How would you maintain a session across consequtive web service requests? At my company, we wrote an in-interceptor that checks some WS-Security headers on every request, and exposes a thread-local bean with info on the currently logged in user. Users are cached so we don't have to query the user-db on every request.
Granted this might be a "low-level" approach, but we had a pretty clear idea of where we wanted to go with it. Plus, it's a little lighter in terms of dependencies. On 1/2/08, Benson Margulies <[EMAIL PROTECTED]> wrote: > Can someone suggest an entrypoint to the forest of security options? My > general ideas are in the direction of wanting session state with > authentication, thus allowing services to perform authorization based on > the identity on the session. Of the various things plugged into CXF at > this point, what is intended to assist here? > > -- Venlig hilsen / Kind regards, Christian Vest Hansen.
