Announcement Announcement Module
Collapse
No announcement yet.
Getting HttpSession when using HttpInvokerServiceExport Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Getting HttpSession when using HttpInvokerServiceExport

    Hi,

    When using HttpInvokerServiceExporter to expose a java interface as a remote service is it possible to get hold of the HttpSession objects on the server in a simple manner?
    I need the HttpSession from my "service object" for authentication purposes.

    My web.xml is looks like this:

    Code:
    <servlet> 
          <servlet-name>remote</servlet-name> 
          <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
          <load-on-startup>1</load-on-startup> 
       </servlet>
       
       <servlet-mapping> 
          <servlet-name>remote</servlet-name> 
          <url-pattern>/remote/*</url-pattern> 
       </servlet-mapping>    
        
        <listener>
    		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    	</listener>
    Thanks
    LA

  • #2
    When using HttpInvokerServiceExporter to expose a java interface as a remote service is it possible to get hold of the HttpSession objects on the server in a simple manner?
    I need the HttpSession from my "service object" for authentication purposes.
    When doing authentication it's probably more interesting to add attributes to the RemoteInvocation instance on the client and check those attributes on the server.

    Comment


    • #3
      Originally posted by tentacle
      When using HttpInvokerServiceExporter to expose a java interface as a remote service is it possible to get hold of the HttpSession objects on the server in a simple manner?
      I need the HttpSession from my "service object" for authentication purposes.
      When doing authentication it's probably more interesting to add attributes to the RemoteInvocation instance on the client and check those attributes on the server.
      My use case is this:

      The user is already authenticated in a portal environment against an ldap database when accessing the JWS application who uses the HttpInvoker. I'm trying not to force the user to log in once more, by checking his logon against the current HttpSession object.

      Thanks
      LA

      Comment


      • #4
        You can access the HttpSession indirectly... When you specify your serviceUrl simply append the session id:
        http://localhost:8080/path/to/servic...85D9502BF33F08

        This works great if your remoting is happening in an applet because you can just specify the session id as a param. As far as the server is concerned your applets remote service invocations happen in the same session as the instantiating browser.

        Note: I've only tested this on Tomcat.

        Comment

        Working...
        X