Kill sessions of a user

Consider the user story

As an admin, I want to be able to immediately block a user, so he/she can no longer access the data in the application

You could easily implement a blocking mechanism, using setting the boolean attribute Active in System.User to false.

Note: You could also implement a more sophisticated blocking mechanism yourself, by added your own attribute(s) to Administration.Account, an then do a check on these attribute when the user logs in, as explained in my previous post.

Then, the user will no longer be able to log in. So the user story is now done, right?

No, because  a user that is still logged in while the admin sets the block, will still have access as long as his/her session lasts.

That is why we will also need to kill the active sessions (there could even be more than one). In this post, I will create a Java action that does exactly that.

 

First, let’s create a microflow to disable the user. I will add a microflow button to the Account_Overview page in the Administration module, that calls the microflow BlockUser:

microflowbutton

The microflow first de-activates the user:

microflow1

Next I will add the java action KillActiveUserSessions to the project, with 1 parameter (the user’s Account) and a boolean a return type:

javaaction

Now we can call this Java action in the microflow, passing along the account to Java:

microflowcallingjava

Finally, we implement the Java action using Eclipse. Replace the line that throws the “Java action was not implemented”-exception with the following Java code:

// BEGIN USER CODE
java.util.Collection<? extends ISession> sessionList = Core.getActiveSessions();
boolean hadActiveSession = false;
for (ISession iSession : sessionList) {
  if (iSession.getUser().getName().equals(user.getName())) {
	Core.logout(iSession);
    hadActiveSession = true;
  }
}
return hadActiveSession;
// END USER CODE

Also, add the imports com.mendix.core.Core and com.mendix.systemwideinterfaces.core.ISession.

Now we finish the microflow by adding some messages that will be displayed to the admin:

microflowfinal

That’s it! Just watch out not to block your own account 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.