Hi
>>1) The user first calls a service
>>2) The service sees that this is the first time when the user called the service and sends >>back an exception "here is the license agreement, please agree to it"
>>3) The user agrees with the disclaimer
>>4) The next time when the user calls the service, the service will know that the user already >>agreed with the disclaimer and will not be asked to do this again.
With step 4 - this sounds less session like and more like the need to store a flag against that user on the server side like in a database or LDAP! A little like recording the facts that they have accepted TCs.
You could create a facade bean on the server side that talks the existing interface but also talks to a database to check if the disclaimer has been set.
Jonathan
Cristian OPINCARU <[EMAIL PROTECTED]> wrote:
Hi Martin,Well I'm not trying to implement Financial Transactions, I just want to implement a disclaimer that says "This service is provided for free. Use it at your own risk". That's why I also don't need users to be registered/authenticated.The only requierement that I have is that once a user accepted the disclaimer he should not be bothered again with it. In HTTP application one would set for example a cookie in the browser that says "disclaimerAgreed=true".===========================================================
Dipl. Ing. Cristian OPINCARU
University of Federal Armed Forces, Munich - Faculty of Informatics
Werner-Heisenberg-Weg 39, D-85577, Neubiberg, Germany
Building 41 / Room 0224
Tel : +49-89-6004.2279
Fax : +49-89-6004.3898
E-mail: [EMAIL PROTECTED]
Web : http://inf3-www.informatik.unibw-muenchen.de/~opincaru-----Original Message-----
From: Martin Gainty [mailto:[EMAIL PROTECTED]
Sent: Dienstag, 5. Juli 2005 12:16
To: [email protected]
Subject: Re: Sessions with SOAP: Any ideas?Cristian-
Most developers implementing Financial Transactions (Credit Cards etc) use SOAP over HTTPS
Have you looked at SOAP over HTTPS?
http://www.oracle.com/technology/oramag/oracle/02-jul/o42special_web.html
Martin------ Original Message -----From: Cristian OPINCARUSent: Tuesday, July 05, 2005 6:05 AMSubject: RE: Sessions with SOAP: Any ideas?Hi,Thankx for your replys. This works good for services that have named users, because the username can be used as a SessionID, and one can use WS-Security to encode this in the SOAP header. But in my case, I would like to do such thing for an annonymous user.What I'm trying to do, is implement a disclaimer in a SOAP service for annonymous users. The workflow is as follows:1) The user first calls a service2) The service sees that this is the first time when the user called the service and sends back an exception "here is the license agreement, please agree to it"3) The user agrees with the disclaimer4) The next time when the user calls the service, the service will know that the user already agreed with the disclaimer and will not be asked to do this again.The problem is that the services already have well known and defined interfaces that do not include a session parameter in the call. I have to follow a standard, that specifiyes what I have to put in the SOAP body.This is why, I would need to specify this information in an "indirect" way. The only way that I can think of, is put this information somewhere in the SOAP header. And here comes the question: is there already some standard way of doing this? Are there any mechanisms in the maze of WS-* standards for this? Is there a correspondent to cookies in Web Services?Thankx,Cristian===========================================================
Dipl. Ing. Cristian OPINCARU
University of Federal Armed Forces, Munich - Faculty of Informatics
Werner-Heisenberg-Weg 39, D-85577, Neubiberg, Germany
Building 41 / Room 0224
Tel : +49-89-6004.2279
Fax : +49-89-6004.3898
E-mail: [EMAIL PROTECTED]
Web : http://inf3-www.informatik.unibw-muenchen.de/~opincaru-----Original Message-----
From: Jonathan Roberts [mailto:[EMAIL PROTECTED]
Sent: Dienstag, 5. Juli 2005 10:47
To: [email protected]
Subject: Re: Sessions with SOAP: Any ideas?Hi Cristian,I meant something more akin to Duncan's idea than a pure session objectThus:* the client side talks to the server* the server creates an object with an ID and then passes the ID back to the client* the session IDF value is then used to identify which java object it is talking to.Can you give us more detail about the type of sessiuon you mean.For example one of my projects required a session, however it was sufficient to store the logon/password on the client side and pass this continually on each soap call, this assumed a session but in reality, each toime an action occured a system login occured first.As an example1) login to systemclient side inputs name and pin2) check account balancelogin to system ( again)return balance3) pay amount - specify amountlogin to system ( again)return success/failureetc etcNot sure if this was best practice however.Opinions?Jon
[EMAIL PROTECTED] wrote:I have just had to implement a similar system. I don't know if this will
help but it may give you some ideas.
when a client sends it's first (ie log-in) message to the server, the
server creates a basic session object - just a simple java object - and
stores it in a hash with a unique id. this id is then passed back to the
client as part of the response message. on subsequent requests the client
then sends the session id as an extra parameter along side the message
itself. the server then retrieves the session object from the hash using
the unique id and performs the necessary checks etc.
this is totally non-SOAP specific but it uses the SOAP protocol to send the
id as an extra parameter along side your message - just ensure you have the
appropriate methods exposed in however you implement your web service. we
also run our web service in IBM WebSphere App Server, so it's easy for us
to manage these session objects.
Duncan
Cristian Opincaru[EMAIL PROTECTED]> To
[email protected]
04/07/2005 21:05 cc
Subject
Please respond to Re: Sessions with SOAP: Any ideas?
[EMAIL PROTECTED]
he.org
Thanks Johnathan. But HTTP cookies only solve a small part of the
problem. If I use SOAP-over-someotherprotocol or if I have
intermediaries, the HTTP cookies will be lost.
Are there any alternatives to cookies? Is there some SOAP specific way
of implementing cookies?
I read today about WS-Addressing and WS-Context but these
specification seem not to be ready (at least WS-Context is still a
draft version, while WS-Addressing is in submission at the W3C) and on
the other hand they seem to make things quite complicated.
Thankx,
Cristian
> On 7/4/05, Jonathan Roberts <[EMAIL PROTECTED]>wrote:
> > Hi.
> >
> > You need to use a session token that you pass back and fore between the
> > client and the server.
> >
> > however soap actually aids this but inbuild functionality:
> >
> > http://ws.apache.org/soap/faq/faq_chawke.html#Q5_2
> >
> > http://ws.apache.org/soap/docs/guide/migration.html
> >
> >
> > J
> >
> >
> >
> >
> > Cristian OPINCARU <[EMAIL PROTECTED]>
> > wrote:
> > Hi all,
> >
> > I have the following problem: I want to have implement a session
between a
> > SOAP client and a SOAP server (something like cookies for example,
every
> > time a client makes a request, it always sends a Session ID with his
> > request).
> >
> > The problem is that SOAP (like HTTP) is a stateless protocol, that is,
by
> > default there is no mechanism embedded for session management.
> >
> > Does anyone know how I can implement sessions in SOAP? Is there any
> > specification that addresses this issue?
> >
> > Thankx!
> >
> > ===========================================================
> > Dipl. Ing. Cristian OPINCARU
> > University of Federal Armed Forces, Munich - Faculty of Informatics
> >
> > Werner-Heisenberg-Weg 39, D-85577, Neubiberg, Germany
> > Building 41 / Room 0224
> >
> > Tel : +49-89-6004.2279
> > Fax : +49-89-6004.3898
> > E-mail: [EMAIL PROTECTED]
> > Web :
> > http://inf3-www.informatik.unibw-muenchen.de/~opincaru
> >
> >
> >
> > ________________________________
> > Yahoo! Messenger NEW - crystal clear PC to PC calling worldwide with
> > voicemail
> >
> >
>
How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos. Get Yahoo! Photos
Yahoo! Messenger NEW - crystal clear PC to PC calling worldwide with voicemail
