Mar 15th, 2012, 01:41 PM
Authenticate once and make multiple calls to services exported through HttpInvoker
I have the following scenario where an web application exposes a service (through HttpInvoker) and client applications consume this service. The client applications have to be authenticated first in order to use the exposed service and make calls.
An web application exposes the serviceA by using HttpInvoker.
<bean id="serviceA " class="..services.impl.serviceA" />
<bean name="serviceAExporter" class="org.springframework.remoting.httpinvoker.Ht tpInvokerServiceExporter">
<property name="service" ref="serviceA"/>
<property name="serviceInterface" value="...services.serviceA "/>
Also, the serviceA is using Spring Security:
<security:intercept-url pattern="/serviceA.service" access="ROLE_USER" />
<security:authentication-manager> users,password, authorities... </security:authentication-manager>
The client applications will invoke serviceA and methods of serviceA (e.g. serviceA.foo() ). In the beginning each client application will provide a username/password in order to authenticate.
SecurityContextImpl sc = new SecurityContextImpl();
Authentication auth = new UsernamePasswordAuthenticationToken(username,passw ord);
ServiceA serviceA = (...) applicationContext.getBean("ServiceAHttpInvoker");
In this case each call requires a new authentication check? Is it possible to authenticate once and all subsequent calls to skip the authentication? This means that once the client authenticates it will re-use somehow the session and we'll avoid the overhead of re-authentication for each call.
Tags for this Thread