Hi, MS-SOAP supports sessions using SOAP headers. There is a sample included with the standard examples install.
I think that Apache SOAP 2.2 doesnt have a support for SOAP headers. But it seems that Apache AXIS (The new rewrite version of Apache SOAP) does have a support for SOAP headers. I havent tried using it, but have seen posts, from which it appears that AXIS has that support! Warm Regards, Paramdeep ----- Original Message ----- From: "Dennis Sosnoski" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 04, 2002 2:00 AM Subject: Re: HTTP redirects and SOAP > The only way I know of to provide session support that works across all > platforms is to basically implement it yourself. Build a wrapper for > your statefull session EJB (or whatever other session-based class you > want to use), adding a call to the wrapper that gets a session > identifier like: "String getSession(String user, String password)" (user > and password are optional, depending on your application). The wrapper > needs to get an instance of the session-based class when this call is > executed, and return a unique identifier mapped to that instance in a > HashMap or equivalent. > > For each method you want to make available in the session-based class, > add a new parameter "String id" to the corresponding method in the > wrapper. The wrapper can use this to look up the instance of the > session-based class associated with that identifier, then call the > wrapped method on that instance. > > Depending on your requirements you may also want to add a call > "endSession(String id)", and may also want to use timeouts for the > session-based class instance (so that if the session is not used for > some period of time it gets dropped). > > Kind of ugly and tedious, but it's the only sure way of doing sessions > that I know of. Anybody have a better approach? > > - Dennis > > Dennis M. Sosnoski > Sosnoski Software Solutions, Inc. > http://www.sosnoski.com > > Will Spies/Towers Perrin wrote: > > > > >Simple. You can't. Not in the MS SOAP Toolkit 2.0SP2 anyway. I even got it > >in writing. The following is a response from Microsoft from my question > >about why the don't support cookies and redirects. > > > >>>This is so because it is the first version of the product mainly. We > >>>saw redirects as a major security risk and cookie as something most Soap > >>>applications wouldn't use because we specifically didn't want to support > >>>sessions. As I said before, the Wininet connector doesn't have these > >>>limitations because it uses the IE http stack instead of HTTPLIB. > >>> > > > >>>Soap uses some of the http infrastructure but it isn't a normal http > >>>application. > >>> > > > > > > > > > > > > > > To: <[EMAIL PROTECTED]> > > "Hozefa Botee" cc: (bcc: Will Spies/Towers Perrin) > > <hoze@interlacesy Subject: RE: HTTP redirects and SOAP > > stems.com> > > > > 04/03/02 03:02 PM > > Please respond to > > soap-user > > > > > > > > > > > > > >How does one implement session behavior with MS > >SOAP toolkit without cookies? esp. when talking > >to an AXIS server? > > > >H > > > >>-----Original Message----- > >>From: Will Spies/Towers Perrin [mailto:[EMAIL PROTECTED]] > >>Sent: Wednesday, April 03, 2002 3:57 AM > >>To: [EMAIL PROTECTED] > >>Subject: Re: HTTP redirects and SOAP > >> > >> > >> > >> > >>I've had this same nightmare. Here is what I've learned: > >> > >>MS SOAP Toolkit does not support cookies or redirects ( they > >>view the former as unnecessary and the latter as a security > >>issue ) Apache SOAP Toolkit supports cookies but does not > >>support redirects Systinet SOAP Toolkit supports redirects > >>but not cookies. > >> > >>I don't get it. They should all support cookies and redirects > >>if you ask me. This is the basis for any SSO product and some > >>proxy servers. > >> > >>_______________________ > >>Will Spies > >>Towers Perrin > >>Phone: (215)246-7145 > >>e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > >> > >> > >> > >> > >> To: > >>[EMAIL PROTECTED] > >> > >> "Brian BBA41 cc: > >>(bcc: Will Spies/Towers Perrin) > >> > >> Bannister" Subject: Re: > >>HTTP redirects and SOAP > >> > >> <bbannister@qanta > >> > >> > >> s.com.au> > >> > >> > >> > >> > >> > >> 04/02/02 07:35 PM > >> > >> > >> Please respond to > >> > >> > >> soap-user > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >>Why don't you set up the servlet to be container protected > >>and allow the container to do the basic authentication? We do > >>this with weblogic and apache SOAP and it works well. An > >>unauthenticated user gets a 401 unauthorized and can reply > >>with the basic authentication header. An unauthenticated user > >>that sends the basic authentication header on first request > >>gets straight through. > >> > >> > >> > >> > >> Martin Hubley > >> > >> <[EMAIL PROTECTED] To: > >>"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > >> > >> om> cc: > >> > >> Subject: HTTP > >>redirects and SOAP > >> 03/04/2002 06:43 > >> > >> Please respond to > >> > >> soap-user > >> > >> > >> > >> > >> > >> > >> > >> > >> > >>Hi, > >> > >>My basic question is does Apache SOAP (or any other SOAP > >>implementation) support http redirect headers in a response > >>for a client?? The gory details follow... > >> > >>We have a setup where I am using the GLUE SOAP servlet as > >>part of a J2EE ear running in JBoss 2.4.4 (with Tomcat > >>4.0.1), where the servlet (and our other servlets) is > >>protected by a custom filter implemented for single-sign-on > >>purposes. This filter redirects all requests without our auth > >>cookie to an auth servlet, which requests basic auth from the > >>client, and which when successful sets a cookie and redirects > >>back to the original url. When in an Apache SOAP test client > >>and I make a call to the original URL, i.e. > >>http://localhost:8000/soap/urn:service.wsdl, I > get a SOAP > >>fault back containing the HTTP 302 response from the server > >>(as well as a SOAPException with an unsupported content type > >>as the HTTP 302 response is text/html). (This call works fine > >>in the test client if I deploy the servlet and SOAP > >>implementation without our filters that do the authentication > >>redirects) > >> > >>The actual response coming back from our SingleSignOnFilter > >>is a standard redirect with the URL we want to redirect to > >>for authentication: > >> > >>HTTP/1.1 302 Moved Temporarily > >>Content-Type: text/html > >>Date: Tue, 02 Apr 2002 19:14:33 GMT > >>Location: > >>http://localhost:8080/auth/AuthServlet?ds.sso.return-url=http% > >> > >3A%2F%2Flocalhost%3A8080%2Fsoap%2Furn%3Aservice > > > > > >Server: Apache Tomcat/4.0.1 (HTTP/1.1 Connector) > >Connection: close > > > >followed by a standard Apache error page containing the 302 info. > > > >Are there any easy ways to do such redirects using Apache SOAP or any > >other SOAP implementation? Am I missing something obvious here, i.e. > >perhaps there is a way to do redirects in a SOAP message instead of with > >HTTP headers? Any help appreciated, > > > >Thanks, > > > >Martin > > > > > > > > > > > > > >Qantas > > > > > > > > > > > > > > > > > > > _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
