as I understand from the (in my opinion chaotic documentation and tutorial) every UnicastRemoteObject class is instanced only once and after that every client will use a threaded version of that same class instance... This would mean that if one client logs in, all clients log in as the object doesn't distinguise between clients.

So I either need a way to instance the server class for every client or (perhaps even more graceful) use a Login class that spawns a server class as soon as the login has been accepted.

Unfortunately I can't find anything on the web or the forums about this (lotsa problems like mine but either unanswered or different enough to be less than helpful).

[957 byte] By [Berend_Dekensa] at [2007-10-2 0:04:14]
«« putting links of other pages on a jsp page
»» Decorator pattern in reading configuration
# 1

> I'd like to implement some form of authentication in

> my server class. I thought about adding a few login

> routines and while the client hasn't authenticated

> itself all calls to functions other than the login

> stuff will throw Exceptions.

> However, as I understand from the (in my opinion

> chaotic documentation and tutorial) every

> UnicastRemoteObject class is instanced only once and

> after that every client will use a threaded version

> of that same class instance.

No, you can have as many instances as you like but you have to start with a single object which is bound into the Registry. What you are after is a Session pattern like this:

public interface Login extends Remote

{

Session login(String credentials) throws RemoteException;

}

public interface Session extends Remote

{

/// ... whatever you want

}

then a singleton instance of LoginImpl is bound to the registry, the client retrieves it, tries to get a Session by logging in. The implementation of login() just looks like this:

public Session login(String credentials) throws RemoteException

{

// check credentials, RemoteServer.getClientHost() &c:

if not acceptable throw new AccessException();

// otherwise

return new SessionImpl(credientials);

}

Easy as pie.

ejpa at 2007-7-15 16:03:40 > top of Java-index,Core,Core APIs...
Core APIs

Core New Topic

Core Hot Topic

Core

All Classified