P.S. Please see my question in SO : http://stackoverflow.com/q/17250852/1411653
On Sat, Jun 22, 2013 at 4:01 PM, Prasad Jeewantha <[email protected]>wrote: > Hi all, > > I have a client - server application which uses cxf DOSGi [1]. Now I want > to authenticate the clients from the server and create a session for the > client. The client will have a cookie which is used to access the service > once authenticated. I would like to know what is the best way for the > server to access the HTTP session and the best way to store a cookie at the > client end once authenticated. > > I was thinking of making a custom Session object at application level once > authenticated and send a Cookie object to the client. So when the client > accesses the service methods, it will pass the cookie as an argument. The > client will be validated in every service method. But I dont think this is > the best way to handle this since every service method must have a separate > argument to pass the Cookie. > > I came across this when I was googling [2]. Is it possible to get > "WebServiceContext" in the service in DOSGi? Even if I get it, how would I > store the cookie at client end and make sure the client sends the cookie in > every subsequent web service call? > > Also, how would I secure the communication channel with WS - Security? > > [1] http://cxf.apache.org/distributed-osgi-greeter-demo-walkthrough.html > [2] > http://stackoverflow.com/questions/8036827/how-can-i-manage-users-sessions-when-i-use-web-services > > Any help is highly appreciated. > Thanks a lot in advance, > PJ >
