PDA

View Full Version : Getting HttpSession when using HttpInvokerServiceExport


leifabak
Jan 12th, 2005, 10:06 AM
Hi,

When using HttpInvokerServiceExporter to expose a java interface as a remote service is it possible to get hold of the HttpSession objects on the server in a simple manner?
I need the HttpSession from my "service object" for authentication purposes.

My web.xml is looks like this:


<servlet>
<servlet-name>remote</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>remote</servlet-name>
<url-pattern>/remote/*</url-pattern>
</servlet-mapping>

<listener>
<listener-class>org.springframework.web.context.ContextLoaderListe ner</listener-class>
</listener>


Thanks
LA
tentacle
Jan 12th, 2005, 12:52 PM
When using HttpInvokerServiceExporter to expose a java interface as a remote service is it possible to get hold of the HttpSession objects on the server in a simple manner?
I need the HttpSession from my "service object" for authentication purposes.


When doing authentication it's probably more interesting to add attributes to the RemoteInvocation instance on the client and check those attributes on the server.
leifabak
Jan 12th, 2005, 01:12 PM
When using HttpInvokerServiceExporter to expose a java interface as a remote service is it possible to get hold of the HttpSession objects on the server in a simple manner?
I need the HttpSession from my "service object" for authentication purposes.


When doing authentication it's probably more interesting to add attributes to the RemoteInvocation instance on the client and check those attributes on the server.

My use case is this:

The user is already authenticated in a portal environment against an ldap database when accessing the JWS application who uses the HttpInvoker. I'm trying not to force the user to log in once more, by checking his logon against the current HttpSession object.

Thanks
LA
Dan Washusen
Feb 20th, 2005, 04:39 PM
You can access the HttpSession indirectly... When you specify your serviceUrl simply append the session id:
http://localhost:8080/path/to/service;jsessionid=E959A54152FC081C1D85D9502BF33F0 8

This works great if your remoting is happening in an applet because you can just specify the session id as a param. As far as the server is concerned your applets remote service invocations happen in the same session as the instantiating browser.

Note: I've only tested this on Tomcat.