Strategy when retrieving user name from session

Question

I have a technical problem and I am not sure about the correct way to solve:

In a web page I am developing, I have to store the current user name from session (the person who is logged in) to "stamp" an action. (For instance, "The user created this file on "). My algorithm retrieves the user name from session but it obviously changes for each user. Therefore, the is always been the one of the user logged in, and not the creator name.

Any hint anyone?

Thanks!

Answer 1

So logically these are the steps you want?

• User1 logs in
• User1's name gets stored in Http session
• User1 creates File42
• System stores in database that User1 created File42 on Timestamp257
• User1 logs out
• User 2 logs in
• User2's name gets stored in Http session
• User2 views information about File42
• System reads from database that User1 created File42 on Timestamp257
• System displays information to User2

I think you might be missing the part where the system stores stuff (e.g. in a database).

EDIT: If you don't need persistence you could store shared data in the ServletContext. Note this is not a serious solution but could be used for a quick prototype or demo. Don't even think about doing this in production, it's got issues.

In your servlet do:

private static Map<String, FileData> fileAccess;

private class FileData {
    String userName;
    Date timeStamp = new Date();;
    String fileName;
    FileData(String userName, String fileName) {
        this.userName = userName;
        this.fileName= fileName;
    }
}

public void init(ServletConfig config) {
    String attributeKey = "fileAccess";
    fileAccess = config.getServletContext().getAttribute(attributeKey);
    if (fileAccess == null) {
        fileAccess = new HashMap<String, FileData>();
        config.getServletContext().setAttribute(attributeKey, fileAccess);
    }
}

// in this example a POST means a user accesses a file
public void doPost(HttpServletRequest req, HttpServletResponse resp) {

    // get the user name from the current session
    String userName = req.getSession().getAttribute("userName");

    // get the file name from the request (posted from the file access form)
    String fileName = req.getParameter("fileName");

    // check if we have the necessary data
    if (userName == null || fileName == null) {
        resp.getWriter().write("Invalid file access request");
        resp.getWriter().flush();    
        return;
    }

    // create and fill file data wrapper
    FileData fileData = new FileData(userName, fileName);

    // store the file data in the shared fileAccess map.
    // synchronized to block simultaneous acccess from different threads
    synchronized (fileAccess) {
        // note: any previously stored FileData object gets replaced
        fileAccess.put(fileName, fileData);
    }

    // display the result to the user
    display(fileData, resp);
}

// in this example a GET means a user views a file
public void doGet(HttpServletRequest req, HttpServletResponse resp) {

    // get the file name parameter from the request (sent as part of the view-file request)
    String fileName = req.getParameter("fileName");

    // check if we have the necessary data
    if (fileName == null) {
        resp.getWriter().write("Invalid view file request.");
        resp.getWriter().flush();    
        return;
    }

    // get the file data from the shared fileAccess map.
    // synchronized to block simultaneous acccess from different threads
    synchronized (fileAccess) {
        FileData  fileData = fileAccess.get(fileName);   

        // display the result to the user
        display(fileData, resp);
    }
}

private void display(FileData fileData, HttpServletResponse resp) {
    resp.getWriter().write("File accessed:");
    resp.getWriter().write("User: " + fileData.userName);
    resp.getWriter().write("File: " + fileData.fileName);
    resp.getWriter().write("Timestamp: " + fileData.timeStamp);
    resp.getWriter().flush();  
}