Hi
On 22/06/13 15:38, Prasad Jeewantha wrote:
P.S. Please see my question in SO :
http://stackoverflow.com/q/17250852/1411653
On Sat, Jun 22, 2013 at 4:01 PM, Prasad Jeewantha <[email protected]>wrote:
Hi all,
I have a client - server application which uses cxf DOSGi [1]. Now I want
to authenticate the clients from the server and create a session for the
client. The client will have a cookie which is used to access the service
once authenticated. I would like to know what is the best way for the
server to access the HTTP session and the best way to store a cookie at the
client end once authenticated.
I was thinking of making a custom Session object at application level once
authenticated and send a Cookie object to the client. So when the client
accesses the service methods, it will pass the cookie as an argument. The
client will be validated in every service method. But I dont think this is
the best way to handle this since every service method must have a separate
argument to pass the Cookie.
I came across this when I was googling [2]. Is it possible to get
"WebServiceContext" in the service in DOSGi?
I think you can get it injected when Spring or Blueprint is used; or you
can do
Message m = PhaseInterceptorChain.getCurrentMessage();
HttpServletRequest request = (HttpServletRequest)m.get("HTTP.REQUEST")
Even if I get it, how would I
store the cookie at client end and make sure the client sends the cookie in
every subsequent web service call?
I don't think we can control client HTTP conduit properties yet (and for
WS you'd configure Http conduit to do the auto-cookie management)
There was a JIRA opened against RS client not being able to configure a
read timeout, I've just updated it to be fixed for 1.6, I think it would
need to be fixed such that it all works for WS & RS clients, may be
introduce "org.apache.cxf.http.client" properties...
https://issues.apache.org/jira/browse/DOSGI-124
Also, how would I secure the communication channel with WS - Security?
Try a wsdl-first approach with WS-Sec policies
HTH, Sergey
[1] http://cxf.apache.org/distributed-osgi-greeter-demo-walkthrough.html
[2]
http://stackoverflow.com/questions/8036827/how-can-i-manage-users-sessions-when-i-use-web-services
Any help is highly appreciated.
Thanks a lot in advance,
PJ
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
