Hi Chris,
I am sorry for not responding earlier. I somehow missed your post on the
group and now found it on Google. I am interested in your second design
principle. I believe you mean that instead of using the following stack :
Ist Call :
<service name="AuthenticationService">
<requestFlow>
<handler type="sessionCreation"/>
</requestFlow>
<responseFlow>
<handler type="sessionCreation"/>
</responseFlow>
</service>
IInd Call :
<service name="WorkerService">
<requestFlow>
<handler type="sessionValidation"/>
</requestFlow>
<responseFlow>
<handler type="sessionValidation"/>
</responseFlow>
</service>
I should be using the authentication service as a handler and the following
stack :
<service name="WorkerService">
<requestFlow>
<handler type="AuthenticationService"/>
<handler type="sessionValidation"/>
</requestFlow>
<responseFlow>
<handler type="AuthenticationService"/>
<handler type="sessionValidation"/>
</responseFlow>
</service>
Thanks a lot for your hint.
Warm regards,
Abhinav Maheshwari
-----Original Message-----
Abhinav -
Do the two calls have different method signatures? If so, key off that
detail in your customized session handler.
For example, if the first call must be to login() before update() should
be called, have the handler fault if update() is called with no session
present. Also, you could bind the session creation to the actual call
to login().
There is another design principle to consider. You may desire to create
a session only if the client was properly authenticated and authorized.
The security handlers could set the isValidated flag in the message
context that is picked up by the session handler. If no session is
present, AND isValidated is true, create the session. If the session
is NOT present, AND isValidated is not defined or false, then have the
service fault.
/Chris
