> CXF Page here( http://cxf.apache.org/getting-involved.html ) shows > "WS-Context & Session support" as an Idea. > But the page was last updated on Sep 19, 2007 as you can see. > Can you please confirm whether its been taken to the next level, or is > still open for exploration?
Definitely still open for exploration. Explore away! :-) Dan On Wed February 11 2009 6:52:21 am Anoop Prasad wrote: > Dear Dan, > > Thank you for your Inputs. > > My focus is to build a secure Session handling mechanish independent of > Transport or any low level details. > " Encrypted XML Document containing Session Tokens; and an aggrement > between two Web services about the way they will use and Update the token" > should do the trick. And as you suggested we can use the Interceptors to > realize this. > > Im reading about the standards, and It looks like WS-Context is the right > way to proceed. > Ref: > http://www.idealliance.org/proceedings/xml05/ship/54/xml2005-wssessions.HTM >L #d0e217 > http://www.w3.org/2001/03/WSWS-popa/paper29 > > WS Addressing is not advocated; also the Working Group is now closed > Ref: http://www.infoq.com/news/2007/09/wsacloses > > CXF Page here( http://cxf.apache.org/getting-involved.html ) shows > "WS-Context & Session support" as an Idea. > But the page was last updated on Sep 19, 2007 as you can see. > Can you please confirm whether its been taken to the next level, or is > still open for exploration? > > I would really appreacte it if you would correct me if any of these > understandings is wrong; > > Thanks a lot. > > > PS : Im also planning to add WS-Security to the system; for that I probably > might use the WSS4J Interceptor solution. > > regards > anoopPrasad > > Two roads diverged in a wood, and I -- I took the one less traveled by, and > that has made all the difference! > > HUAWEI TECHNOLOGIES CO.,LTD > > Address: Huawei Industrial Base > Bantian Longgang > Shenzhen 518129, P.R.China > www.huawei.com > --------------------------------------------------------------------------- >- --------------------------------------------------------- > This e-mail and its attachments contain confidential information from > HUAWEI, which > is intended only for the person or entity whose address is listed above. > Any use of the > information contained herein in any way (including, but not limited to, > total or partial > disclosure, reproduction, or dissemination) by persons other than the > intended > recipient(s) is prohibited. If you receive this e-mail in error, please > notify the sender by > phone or email immediately and delete it! > > > -----Original Message----- > From: Daniel Kulp [mailto:[email protected]] > Sent: Tuesday, February 10, 2009 10:34 PM > To: [email protected] > Cc: anoopPrasad > Subject: Re: Application Layer Session Management for WS > > > > I'm really not aware of any non-http level session stuff going on right > now. > > It wouldn't be hard to write a set of interceptors that would do this for > JMS. > The server "in" interceptor would just pull a session ID from someplace > (soap header or JMS header or similar) and validate it and store it on the > exchange/message to be used later in the implementation or similar. An > "out" > interceptor would add it to the response. Client side would be similar. > > Dan > > On Fri February 6 2009 3:53:49 am anoopPrasad wrote: > > Dear All, > > > > I have Integrated the latest CXF 2.1.3 with my system and it started > > working without making much noise (Some noise near the JMS area ;-) > > ;change in the way we were configuring it) > > > > We do have a need to maintain session for certain Web Services for > > licensing the same for certain Service consumers.I started exploring > > options within CXF and found an interesting discussion here > > http://www.nabble.com/session-management-td11326045.html > > But that discussion focused on HTTP/jetty based session handling. > > > > Do we have a mechanism to handle the Sessions at the application layer > > level itself; something like what they have in Axis2. If yes kindly > > point me in the right direction. > > If not please let me know if we have any work in progress in this > > direction. > > > > Thanks in advance. > > > > regards > > anoopPrasad > > -- > Daniel Kulp > [email protected] > http://www.dankulp.com/blog -- Daniel Kulp [email protected] http://www.dankulp.com/blog
