• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Please improve my code/approach.

 
Greenhorn
Posts: 22
MyEclipse IDE Hibernate Postgres Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My Requirements are :

  • We want to implement a simple userId password based authentication mechanism for our web services that are exposed to other web applications inside internal network. Right now I am not worried about SSL encryption etc.
  • We want the "authenticated" client state to be persisted (Client Web application should persist state in HTTP session) so that every time we make service calls, userid password is not passed as HTTPheader or SOAP header.
  • Caller User identity should be available at server side for permissions checks in simplest possible ways.
  • Using standard techniques, which works in a clustered server and clustered client environment.
  • Development Team is new to Web Services especially Axis2, so we do not want to introduce complex technologies at this stage (WSSecurity we find, is not so simple to understand and use please correct me if I am wrong).


  • I implemented a POC using Stateful Axis2 Web Services and a standalone client program based on a Previous Post

    Here is how the POC for Authentication looks like :

    There are 2 services which are added to a one group -
    Hello World Web Service has 2 operations authenticate and hello :



    Second Service which has one operation :


    sevice.xml looks like this :



    After Generating Stubs for both the services using Eclipse WTP - The Client Program looks like this :



    This example works fine. Please comment on following Queries :
  • I would like to have further suggestions on how to improve this code or my overall approach.
  • Apache Axis2 Article Clustering for Stateful Web Services says: "You may safely use services in "soapsession" scope provided you don't modify (or modify at all) state in ServiceGroupContext frequently." - Please let me know if there are some risks in using this approach in clustered environment where web services are hosted on a cluster (Jboss in this case).
  • As it can be seen from TestWSClient I am planning to store the client state by storing "ServiceClient sc" object in web application's HTTP session. This object is obtained from authentication service and then same is reused to call other services. As per my initial test this approach works fine but since this object is not Serializable I dont think I will be able to use it when the Web application runs on clustered environment. Please provide any suggestions regarding this.
  • Please highlight any other drawback of this approach.


  • Thanks for having patience in reading this long post.

    Regards,
    Tarun Gupta

     
    Gupta Tarun
    Greenhorn
    Posts: 22
    MyEclipse IDE Hibernate Postgres Database
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Okay,
    Let me try to put my scenario in very few words :

    Using Axis2 Stateful Services what is the best way to store the client state inside the caller applications HTTP Session, Axis2 Engine and Web Application both are running on clustered environment.
     
    Do you want ants? Because that's how you get ants. And a tiny ads:
    a bit of art, as a gift, the permaculture playing cards
    https://gardener-gift.com
    reply
      Bookmark Topic Watch Topic
    • New Topic