gweb79 wrote:
>
> Hi,
>
> I am developing a secure web service using cxf 2.0, spring 2.5 on tomcat
> 6.
>
> For each request coming I want to authenticate using ws-security
> (implemented), grab the user out of the database, and pass it around (as
> object) the following interceptors and also the web service impl. What is
> the best practice for doing this? I have considered placing the object in
> the HTTP servlet request, but that does not seem to be an easy or elegant
> option. Could I somehow use Springs request scope attribute to create some
> sort of holder bean for the life of the request? Or is this scenario
> taken care of magically by cxf and spring allowing me to simply add the
> user object to a singleton scoped bean?
>
> Thanks for your help.
>
You should be able to define a request-scoped Spring bean to hold the data
you want to pass around and inject that into your service object,
interceptors, etc. You can call the methods of this bean and Spring will
magically take care of directing the calls to the right place for the
request. I do something very similar to support a stateful web service
where I need to maintain state across an HTTPSession. In fact I go one
further and actually use a session-scoped bean as my SEI:
<bean id="myServiceImpl" class="my.package.WebServiceImpl" scope="session">
<aop:scoped-proxy />
</bean>
<jaxws:server id="serviceEndpoint" serviceBean="#myServiceImpl"
serviceClass="my.package.WebServiceImpl" address="/myService" />
And tell the client to maintain the session
(http://weblogs.java.net/blog/ramapulavarthi/archive/2006/06/maintaining_ses.html).
Works beautifully :-)
Ian
--
View this message in context:
http://www.nabble.com/Share-object-in-request-scope-on-ws-server-tp14611572p14674619.html
Sent from the cxf-user mailing list archive at Nabble.com.
