We need to implement a security enabling a user to be logged only in one session. We will either prevent him to log twice or kill any other session on login.

Is there already something to support that (aka sessiob listener or session filter).

asked 09.12.2016 at 21:54

RemiMorin's gravatar image

accept rate: 50%

The following utility methods returns you requested informations, so they could be called on login. Please note, that is makes use of internal APIs.

package internals;

import java.util.List;
import java.util.concurrent.Callable;
import java.util.stream.Stream;

import org.apache.commons.lang.StringUtils;

import ch.ivyteam.ivy.security.ISecurityManager;
import ch.ivyteam.ivy.security.ISession;
import ch.ivyteam.ivy.security.internal.SecurityManager;

public class SessionUtils {
    public static boolean isUserLoggedInInOtherSessionAsSystem(String userName) {
        return executeAsSystem(() -> isUserLoggedInInOtherSession(userName));

    public static boolean isUserLoggedInInOtherSession(String userName) {
        return getOtherSessionOfUser(userName).findFirst().isPresent();

    public static void logoutUserFromOtherSessionsAsSystem(String userName) {
        executeAsSystem(() -> logoutUserFromOtherSessions(userName));

    public static Void logoutUserFromOtherSessions(String userName) {
        getOtherSessionOfUser(userName).forEach(session -> session.logoutSessionUser());
        return null;

    public static Stream<ISession> getOtherSessionOfUser(String userName)
        if (StringUtils.isBlank(userName)) {
            return Stream.empty();
        ISecurityManager securityManager = SecurityManager.getSecurityManager();
        ISession currentSession = securityManager.getCurrentSession();
        List<ISession> allSessions = securityManager.getSessions();
        return allSessions.stream()
                .filter(session -> session != currentSession)
                .filter(session -> userName.equals(session.getSessionUserName()));

    private static <R> R executeAsSystem(Callable<R> callable)
        try {
            return SecurityManager.getSecurityManager().executeAsSystem(callable);
        } catch (Exception e) {
            throw new RuntimeException(e);

answered 13.12.2016 at 09:47

Flavio%20Sadeghi's gravatar image

Flavio Sadeghi ♦♦
accept rate: 75%

You could implement an ch.ivyteam.ivy.security.ISessionExtension for that. It can be registered on the SecurityManager e.g.

SecurityManager.getSecurityManager().addSessionExtension(ISessionExtension ext)

answered 13.12.2016 at 11:37

Reguel%20Wermelinger's gravatar image

Reguel Werme... ♦♦
accept rate: 70%

Thanks for answer, I'm going that way, is there a specific place to set this configuration? something getting called at application startup.

(14.12.2016 at 21:25) RemiMorin RemiMorin's gravatar image

You could use an automatically started process for the registration. Similar as described here: http://answers.axonivy.com/questions/1938/how-can-we-use-global-variable-in-automatic-process-element

(15.12.2016 at 08:46) Reguel Werme... ♦♦ Reguel%20Wermelinger's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 09.12.2016 at 21:54

Seen: 813 times

Last updated: 15.12.2016 at 08:46