Dan
Thank you for clarifying my doubt on this, I also suspected this, and based
on some of the examples you have given, I had successfully integrated
session management into CXF 2.4.1 using the read phase.
I have one more doubt, now as I am not using receive phase, instead I am
using READ phase, as a performance benefit which phase do you think is
better, RECEIVE or READ. I could not find any documentation about this
comparison. When I implemented session, my goal was to ignore the all the
request at the interceptor level if they have invalid session, this way I
can save the server resources which is used during UN-marshaling.
*SESSION MANAGEMENT WITH CXF*
For the benefit of those who are looking to implement session management
Sample example
public class SessionInterceptor extends AbstractSoapInterceptor {
private static final Logger logger = Logger
.getLogger(SessionInterceptor.class);
private static final int HTTP_SUCCESS_STATUS = 200;
PropertiesReader pr = new PropertiesReader();
Properties prop = pr.getInstance();
public SessionInterceptor() {
super(Phase.READ);
addAfter(ReadHeadersInterceptor.class.getName());
addAfter(EndpointSelectionInterceptor.class.getName());
}
public void handleMessage(SoapMessage message) throws Fault {
List<Header> hl = message.getHeaders();
logger.debug("Headers count : " + hl.size());
boolean status = false;
logger.debug(prop.getProperty("header-Session-info"));
for (Header hr : hl) {
String sessionHeader = hr.getName().toString();
Element el = (Element) hr.getObject();
String sessionId = el.getTextContent();
logger.info("headerName=" + hr.getName()+ " Value :
"+sessionId);
if
(prop.getProperty("header-Session-info").equals(sessionHeader)) {
status = validateSession(sessionId);
logger.error("Session Authentication status :
"+status);
}
}
if (!status) {
MessageHandler mh = new MessageHandler(10507);
logger.error(mh.getMessages().peekFirst()
.getMessage());
Fault fault = new Fault(new
Exception(mh.getMessages().peekFirst()
.getMessage()));
fault.setFaultCode(new QName("10507"));
throw fault;
}
}
*IMPLEMENT A SIMPLE HTTP REQUEST TO YOUR CONTROLLER WHICH CAN VERIFY THE
SESSION*
private boolean validateSession(String sessionId) {
boolean sessionStatus = false;
String url = prop.getProperty("session-host-server-url")
+ prop.getProperty("session-url") +
";jsessionid=" + sessionId;
logger.debug("Session Server URL : " + url);
String sessionState = "false";
HttpClient client = new HttpClient();
HttpMethod get = new GetMethod(url);
int status = 0;
try {
status = client.executeMethod(get);
} catch (HttpException e1) {
logger.error(e1.getStackTrace() +" --
"+e1.getMessage());
} catch (IOException e1) {
logger.error(e1.getStackTrace() +" --
"+e1.getMessage());
}
Hashtable<String, String> paramMap = null;
logger.debug("HTTP STATE : " + status);
if (status == HTTP_SUCCESS_STATUS) {
String resMsg = null;
try {
resMsg = get.getResponseBodyAsString();
logger.debug("Received Response : " + resMsg);
} catch (IOException e1) {
logger.error(e1.getStackTrace() +" --
"+e1.getMessage());
logger.error("Received Response : " + resMsg);
}
if (resMsg != null) {
try {
JSONObject json = new
JSONObject(resMsg);
paramMap = new Hashtable<String,
String>();
sessionState = (String)
json.get("sessionstate");
String[] arr =
JSONObject.getNames(json);
for (String str : arr) {
paramMap.put(str, (String)
json.get(str));
}
} catch (JSONException e) {
logger.error(e.getStackTrace() +" --
"+e.getMessage());
}
} else {
logger.error("BAD Response from http server");
MessageHandler mh = new MessageHandler(10508);
Fault fault = new Fault(new
Exception(mh.getMessages().peekFirst()
.getMessage()));
fault.setFaultCode(new QName("10508"));
throw fault;
}
} else {
logger.error("BAD Response from http server");
MessageHandler mh = new MessageHandler(10508);
Fault fault = new Fault(new
Exception(mh.getMessages().peekFirst()
.getMessage()));
fault.setFaultCode(new QName("10508"));
throw fault;
}
if (sessionState.equals("true")) {
sessionStatus = true;
GSession gs = GSession.getInstance();
gs.setParamMap(paramMap);
gs.setSessionId(sessionId);
} else {
MessageHandler mh = new MessageHandler(10504);
logger.error(mh.getMessages().peekFirst()
.getMessage());
Fault fault = new Fault(new
Exception(mh.getMessages().peekFirst()
.getMessage()));
fault.setFaultCode(new QName("10504"));
throw fault;
}
return sessionStatus;
}
}
Thanks
Surya
Daniel Kulp wrote:
>
> With 2.4.x, the WSDL and schema requests are also routed onto the
> interceptor
> chain as GET requests to allow the chain and interceptors to participate
> in
> various parts of the WSDL requests.
>
> The best option is to add:
> String method = (String)message.get(Message.HTTP_REQUEST_METHOD);
> if ("GET".equals(method)) {
> return;
> }
>
> to the start of your handle method.
>
> Dan
>
>
> On Thursday, August 25, 2011 11:15:10 AM suryavikas wrote:
>> Hi,
>>
>> I had been using CXF 2.2.9 without any issues, and after reading the
>> advisory on the CXF site, I have upgraded to CXF 2.4.1. After the upgrade
>> I
>> have been dealing with issues w.r.t the interceptors.
>>
>> With version 2.2.9 this code used to work just fine
>> public SessionInterceptor() {
>> super(Phase.RECEIVE);
>> }
>>
>> public void handleMessage(Message message) throws Fault {
>> System.out.println(message.getContextualProperty("sessionId"));
>> // Get the supplied SOAP envelope in the form of an InputStream
>> InputStream inputStream = message.getContent(InputStream.class);
>> .....
>> }
>> And used to give me an entire SOAP envelope like this
>> [08-25 23:25:48] DEBUG SessionInterceptor [http-8080-2]:
>> <soapenv:Envelope
>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
>> xmlns:dbs="http://dbsync.webservices.backend.local.com";>
>> <soapenv:Header>
>> <sessionId>123</sessionId>
>> </soapenv:Header>
>> <soapenv:Body>
>> <dbs:dbsync>
>> <lastSyncId>11</lastSyncId>
>> <userUuid>22</userUuid>
>> </dbs:dbsync>
>> </soapenv:Body>
>> </soapenv:Envelope>
>>
>> Now after the upgrade the none of the clients are able to see the wsdls
>> in
>> the browser or SOAP client as the request triggers the interceptor on any
>> requests it receives and it expects client to pass the SESSION ID, when
>> not
>> found it just gives them HTTP 500 error.
>>
>> I have tried with different phases to sort this issue out, but in all
>> other
>> phases other than RECEIVE, I do not get the SOAP envelope in my code.
>> I have disabled the inInterceptor & loaded the wsdl in SOAP UI and later
>> enabled back the inInterceptor & the old code was working as expected.
>> Now when I change the phase to any thing else clients are able to see the
>> wsdls, but my session checking doesn't work.
>>
>> Any suggestion or documentation about the changes in the Phase
>> implementation compared to 2.2.9 would really help.
>>
>> Thanks
>> Surya
>>
>> --
>> View this message in context:
>> http://cxf.547215.n5.nabble.com/CXF-2-4-1-Interceptor-tp4735473p4735473.htm
>> l Sent from the cxf-user mailing list archive at Nabble.com.
> --
> Daniel Kulp
> [email protected]
> http://dankulp.com/blog
> Talend - http://www.talend.com
>
--
View this message in context:
http://cxf.547215.n5.nabble.com/CXF-2-4-1-Interceptor-tp4735473p4738381.html
Sent from the cxf-user mailing list archive at Nabble.com.
