I put together a custom WSDLQueryHandler which sneaks in my custom security header. This way I managed to do it in one place and not to pollute all the ports. Search for my posts, there is an example there.
olarte.andres wrote: > > Thanks for your input. How are you passing the session id from the client? > Is it defined in the wsdl, or are you using Out of Band headers? > > > On Tue, Nov 17, 2009 at 8:47 PM, vickatvuuch <[email protected]> wrote: > >> >> I put together my own session store bean which is shared by all Impl >> beans. >> Later you could use Hibernate cache to replicate it cross hosts.. >> The Auth.login does auth and generates sessions, then client sends >> this sessionid in the SOAP header or on the REST request. >> You put together a In interceptor to validate session key and either >> let request in or bounce it. Of course the key has to be long > 256bit >> long >> secure random seeded, expiring, etc. >> May be there is a better way, will watch what others say.. >> >> >> olarte.andres wrote: >> > >> > Hi, >> > >> > What's the best way to implement stateful web services? I was thinking >> of >> > including a session id with every call, but was wondering if there's a >> > better way. >> > >> > Thanks, >> > >> > Andres >> > >> > >> >> -- >> View this message in context: >> http://old.nabble.com/Stateful-webservices-tp26400779p26401116.html >> Sent from the cxf-user mailing list archive at Nabble.com. >> >> > > -- View this message in context: http://old.nabble.com/Stateful-webservices-tp26400779p26402142.html Sent from the cxf-user mailing list archive at Nabble.com.
