Hi,
Thankx
for your replys. This works good for services that have named users, because the
username can be used as a SessionID, and one can use WS-Security to encode this
in the SOAP header. But in my case, I would like to do such thing for an
annonymous user.
What
I'm trying to do, is implement a disclaimer in a SOAP service for annonymous
users. The workflow is as follows:
1) The
user first calls a service
2) The
service sees that this is the first time when the user called the service and
sends back an exception "here is the license agreement, please agree to
it"
3) The
user agrees with the disclaimer
4) The
next time when the user calls the service, the service will know that the user
already agreed with the disclaimer and will not be asked to do this
again.
The
problem is that the services already have well known and defined interfaces that
do not include a session parameter in the call. I have to follow a standard,
that specifiyes what I have to put in the SOAP body.
This
is why, I would need to specify this information in an "indirect" way. The only
way that I can think of, is put this information somewhere in the SOAP header.
And here comes the question: is there already some standard way of doing this?
Are there any mechanisms in the maze of WS-* standards for this? Is there a
correspondent to cookies in Web Services?
Thankx,
Cristian
===========================================================
Dipl. Ing.
Cristian OPINCARU
University of Federal Armed Forces, Munich - Faculty of
Informatics
Werner-Heisenberg-Weg 39, D-85577, Neubiberg,
Germany
Building 41 / Room 0224
Tel :
+49-89-6004.2279
Fax : +49-89-6004.3898
E-mail:
[EMAIL PROTECTED]
Web : http://inf3-www.informatik.unibw-muenchen.de/~opincaru
-----Original Message-----
From: Jonathan Roberts [mailto:[EMAIL PROTECTED]
Sent: Dienstag, 5. Juli 2005 10:47
To: [email protected]
Subject: Re: Sessions with SOAP: Any ideas?Hi Cristian,I meant something more akin to Duncan's idea than a pure session objectThus:* the client side talks to the server* the server creates an object with an ID and then passes the ID back to the client* the session IDF value is then used to identify which java object it is talking to.Can you give us more detail about the type of sessiuon you mean.For example one of my projects required a session, however it was sufficient to store the logon/password on the client side and pass this continually on each soap call, this assumed a session but in reality, each toime an action occured a system login occured first.As an example1) login to systemclient side inputs name and pin2) check account balancelogin to system ( again)return balance3) pay amount - specify amountlogin to system ( again)return success/failureetc etcNot sure if this was best practice however.Opinions?Jon
[EMAIL PROTECTED] wrote:I have just had to implement a similar system. I don't know if this will
help but it may give you some ideas.
when a client sends it's first (ie log-in) message to the server, the
server creates a basic session object - just a simple java object - and
stores it in a hash with a unique id. this id is then passed back to the
client as part of the response message. on subsequent requests the client
then sends the session id as an extra parameter along side the message
itself. the server then retrieves the session object from the hash using
the unique id and performs the necessary checks etc.
this is totally non-SOAP specific but it uses the SOAP protocol to send the
id as an extra parameter along side your message - just ensure you have the
appropriate methods exposed in however you implement your web service. we
also run our web service in IBM WebSphere App Server, so it's easy for us
to manage these session objects.
Duncan
Cristian Opincaru[EMAIL PROTECTED]> To
[email protected]
04/07/2005 21:05 cc
Subject
Please respond to Re: Sessions with SOAP: Any ideas?
[EMAIL PROTECTED]
he.org
Thanks Johnathan. But HTTP cookies only solve a small part of the
problem. If I use SOAP-over-someotherprotocol or if I have
intermediaries, the HTTP cookies will be lost.
Are there any alternatives to cookies? Is there some SOAP specific way
of implementing cookies?
I read today about WS-Addressing and WS-Context but these
specification seem not to be ready (at least WS-Context is still a
draft version, while WS-Addressing is in submission at the W3C) and on
the other hand they seem to make things quite complicated.
Thankx,
Cristian
> On 7/4/05, Jonathan Roberts <[EMAIL PROTECTED]>wrote:
> > Hi.
> >
> > You need to use a session token that you pass back and fore between the
> > client and the server.
> >
> > however soap actually aids this but inbuild functionality:
> >
> > http://ws.apache.org/soap/faq/faq_chawke.html#Q5_2
> >
> > http://ws.apache.org/soap/docs/guide/migration.html
> >
> >
> > J
> >
> >
> >
> >
> > Cristian OPINCARU <[EMAIL PROTECTED]>
> > wrote:
> > Hi all,
> >
> > I have the following problem: I want to have implement a session
between a
> > SOAP client and a SOAP server (something like cookies for example,
every
> > time a client makes a request, it always sends a Session ID with his
> > request).
> >
> > The problem is that SOAP (like HTTP) is a stateless protocol, that is,
by
> > default there is no mechanism embedded for session management.
> >
> > Does anyone know how I can implement sessions in SOAP? Is there any
> > specification that addresses this issue?
> >
> > Thankx!
> >
> > ===========================================================
> > Dipl. Ing. Cristian OPINCARU
> > University of Federal Armed Forces, Munich - Faculty of Informatics
> >
> > Werner-Heisenberg-Weg 39, D-85577, Neubiberg, Germany
> > Building 41 / Room 0224
> >
> > Tel : +49-89-6004.2279
> > Fax : +49-89-6004.3898
> > E-mail: [EMAIL PROTECTED]
> > Web :
> > http://inf3-www.informatik.unibw-muenchen.de/~opincaru
> >
> >
> >
> > ________________________________
> > Yahoo! Messenger NEW - crystal clear PC to PC calling worldwide with
> > voicemail
> >
> >
>
How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos. Get Yahoo! Photos
