How to prevent multiple login from a user in the same session in Wicket?
you can create a table in your database to hold the ids of logged in users.
when a user logs in check if his id is in said table
otherwise insert his id into that table.
you also need to remove the user's id from the table once user logs out
you can integrate spring security with wicket. Spring security handles it automatically.
Related
Good morning. Question scenario is as follows. Suppose an employee with a role goes to annual leave and he has an account in a spring boot application. How can I disable his user account so that logins fail at that time. How do I write the code? I'm using WebSecurityConfigurerAdapter but I failed to accomplish this task. I need sample working code using preferably Spring boot 2.6.* cause other resources I found on the net are using older versions.
Thanks in advance.
If you want to disable a user for a certain period of time where the user can not log in till u enable his ID, then I assume that u created a table of name "User" where you store all user credentials, specify two more columns "role" and "isActive(boolean)", in "role" column you can specify your role as ADMIN or ROLE_ADMIN and write a code with logic where an admin has all authorization, as an admin you can alter the data, before that you should write a code for only active users can log in, then as an admin, you can change the state from "true" to "false" in the specific user's "isActive" column, now the user only able to login if his "isActive" state is true.
you can ping me any time...
I want to create one login for my two laravel application, one on subdomain portal.mydomain.com and the other is app.mydomain.com (if not logged in, will redirect to portal.mydomain.com).
In this case, I try to use database driver, so I create table session with laravelish style.
When I login via portal.mydomain.com, I see session data on table session is updated like this :
|id|user_id|ip_address|user_agent|payload|last activity
|ec4156b47e3e527af871c7b4b688393aee631cda|9|(myipaddress)|(myuser_agent)|YTozOntzOjY6Il90b2tlbiI7czo0MDoiWnQ1OXpBNzhsZ3I4ZVJUc2tXeEtiTExkU1R6T1hHSUNBYWxrSU1obCI7czo5OiJfcHJldmlvdXMiO2E6MTp7czozOiJ1cmwiO3M6MzQ6Imh0dHA6Ly95ZHBidWRnZXQudGFuZ2tvdGEuY29tL3Rlc3QiO31zOjY6Il9mbGFzaCI7YToyOntzOjM6Im9sZCI7YTowOnt9czozOiJuZXciO2E6MDp7fX19|1503693006
And on portal application, it successful to login. But when I try to access app application, it updated column user_id set to NULL and the payload change and its force logout on portal application too.
Idk why its updated the value on session table when its should be put the value
I create an application with spring boot and Postgresql. I use Row Level Security of posgresql to "secure/limit" the data of connected user.
(I use JdbcInterceptor to add "set role" on each session and "reset role" after)
My problem:
I want to check duplicate before insert and duplicate can be on data which user cannot see.
For exemple, user can only access to his email, he can create a new email, but before create, if want to check if email doesn't exist in the database.
Do you have an idea how i can do that?
I am currently having a problem in implementing concurrent user session in spring mvc. My requirement is that "I have a web application which uses spring MVC, and I have my own login form and I have not implemented spring security yet(which means I have not configured any role based user restriction in my web application). I want only one user with same username to be logged in from a machine. I have surfed all over the net , but couldn't find any useful links nor example project(without role based).
My Requirement:
One user per session
No role based restriction
Have my own login form and once the user logs in , user object(which contains username an password) is stored in session object
If user tries to login for second time , previous user session should be terminated and new user(second user) should be allowed to home page.
Can some one please provide me a solution, links or example project for my requirement ? Many thanks in advance :)
Why not just go ahead and use Spring Security? It will take care of deactivating sessions for you. You can use your own login form and not restrict any of your endpoints based on roles.
You can configure the max number of sessions like so:
If one user have login in one computer or a browser,then he login in another computer/browser again,so the former login should be marked as invalid,is there any way to implement this?
One way it to set a cookie with a session id when they log in, and record the latest session id somewhere server-side (like a database) keyed by that user id. On any website access, verify it's the latest session for that user.