Hi all, I have a client - server application which uses cxf DOSGi [1]. Now I want to authenticate the clients from the server and create a session for the client. The client will have a cookie which is used to access the service once authenticated. I would like to know what is the best way for the server to access the HTTP session and the best way to store a cookie at the client end once authenticated.
I was thinking of making a custom Session object at application level once authenticated and send a Cookie object to the client. So when the client accesses the service methods, it will pass the cookie as an argument. The client will be validated in every service method. But I dont think this is the best way to handle this since every service method must have a separate argument to pass the Cookie. I came across this when I was googling [2]. Is it possible to get "WebServiceContext" in the service in DOSGi? Even if I get it, how would I store the cookie at client end and make sure the client sends the cookie in every subsequent web service call? Also, how would I secure the communication channel with WS - Security? [1] http://cxf.apache.org/distributed-osgi-greeter-demo-walkthrough.html [2] http://stackoverflow.com/questions/8036827/how-can-i-manage-users-sessions-when-i-use-web-services Any help is highly appreciated. Thanks a lot in advance, PJ
