ansaurus

Question

How to easily implement "who is online" in Grails or Java Application ?

Answer 1

+5 A:

You need to collect all logged in users in a Set<User> in the application scope. Just hook on login and logout and add and remove the User accordingly. Basically:

public void login(User user) {
    // Do your business thing and then
    logins.add(user);
}

public void logout(User user) {
    // Do your business thing and then
    logins.remove(user);
}

If you're storing the logged-in users in the session, then you'd like to add another hook on session destroy to issue a logout on any logged-in user. I am not sure about how Grails fits in the picture, but talking in Java Servlet API, you'd like to use HttpSessionListener#sessionDestroyed() for this.

public void sessionDestroyed(HttpSessionEvent event) {
    User user = (User) event.getSession().getAttribute("user");
    if (user != null) {
        Set<User> logins = (Set<User>) event.getSession().getServletContext().getAttribute("logins");
        logins.remove(user);
    }
}

You can also just let the User model implement HttpSessionBindingListener. The implemented methods will be invoked automagically whenever the User instance is been put in session or removed from it (which would also happen on session destroy).

public class User implements HttpSessionBindingListener {

    @Override
    public void valueBound(HttpSessionBindingEvent event) {
        Set<User> logins = (Set<User>) event.getSession().getServletContext().getAttribute("logins");
        logins.add(this);
    }

    @Override
    public void valueUnbound(HttpSessionBindingEvent event) {
        Set<User> logins = (Set<User>) event.getSession().getServletContext().getAttribute("logins");
        logins.remove(this);
    }

    // @Override equals() and hashCode() as well!

}

BalusC 2010-07-17 13:57:00

Perhaps also add a lease and refresh it upon user actions in order to filter out inactive sessions without proper logout.

PartlyCloudy 2010-07-17 14:53:48

What if users don't logout explicitly but just close their browser?

Burt Beckwith 2010-07-17 15:19:38

@Partly and @Burt: just hooking on servletcontainer-managed session destroy as described in the last paragraph is sufficient.

BalusC 2010-07-17 16:01:09

@BalusC. Thank you for your answer. However, this will not work for returning users that have enabled the "Remember me" cookie, right ?

fabien7474 2010-07-17 16:17:32

@fabien: this will work. The "remember me" cookie doesn't rely on the session. The "remember me" logic usually checks the presence of both the long-living cookie and the logged in `User` and if the `User` is absent, then it will invoke the login (putting in session). You just hook (listen) on whatever method/approach it is using to login the `User`.

BalusC 2010-07-17 16:19:57

@BalusC. I'll try your solution and update this thread on the results. Thank you very much.

fabien7474 2010-07-18 20:38:14

Answer 2

+1 A:

This has been discussed some time ago on the mailing list: http://grails.1312388.n4.nabble.com/Information-about-all-logged-in-users-with-Acegi-or-SpringSecurity-in-Grails-td1372911.html

Stefan 2010-07-17 14:17:42

Thank you Stefan. However the thread you are pointing is about Spring Security and unfortunately I am using Shiro.

fabien7474 2010-07-17 16:14:49

Hi Fabien, I did not read that carefully enough - the link I've posted just works for acegi.

Stefan 2010-07-18 20:34:48

ansaurus

tags:

views:

answers:

How to easily implement "who is online" in Grails or Java Application ?

related questions