Hi,
Here's the dilemma that I am facing and I am looking for your experiences and recommendation.
I need to expose a lot of methods (over 200 with over 20 custom types). The business logic on the server is implemented, very modular, such as SessionModule, FileModule, UserModule, etc.
There are other in-process applications that call these API's directly. Now, for remoted clients I can do one of 2 things:
1) Have one huge interface/web service that lists all these methods and their implementation calls to the right module.
2) Create a set of modular interfaces/web services, one for each module. In this case, the client would have to authenticate and start a session via the SessionModule before it can make use of any of the other modules (same for #1 above, the client would have to call the right auth method before it can call any other methods).
Authentication will NOT be done at the transport level (HTTP), but rather by calling a method in the session module to start a session and stuff it in the HttpSession (if using cookies to track the session) or something similar (if using SOAP header for session tracking).
Session tracking will most likely be done via cookies (standard HttpSession stuff) because I may need the same session in a different servlet running in the same webapp, otherwise I could use SOAP headers.
I know #1 will work, not hard to implement, but it will be VERY UGLY.
#2 is more elegant ...
Is it possible to even implement #2 from a client perspective (clients will be a Java Axis client and a .NET client)? If I expose what looks like multiple web services (related to each other) will I be able to pass the same session cookie from the Axis client side when I make calls to the various modules or the session tracking is done for me and it's buried somewhere deep so that I don't have access to the cookie on the client side? If I can get access, can you please tell me how? Custom handlers on the client side? Easier way to get access to the HttpRequest constructed on the client side and adding the session cookie to it (and other cookies from the load balancer, etc.)?
The question boils down to the session sharing part between these modules and how I can achieve it, if possible.
Thanks for your help.
Tim
