在REST Web服务中维护会话 [英] maintaining session in REST web service

问题描述

我有一个COTS应用程序（PLM应用程序），该应用程序提供了很少的SOAP API进行访问。由于此SOAP API非常复杂，因此我们正在开发易于使用的REST包装器服务。在我的COTS应用程序中调用任何API之前，需要先调用身份验证API。在我的REST包装Web服务中，我有一个登录资源，该资源调用COTS SOAP登录API。为了使API用户的事情变得简单，我将登录的用户详细信息存储在用户会话中。在所有其他REST资源中，我检索会话并检查会话是否具有用户详细信息。如果是，我继续并调用SOAP API。如果没有，我将返回正确的HTTP状态代码。我将Apache CXF用于服务和客户端。我授权API用户像这样在客户端中维护会话

I have a COTS application(PLM application) which has provided few SOAP APIs to access. Since this SOAP API is highly complex, we are developing a easy to use REST wrapper service. Before invoking any API in my COTS application, authentication API needs to be invoked. In my REST wrapper web service, I have a login resource which invokes COTS SOAP login API. To keep things simple for my API users, I store the logged in user details in user session. In every other REST resoruces, I retrieve the session and check whether session has user details. If yes, I proceed and invoke the SOAP API. if not, I return proper HTTP status code. I use Apache CXF for service and client. I mandate my APIusers to maintain the session in the client like this

WebClient.getConfig（client）.getRequestContext（）。put（Message.MAINTAIN_SESSION，
布尔值。真正）;

WebClient.getConfig(client).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);

在每个REST教程中，它都说REST是无状态的。我怀疑我在做什么是否符合REST标准。请提出建议。谢谢

In every REST tutorials, it said REST is stateless. I am doubtful whether what I am doing is correct as per REST standards. Please suggest. Thanks

推荐答案

client.getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE)

此代码使cookie仅在该特定客户端中维护。
如果希望这些cookie在其他客户端中可用，则需要对其进行编程。
如果第二个客户端收到了其他cookie，而您又希望第一个客户端也可以使用这些cookie，那怎么可能？

This code causes cookies to be maintained in that specific client only. If you want those cookies be available in another client, it needs to be programmed. And if the second client receives additional cookies and you want those cookies available in the first client too, how is that possible?

我需要类似root的东西维护所有子客户端的cookie的客户端。所有cookie必须在所有客户端之间共享。就像所有客户端的共享cookie存储库一样。有人知道如何实现这一目标吗？

I need something like a root client that maintains cookies of all sub clients. All cookies must be shared among all clients. Like a shared cookie repository for all clients. Does anyone know how to achieve this?

这篇关于在REST Web服务中维护会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！