How to extend HttpServletRequestWrapper ?
I'd like to create a class that extends HttpServletRequestWrapper in order to store the instances of this class, that are HttpServletRequest objects, as values on an Hashtable.
My problem is that HttpServletRequestWrapper has only one constructor, with an HttpServletRequest object as parameter.
So if I extend HttpServletRequestWrapper like this it doesn't compile:
--
public class MyHttpRequest extends HttpServletRequestWrapper
{
public HttpRequest(HttpServletRequest request)
{
}
}
--
The compiler message is that it cannot resolve constructor: HttpServletRequestWrapper()
I Hope somebody could help!
Peppe.
[699 byte] By [
ytsejama] at [2007-10-2 5:33:53]
Ok the problem is the following:
I'd like to create an exclusive access to a site.
I want, for example, that if "John Smith" authenticate to the site using 'user' as login and 'user' as password from browserA, nobody else can authenticate with the same login and password from another browser window, until John Smith from browserA logs off,or until his session has been invalidated for a timeout, or UNTIL HE CLOSES THE BROWSER!
So I created a public static Hashtable variable (that all the thread can access) on the AuthenticationServlet with the logins of the users that successfly authenticated as KEYS, and the respective HttpServletRequest object (that have a session inside) as VALUES of the Hashtable!
Here I use an extension of HttpServletRequestWrapper.
Because HttpServletRequest objects don't subclass Object I cannot put them in an Hashtable so I need something that do that, and I got MyHttpRequest.
Here is a part of the servlet code that controls if
the session ID associated with the old request (the request that successfly authenticated the client) is still valid or not. If it is I do not authenticate the new client that is trying to login with same login, if it's not I do authenticate the new client...take a look...
-
public class AuthServlet extends HttpServlet {
public static Hashtable REQUESTS = new Hashtable();
............
............
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
............
............
............
//suppose that here I already checked that login and password are correct
MyHttpRequest newRw = new MyHttpRequest(request);
if(REQUESTS.containsKey(login))
{
MyHttpRequest oldRw = (MyHttpRequest) REQUESTS.get(login);
/*
*Here is the problem: hsr is no longer an HttpSerlverRequest with
*all parameters that were inside it, but just something with an empty
*header and no parameters, what follows is that
*isRequestedSessionIdValid method always returns false even if the
*user is still authenticated.
*/
HttpServletRequest hsr = (HttpServletRequest) oldRw.getRequest();
boolean isValid = hsr.isRequestedSessionIdValid();
if(isValid)
{
error = "User already authenticated";
String url="/LoginArea.jsp";
request.setAttribute("error", error);
ServletContext sc = getServletContext();
RequestDispatcher rd = sc.getRequestDispatcher(url);
rd.forward(request, response);
return;
}
else
{
REQUESTS.remove(login);
REQUESTS.put(login, newRw);
}
}
else
{
REQUESTS.put(login, newRw);
}
}
I know the problem is not easy to explain...but I did my best even though I'm italian...sry :)
Hope u can help!
Peppe.
How could I put an HttpServletRequest object in an Hashtable or an HashMap?
HttpServletRequest objects don't extends Object but just ServletRequest, and ServletRequest does not extend Object !!!
As the good Doctor has indicated, everything (except interfaces) extends object. The actual hierarchy would be:
HttpServletRequestWrapper
Object
The interface hierarchy is:
HttpServletRequest
ServletRequest
For a typical web container, the hierarchy would (probably) look something like this:
org.apache.catalina.connector.RequestFacade
java.lang.Object
- Saish
>Then when the session times out and the user objetc is removed from the session you can catch the event and remove that user object from the hashtable.
The question is: session objects are unbound even when the client closes the browser?
If it is so HttpSessionBindingListener will catche even this event and I'll find no matter!
But if it is not I can use as SAISH suggested catalina.jar package...I took a look there and I found all the utilities to check if I Session ID is still valid on the webserver like this method
public Session findSession(java.lang.String id)
It returns the active Session, associated with this Manager, with the specified session id (if any); otherwise return null.
this is a method of org.apache.catalina.Manager interface and is what I was looking for! (thx Saish)
Do u guys think it will work just on apache web servers?I guess so...
Thx u all!
Pe
