Your approach is "close". If you stored it on the exchange
(message.getExchange()) and retrieved it from there, that would be available
on the out.
You MAY be able to do this just on the out:
message.getExchange().getInMessage().get("HTTP.REQUEST");
Dan
On Mon March 30 2009 10:21:45 pm Morgan Rachell wrote:
> I'm having a problem where every client request on a web service
> endpoint logs in (using WS-Security), does some processing that
> completes quickly, but leaves their session active. I want to log them
> out and kill their HttpSession at the end of the process. The problem is
> that the session remains active afterwards - like a user who didn't
> logout. And I don't know how to get access to the session from the
> interceptor to manually invalidate it. I'm running on JBoss and using
> the web-console to monitor sessions for my web app, so it's easy to see
> that each new request creates one new session.
>
>
>
> Note that I'm using Spring security.
>
>
>
> One approach I tried was using an inInterceptor, I stored the session
> like this (bad idea, I know):
>
>
>
> HttpServletRequest res =
> (HttpServletRequest)message.get("HTTP.REQUEST");
>
> message.put("mysessionkey", res.getSession());
>
>
>
> ... and then I tried to get the session from the map in the
> outInterceptor:
>
>
>
> HttpSession s = (HttpSession)message.get("mysessionkey");
>
>
>
> ...but the map didn't contain my object. I guess it didn't carry over
> from the "in" phase to the "out" phase.
>
>
>
> This approach isn't pretty and I'm sure there's a better way to get to
> the session.
>
>
> Thanks,
> Morgan
--
Daniel Kulp
dk...@apache.org
http://www.dankulp.com/blog
