Search code examples
jsfjava-ee-5j-security-checkuserprincipal

How to get number of connected users and their role using j_security_check?


I get the username of the connected user (using j_security_check) this way, through a managed bean:

......
    username =   FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal().getName();

And then display it in a jsf page this way : #{userBean.username} But I figured no way to get the number of connected users and get their role. In other words, I want to display besides the username, the user role and the number of connected users. How can I achieve this!? Thanks in advance for your help!

EDIT: I can now get the Role of the connected user, using a namedquery in a managed bean :

public Users getUserRole(){
      try {
            Users auser = (Users)
            em.createNamedQuery("Users.findByUsername").
                    setParameter("username", getRemoteUser()).getSingleResult();
            return auser; 
        } catch (NoResultException nre) {
            JsfUtil.addErrorMessage(nre, "getUserRole Error");
            return null;
        }

    }

and in the xhtml page:

<h:outputLabel for="rolefacet" value="Role: "/>
  <h:outputFormat id="rolefacet" value="#{UserBean.userRole.ugroup}" /> 

while ugroup is the role name in the Users entity class.


EDIT: One solution that still does not work for me is to add a HttpSessionListener to my web.xml:

package beans;

/**
 *
 * @author med81
 */

import java.io.Serializable;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import javax.servlet.http.HttpSession;
import java.util.List;
import java.util.ArrayList;

import javax.faces.context.FacesContext;


public class SessionCounter implements Serializable, HttpSessionListener {

    private List sessions = new ArrayList();
   Object  s =  FacesContext.getCurrentInstance().getExternalContext().getSession(false);

    public Object getS() {
        return s;
    }

    public void setS(Object s) {
        this.s = s;
    }


    public SessionCounter() {
    }


    public void sessionCreated(HttpSessionEvent event) {
        HttpSession session = event.getSession();
        sessions.add(session.getId());

        session.setAttribute("counter", this);
    }


    public void sessionDestroyed(HttpSessionEvent event) {
        HttpSession session = event.getSession();
        sessions.remove(session.getId());

        session.setAttribute("counter", this);
    }

    /**
     * 
     * @return size of the session list
     */
    public int getActiveSessionNumber() {
        return sessions.size();
    }


}

Solution

  • Here's a basic kickoff example how you could do it when you're on Servlet 3.0 and thus are able to utilize programmatic login by the new HttpServletRequest#login() API.

    The login form: login.xhtml

    <h:form>
        <h:inputText value="#{user.username}" />
        <h:inputSecret value="#{user.password}" />
        <h:commandButton value="Login" action="#{user.login}" />
        <h:messages />
    </h:form>
    

    The user manager bean: com.example.UserManager

    @ManagedBean(name="user")
    @SessionScoped
    public class UserManager implements Serializable {
    
        private String username;
        private String password;
        private User current;
    
        @EJB
        private UserService userService;
    
        @ManagedProperty("#{loginManager.logins}")
        private Set<User> logins;
    
        public String login() {
            FacesContext context = FacesContext.getCurrentInstance();
            HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
    
            try {
                request.login(username, password);
                current = userService.find(username, password);
            } catch (ServletException e) {
                // Unknown login. Will be handled later in current==null check.
            }
    
            if (current == null) {
                context.addMessage(null, new FacesMessage("Unknown login"));
                return null;
            } else {
                logins.add(current)
                return "home?faces-redirect=true";
            }
        }
    
        public String logout() {
            FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
            return "login?faces-redirect=true";
        }
    
        // ...
    }
    

    The logout (and session invalidate) listener: com.example.LogoutListener

    @WebListener
    public class LogoutListener implements HttpSessionListener {
    
        @Override
        public void sessionCreated(HttpSessionEvent event) {
            // NOOP.
        }
    
        @Override
        public void sessionDestroyed(HttpSessionEvent event) {
            UserManager userManager = (UserManager) event.getSession().getAttribute("user");
            if (userManager != null && userManager.getCurrent() != null) {
                userManager.getLogins().remove(userManager.getCurrent());
            }
        }
    
    }
    

    (Do not do this in logout() method! It's the session invalidation which triggers this, the session invalidation will take place when logout() is called OR when session has expired)

    In any logged-in view you can obtain the current user and the login count as follows:

    <p>Welcome, #{user.current.name}!</p>
    <p>Total logged in users: #{user.logins.size()}</p>