JAXWS和会话 [英] JAXWS and sessions
问题描述
我很擅长编写Web服务。我正在使用JAXWS开发SOAP服务。我希望能够让用户登录并在我的服务中知道哪个用户正在发出命令。换句话说,有一些会话处理。
I'm fairly new to writing web services. I'm working on a SOAP service using JAXWS. I'd like to be able to have users log-in and in my service know which user is issuing a command. In other words, have some session handling.
我看到这样做的一种方法是使用cookie并从我的Web服务访问HTTP层。但是,这依赖于使用HTTP作为传输层(我知道HTTP几乎总是传输层,但我是纯粹的)。
One way I've seen to do this is to use cookies and access the HTTP layer from my web service. However, this puts a dependency on using HTTP as the transport layer (I'm aware HTTP is almost always the transport layer but I'm a purist).
是否存在一种更好的方法,使服务层不知道传输层?有没有办法用servlet过滤器完成这个?我希望答案尽可能与框架无关。
Is there a better approach which keeps the service layer unaware of the transport layer? Is there some way I can accomplish this with servlet filters? I'd like the answer to be as framework agnostic as possible.
推荐答案
我正在工作在使用JAXWS的SOAP服务上。我希望能够让用户登录并在我的服务中知道哪个用户正在发出命令。换句话说,有一些会话处理。
I'm working on a SOAP service using JAXWS. I'd like to be able to have users log-in and in my service know which user is issuing a command. In other words, have some session handling.
传统的Web服务本质上是无状态的,Web服务中没有会话处理(通过说与识别来电无关。
Conventional Web services are stateless in nature, there is no session handling in web services (which has by the say nothing to do with identifying the caller).
如果您想要要求您的用户通过身份验证来呼叫服务,传统方法是:
If you want to require your users to be authenticated to call a service, the traditional approach is to:
- 公开返回身份验证令牌的身份验证Web服务(传递用户凭据)。
- 让用户首先调用此身份验证。
- 让用户在后续业务Web服务调用中在自定义标头中传递令牌。
开服务器端:
- 拒绝任何不包含有效令牌的电话。
- 无效一段时间不活动后的令牌
您可以为此方法实施自定义解决方案(这是一种高度可互操作的解决方案)。或者您可以使用 WS-Security / UsernameTokens 提供类似的内容框。 WS-Security是一个标准(Metro实现它),它不是框架特定的。
You can implement a custom solution for this approach (this is a highly interoperable solution). Or you can use WS-Security/UsernameTokens that provides something similar out of the box. WS-Security is a standard (Metro implements it), it isn't "framework" specific.
这篇关于JAXWS和会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
