On Friday, August 26, 2011 8:24:53 AM suryavikas wrote:
> Dan
>
> Thank you for clarifying my doubt on this, I also suspected this, and based
> on some of the examples you have given, I had successfully integrated
> session management into CXF 2.4.1 using the read phase.
>
> I have one more doubt, now as I am not using receive phase, instead I am
> using READ phase, as a performance benefit which phase do you think is
> better, RECEIVE or READ. I could not find any documentation about this
> comparison. When I implemented session, my goal was to ignore the all the
> request at the interceptor level if they have invalid session, this way I
> can save the server resources which is used during UN-marshaling.
I would use READ for this.
With RECEIVE, you do get more of a "fail fast" scenario for bad messages where
you can skip a bunch of things if the session is invalid. HOWEVER, you
introduce much more overhead of parsing messages and buffering and such for
the cases where the message and session IS valid. With READ, you've only
read the headers (which is normally fairly small). You have very little
impact on valid messages, but you still get most of the benefit of the fail
fast for the invalid messages.
Dan
>
> *SESSION MANAGEMENT WITH CXF*
> For the benefit of those who are looking to implement session management
> Sample example
>
> public class SessionInterceptor extends AbstractSoapInterceptor {
> private static final Logger logger = Logger
> .getLogger(SessionInterceptor.class);
> private static final int HTTP_SUCCESS_STATUS = 200;
> PropertiesReader pr = new PropertiesReader();
> Properties prop = pr.getInstance();
>
> public SessionInterceptor() {
> super(Phase.READ);
> addAfter(ReadHeadersInterceptor.class.getName());
> addAfter(EndpointSelectionInterceptor.class.getName());
> }
>
> public void handleMessage(SoapMessage message) throws Fault {
>
> List<Header> hl = message.getHeaders();
> logger.debug("Headers count : " + hl.size());
> boolean status = false;
> logger.debug(prop.getProperty("header-Session-info"));
> for (Header hr : hl) {
> String sessionHeader = hr.getName().toString();
> Element el = (Element) hr.getObject();
> String sessionId = el.getTextContent();
> logger.info("headerName=" + hr.getName()+ " Value :
"+sessionId);
> if (prop.getProperty("header-Session-
info").equals(sessionHeader)) {
> status = validateSession(sessionId);
> logger.error("Session Authentication status :
> "+status);
> }
> }
> if (!status) {
> MessageHandler mh = new MessageHandler(10507);
> logger.error(mh.getMessages().peekFirst()
> .getMessage());
> Fault fault = new Fault(new
Exception(mh.getMessages().peekFirst()
> .getMessage()));
> fault.setFaultCode(new QName("10507"));
> throw fault;
> }
>
> }
> *IMPLEMENT A SIMPLE HTTP REQUEST TO YOUR CONTROLLER WHICH CAN VERIFY THE
> SESSION*
> private boolean validateSession(String sessionId) {
> boolean sessionStatus = false;
> String url = prop.getProperty("session-host-server-url")
> + prop.getProperty("session-url") +
> ";jsessionid=" +
sessionId;
>
> logger.debug("Session Server URL : " + url);
> String sessionState = "false";
>
> HttpClient client = new HttpClient();
> HttpMethod get = new GetMethod(url);
>
> int status = 0;
> try {
> status = client.executeMethod(get);
>
> } catch (HttpException e1) {
> logger.error(e1.getStackTrace() +" --
> "+e1.getMessage());
> } catch (IOException e1) {
> logger.error(e1.getStackTrace() +" --
> "+e1.getMessage());
> }
>
> Hashtable<String, String> paramMap = null;
> logger.debug("HTTP STATE : " + status);
> if (status == HTTP_SUCCESS_STATUS) {
> String resMsg = null;
> try {
> resMsg = get.getResponseBodyAsString();
> logger.debug("Received Response : " + resMsg);
> } catch (IOException e1) {
> logger.error(e1.getStackTrace() +" --
> "+e1.getMessage());
> logger.error("Received Response : " + resMsg);
> }
> if (resMsg != null) {
> try {
> JSONObject json = new
> JSONObject(resMsg);
> paramMap = new Hashtable<String,
> String>();
> sessionState = (String)
> json.get("sessionstate");
>
> String[] arr =
> JSONObject.getNames(json);
> for (String str : arr) {
> paramMap.put(str, (String)
> json.get(str));
> }
> } catch (JSONException e) {
> logger.error(e.getStackTrace() +" --
"+e.getMessage());
> }
> } else {
> logger.error("BAD Response from http server");
> MessageHandler mh = new MessageHandler(10508);
> Fault fault = new Fault(new
Exception(mh.getMessages().peekFirst()
> .getMessage()));
> fault.setFaultCode(new QName("10508"));
> throw fault;
> }
> } else {
> logger.error("BAD Response from http server");
> MessageHandler mh = new MessageHandler(10508);
> Fault fault = new Fault(new
Exception(mh.getMessages().peekFirst()
> .getMessage()));
> fault.setFaultCode(new QName("10508"));
> throw fault;
> }
> if (sessionState.equals("true")) {
> sessionStatus = true;
> GSession gs = GSession.getInstance();
> gs.setParamMap(paramMap);
> gs.setSessionId(sessionId);
>
> } else {
> MessageHandler mh = new MessageHandler(10504);
> logger.error(mh.getMessages().peekFirst()
> .getMessage());
> Fault fault = new Fault(new
Exception(mh.getMessages().peekFirst()
> .getMessage()));
> fault.setFaultCode(new QName("10504"));
> throw fault;
> }
> return sessionStatus;
> }
>
> }
>
> Thanks
> Surya
>
> Daniel Kulp wrote:
> > With 2.4.x, the WSDL and schema requests are also routed onto the
> > interceptor
> > chain as GET requests to allow the chain and interceptors to participate
> > in
> > various parts of the WSDL requests.
> >
> > The best option is to add:
> > String method =
> > (String)message.get(Message.HTTP_REQUEST_METHOD);
> > if ("GET".equals(method)) {
> >
> > return;
> >
> > }
> >
> > to the start of your handle method.
> >
> > Dan
> >
> > On Thursday, August 25, 2011 11:15:10 AM suryavikas wrote:
> >> Hi,
> >>
> >> I had been using CXF 2.2.9 without any issues, and after reading the
> >> advisory on the CXF site, I have upgraded to CXF 2.4.1. After the
> >> upgrade I
> >> have been dealing with issues w.r.t the interceptors.
> >>
> >> With version 2.2.9 this code used to work just fine
> >> public SessionInterceptor() {
> >>
> >> super(Phase.RECEIVE);
> >>
> >> }
> >>
> >> public void handleMessage(Message message) throws Fault {
> >>
> >> System.out.println(message.getContextualProperty("sessionId"));
> >> // Get the supplied SOAP envelope in the form of an InputStream
> >> InputStream inputStream = message.getContent(InputStream.class);
> >>
> >> .....
> >>
> >> }
> >>
> >> And used to give me an entire SOAP envelope like this
> >> [08-25 23:25:48] DEBUG SessionInterceptor [http-8080-2]:
> >> <soapenv:Envelope
> >> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
> >> xmlns:dbs="http://dbsync.webservices.backend.local.com";>
> >>
> >> <soapenv:Header>
> >>
> >> <sessionId>123</sessionId>
> >>
> >> </soapenv:Header>
> >> <soapenv:Body>
> >>
> >> <dbs:dbsync>
> >>
> >> <lastSyncId>11</lastSyncId>
> >> <userUuid>22</userUuid>
> >>
> >> </dbs:dbsync>
> >>
> >> </soapenv:Body>
> >>
> >> </soapenv:Envelope>
> >>
> >> Now after the upgrade the none of the clients are able to see the
> >> wsdls
> >> in
> >> the browser or SOAP client as the request triggers the interceptor on
> >> any requests it receives and it expects client to pass the SESSION
> >> ID, when not
> >> found it just gives them HTTP 500 error.
> >>
> >> I have tried with different phases to sort this issue out, but in all
> >> other
> >> phases other than RECEIVE, I do not get the SOAP envelope in my code.
> >> I have disabled the inInterceptor & loaded the wsdl in SOAP UI and
> >> later
> >> enabled back the inInterceptor & the old code was working as expected.
> >> Now when I change the phase to any thing else clients are able to see
> >> the wsdls, but my session checking doesn't work.
> >>
> >> Any suggestion or documentation about the changes in the Phase
> >> implementation compared to 2.2.9 would really help.
> >>
> >> Thanks
> >> Surya
> >>
> >> --
> >> View this message in context:
> >> http://cxf.547215.n5.nabble.com/CXF-2-4-1-Interceptor-tp4735473p473547
> >> 3.htm l Sent from the cxf-user mailing list archive at Nabble.com.
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-2-4-1-Interceptor-tp4735473p4738381.htm
> l Sent from the cxf-user mailing list archive at Nabble.com.
--
Daniel Kulp
[email protected]
http://dankulp.com/blog
Talend - http://www.talend.com
