----- Original Message -----
Sent: Tuesday, July 05, 2005 6:05
AM
Subject: RE: Sessions with SOAP: Any
ideas?
Hi,
Thankx for your replys. This works good for services
that have named users, because the username can be used as a SessionID, and
one can use WS-Security to encode this in the SOAP header. But in my case, I
would like to do such thing for an annonymous user.
What
I'm trying to do, is implement a disclaimer in a SOAP service for annonymous
users. The workflow is as follows:
1)
The user first calls a service
2)
The service sees that this is the first time when the user called the service
and sends back an exception "here is the license agreement, please agree to
it"
3)
The user agrees with the disclaimer
4)
The next time when the user calls the service, the service will know that the
user already agreed with the disclaimer and will not be asked to do this
again.
The
problem is that the services already have well known and defined interfaces
that do not include a session parameter in the call. I have to follow a
standard, that specifiyes what I have to put in the SOAP
body.
This
is why, I would need to specify this information in an "indirect" way. The
only way that I can think of, is put this information somewhere in the SOAP
header. And here comes the question: is there already some standard way of
doing this? Are there any mechanisms in the maze of WS-* standards for this?
Is there a correspondent to cookies in Web Services?
Thankx,
Cristian
===========================================================
Dipl.
Ing. Cristian OPINCARU
University of Federal Armed Forces, Munich - Faculty
of Informatics
Werner-Heisenberg-Weg 39, D-85577, Neubiberg,
Germany
Building 41 / Room 0224
Tel :
+49-89-6004.2279
Fax : +49-89-6004.3898
E-mail:
[EMAIL PROTECTED]
Web : http://inf3-www.informatik.unibw-muenchen.de/~opincaru
Hi Cristian,
I meant something more akin to Duncan's idea than a pure session
object
Thus:
* the client side talks to the server
* the server creates an object with an ID and then passes the ID back
to the client
* the session IDF value is then used to identify which java object it
is talking to.
Can you give us more detail about the type of sessiuon you mean.
For example one of my projects required a session, however it was
sufficient to store the logon/password on the client side and pass this
continually on each soap call, this assumed a session but in
reality, each toime an action occured a system login occured
first.
As an example
1) login to system
client side inputs name and pin
2) check account balance
login to system ( again)
return balance
3) pay amount - specify amount
login to system ( again)
return success/failure
etc etc
Not sure if this was best practice however.
Opinions?
Jon
[EMAIL PROTECTED] wrote:
I
have just had to implement a similar system. I don't know if this
will
help but it may give you some ideas.
when a client sends it's
first (ie log-in) message to the server, the
server creates a basic
session object - just a simple java object - and
stores it in a hash
with a unique id. this id is then passed back to the
client as part of
the response message. on subsequent requests the client
then sends the
session id as an extra parameter along side the message
itself. the
server then retrieves the session object from the hash using
the unique
id and performs the necessary checks etc.
this is totally non-SOAP
specific but it uses the SOAP protocol to send the
id as an extra
parameter along side your message - just ensure you have
the
appropriate methods exposed in however you implement your web
service. we
also run our web service in IBM WebSphere App Server, so
it's easy for us
to manage these session
objects.
Duncan
Cristian Opincaru
[EMAIL PROTECTED]> To
[email protected]
04/07/2005 21:05 cc
Subject
Please respond to Re: Sessions with SOAP: Any ideas?
[EMAIL PROTECTED]
he.org
Thanks Johnathan. But HTTP cookies
only solve a small part of the
problem. If I use
SOAP-over-someotherprotocol or if I have
intermediaries, the HTTP
cookies will be lost.
Are there any alternatives to cookies? Is
there some SOAP specific way
of implementing cookies?
I read
today about WS-Addressing and WS-Context but these
specification seem
not to be ready (at least WS-Context is still a
draft version, while
WS-Addressing is in submission at the W3C) and on
the other hand they
seem to make things quite
complicated.
Thankx,
Cristian
> On 7/4/05, Jonathan
Roberts <[EMAIL PROTECTED]>wrote:
> > Hi.
>
>
> > You need to use a session token that you pass back and
fore between the
> > client and the server.
> >
>
> however soap actually aids this but inbuild functionality:
>
>
> >
http://ws.apache.org/soap/faq/faq_chawke.html#Q5_2
> >
>
> http://ws.apache.org/soap/docs/guide/migration.html
>
>
> >
> > J
> >
> >
>
>
> >
> > Cristian OPINCARU
<[EMAIL PROTECTED]>
> > wrote:
> > Hi
all,
> >
> > I have the following problem: I want to
have implement a session
between a
> > SOAP client and a SOAP
server (something like cookies for example,
every
> > time a
client makes a request, it always sends a Session ID with his
> >
request).
> >
> > The problem is that SOAP (like HTTP)
is a stateless protocol, that is,
by
> > default there is no
mechanism embedded for session management.
> >
> > Does
anyone know how I can implement sessions in SOAP? Is there any
>
> specification that addresses this issue?
> >
> >
Thankx!
> >
> >
===========================================================
> >
Dipl. Ing. Cristian OPINCARU
> > University of Federal Armed
Forces, Munich - Faculty of Informatics
> >
> >
Werner-Heisenberg-Weg 39, D-85577, Neubiberg, Germany
> >
Building 41 / Room 0224
> >
> > Tel :
+49-89-6004.2279
> > Fax : +49-89-6004.3898
> > E-mail:
[EMAIL PROTECTED]
> > Web :
> >
http://inf3-www.informatik.unibw-muenchen.de/~opincaru
>
>
> >
> >
> >
________________________________
> > Yahoo! Messenger NEW -
crystal clear PC to PC calling worldwide with
> >
voicemail
> >
> >
>
How much free photo storage do you get? Store your
holiday snaps for FREE with Yahoo! Photos. Get
Yahoo! Photos
