Hi All,
I have an application that is accessible from a browser to manage some
items but there are calls that should be performed from fat client
programs. There is authentication being done from browser forms and
the
session management is the default container cookie/url rewriting
scheme.
Obviously a client app will not know what to do with a cookie and it
can't use url rewriting as the response is just an XML file that is a
result of the initial request. Those initial actions must be
authorized
but I don't want to authenticate on every request. Having said that
these are the basic two questions:
1. Is this a good idea to use
servlets or should I do
SOAP instead
(this
is without consideration for session management, just pure
technological
question for web based service called from an app)?
2. How would I manage sessions in when all calls would be
programmatical
HTTP requests? I thought of a scheme where an initial request from an
application should go to AuthenticationServlet which would return a
token that then would be included in every subsequent request for other
functions.
What do you think?
Thanks,
d.
is accessible from a browser to manage some
items but there are calls that should be performed from fat client
programs. There is authentication being done from browser forms and
the
session management is the default container cookie/url rewriting
scheme.
Obviously a client app will not know what to do with a cookie and it
can't use url rewriting as the response is just an XML file that is a
result of the initial request. Those initial actions must be
authorized
but I don't want to authenticate on every request. Having said that
these are the basic two questions:
1. Is this a good idea to use servlets or should I do SOAP instead
(this
is without consideration for session management, just pure
technological
question for web based service called from an app)?
2. How would I manage sessions in when all calls would be
programmatical
HTTP requests? I thought of a scheme where an initial request from an
application should go to AuthenticationServlet which would return a
token that then would be included in every subsequent request for other
functions.
What do you think?
Thanks,