It is possible to limit access to the server?

corchi72 · 2012-06-26 08:26:38

I mean, I want to limit connections to the server to 5.10 concurrent users, it is possible?
I want to create a server with license

thanks

ab · 2012-06-26 15:21:43

What do you mean by "5.10 concurrent users"?

lele9 · 2012-06-26 18:09:32

hi corchi,
maybe you can check the users loggedin with session in the serverside.
Create a services that tell you if you can login.
the services can check if number of users logged <= MAX_LOGGED_USERS_LICENCE //this is a consts or variable that you can valorize serverside.
I think that can work.
Emanuele.

ab · 2012-06-26 19:14:24

@lele9 You are right, it could work as you explain it!

corchi72 · 2012-06-27 07:52:49

It is what I tried to do but I can not communicate with the server before they are connected with username and password,so before I must to do setUSer and after I can read the "Sessions.Count".

{Client}
function TFrmToolBarMain.ShowLogin( ADatabase:TSQLRestClientUri;UserName:String;Password:String):Boolean;
var
  AUser :TSQLUser;
  CheckLicense:RawUTF8;
begin
   result := false;

   if TLoginForm.Login('Login,'Insert username and password',UserName,Password,true,'') then
   begin
       result := ADatabase.SetUser(UserName ,PassWord);
       if result then
         if length(ADatabase.CallBackGetResult('CheckLicense',['LogonName',StringtoUTF8(UserName)]))=0 then
            Application.Terminate;
   end
end
....

{server}
function TFileServer.CheckLicense(
  var aParams: TSQLRestServerCallBackParams): Integer;
var
   sLogonName:RawUTF8;
   i:Integer;
begin

  SQLite3Log.Enter.Log(sllInfo,'Check License');
  if not UrlDecodeNeedParameters(aParams.Parameters,'LogonName') then begin
    result := 404; // invalid Request
    	  SQLite3Log.Enter.Log(sllInfo,'Invalid Request - 404');
    exit;
  end;
  while aParams.Parameters<>nil do begin
    UrlDecodeValue (aParams.Parameters,'LogonName=',sLogonName,@aParams.Parameters);
  end;

  SQLite3Log.Enter.Log(sllInfo,format('Read LogonName: %s',[sLogonName]));


  if (fSessions.Count>NumberUsers) then //const NumberUsers=5
  begin
      SQLite3Log.Enter.Log(sllInfo,'Superato numero massimo di accessi - 405');
      result := 405; // superato numero massimo di accessi
  end
  else
     begin
       SQLite3Log.Enter.Log(sllInfo,format('Accessi rimanenti: %d',[NumberUsers-fSessions.Count]));
       aParams.Resp := JSONEncodeResult([NumberUsers-fSessions.Count]);
       result := 200;
     end;
end;

lele9 · 2012-06-27 09:08:55

hi corchi,
yes, you must to login to comunicate with server, but where is the problem?
you can login, check license with service and, if necessary, logout.

another way it's to create two server.
one for configuration and license, and one for your application.
so you can login to "configuration_server" and check license, and if ok, login to "application_server".
But for me this solution its just a complication!

Emanuele.

corchi72 · 2012-06-27 10:20:55

ok
ok, thanks.

sorry i want to ask you how to close session user connection from client and from server

from client I close User connection with FreeAndnil(clientDB)
from server I close User connection with this code:

procedure TFrmServerManage.SessionClose(LogonName:RawUTF8;SessionID:cardinal);
var tmp: RawUTF8;
begin
  if (Client<>nil) and (Client.SessionUser<>nil) then begin
    // notify session closed to server
    Client.CallBackGet('auth',['UserName',LogonName,'Session',SessionID],tmp);

  end;
end;

is right?

lele9 · 2012-06-27 10:39:29

mmm...this is unnecessary for me...
to call a clientside service to logout the user you must know that client have a service with that name and that do exactly what you think to do...so you have the control of the client application.
if you have its unnecessary that you create a client service to logout the user, you can callback the server service from client with an out parameter and then logout the user.

another way, most interessant, is to able the server application to force logout a specific user, so you can check license onUserLogin and force logout if license is not valid, and the client don't must to know nothing.
In this case you, and me too can expose a real restful server without think if the client check or not the license, because the client simply dont know the license!

i hope that my idea its clear!my english isn't good...
ab you can help for this way?

Emanuele.

ab · 2012-06-27 11:05:17

If the authentication fails (e.g. if the number of sessions = number of connected users reaches a limit), it will be reported to the client, and connection will be lost.

I don't understand what you do with your "TFrmServerManage.SessionClose" method.
Sounds like if there is a confusion with Client and Server: there is no client instance on the server side, just sessions.

To delete an existing session, just delete its instance via TSQLRestServer.SessionDelete().
Be aware that access to the fSessions list is expected to be protected with a critical section lock:

EnterCriticalSection(fSessionCriticalSection);
try
  // access fSessions[] + SessionDelete
finally
  LeaveCriticalSection(fSessionCriticalSection);
end;

See TSQLRestServer.SessionGetUser for a code template.

lele9 · 2012-06-27 11:10:40

oh sessionDelete exists!great!
so its implementable all in the serverside.
client just do the autenthication without know nothing.

ab · 2012-06-27 11:21:32

Exactly

corchi72 · 2012-06-27 12:46:20

ok ok the my project is composed by :

1)client.exe
2)Server.exe
3)ServerManagement.exe it is realy a client, that I use to connect to server, where It show all SessionUsers into a listbox. In this listbox I select a item,and then I can to decide to close eventuali open sessions

So I must to ask to the server to close a session user from a client not from a Server

Thanks for your answers ab,lele9

ab · 2012-06-27 17:17:44

The easiest IMHO is to create a dedicated service in Server.exe to be accessed by ServerManagement.exe, able:
- To list all sessions;
- Delete a specified session.

Then add the GUI over this service.

corchi72 · 2012-06-28 07:50:32

thank, but There is already an example?

ab · 2012-06-28 09:17:47

No, sorry.

Use existing code of TSQLRestServer.SessionGetUser for a code template of session access.
And Service definition documentation and related samples.

guilhermeschenckel · 2019-04-10 19:17:59

Is there a way to know how many requests are pending?

mORMot Open Source

#1 2012-06-26 08:26:38

It is possible to limit access to the server?

#2 2012-06-26 15:21:43

Re: It is possible to limit access to the server?

#3 2012-06-26 18:09:32

Re: It is possible to limit access to the server?

#4 2012-06-26 19:14:24

Re: It is possible to limit access to the server?

#5 2012-06-27 07:52:49

Re: It is possible to limit access to the server?

#6 2012-06-27 09:08:55

Re: It is possible to limit access to the server?

#7 2012-06-27 10:20:55

Re: It is possible to limit access to the server?

#8 2012-06-27 10:39:29

Re: It is possible to limit access to the server?

#9 2012-06-27 11:05:17

Re: It is possible to limit access to the server?

#10 2012-06-27 11:10:40

Re: It is possible to limit access to the server?

#11 2012-06-27 11:21:32

Re: It is possible to limit access to the server?

#12 2012-06-27 12:46:20

Re: It is possible to limit access to the server?

#13 2012-06-27 17:17:44

Re: It is possible to limit access to the server?

#14 2012-06-28 07:50:32

Re: It is possible to limit access to the server?

#15 2012-06-28 09:17:47

Re: It is possible to limit access to the server?

#16 2019-04-10 19:17:59

Re: It is possible to limit access to the server?

Board footer