Getting HttpSession when using HttpInvokerServiceExport

**leifabak** · Jan 12th, 2005, 10:06 AM

Hi,

When using HttpInvokerServiceExporter to expose a java interface as a remote service is it possible to get hold of the HttpSession objects on the server in a simple manner?
I need the HttpSession from my "service object" for authentication purposes.

My web.xml is looks like this:

Code:

<servlet> 
      <servlet-name>remote</servlet-name> 
      <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
      <load-on-startup>1</load-on-startup> 
   </servlet>
   
   <servlet-mapping> 
      <servlet-name>remote</servlet-name> 
      <url-pattern>/remote/*</url-pattern> 
   </servlet-mapping>    
    
    <listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>

Thanks
LA

**tentacle** · Jan 12th, 2005, 12:52 PM

When using HttpInvokerServiceExporter to expose a java interface as a remote service is it possible to get hold of the HttpSession objects on the server in a simple manner?
I need the HttpSession from my "service object" for authentication purposes.

When doing authentication it's probably more interesting to add attributes to the RemoteInvocation instance on the client and check those attributes on the server.

**leifabak** · Jan 12th, 2005, 01:12 PM

Originally Posted by tentacle

When using HttpInvokerServiceExporter to expose a java interface as a remote service is it possible to get hold of the HttpSession objects on the server in a simple manner?
I need the HttpSession from my "service object" for authentication purposes.

When doing authentication it's probably more interesting to add attributes to the RemoteInvocation instance on the client and check those attributes on the server.

My use case is this:

The user is already authenticated in a portal environment against an ldap database when accessing the JWS application who uses the HttpInvoker. I'm trying not to force the user to log in once more, by checking his logon against the current HttpSession object.

Thanks
LA

**Dan Washusen** · Feb 20th, 2005, 04:39 PM

You can access the HttpSession indirectly... When you specify your serviceUrl simply append the session id:
http://localhost:8080/path/to/servic...D9502BF33F0 8

This works great if your remoting is happening in an applet because you can just specify the session id as a param. As far as the server is concerned your applets remote service invocations happen in the same session as the instantiating browser.

Note: I've only tested this on Tomcat.

Thread: Getting HttpSession when using HttpInvokerServiceExport

Thread Tools

Display

Getting HttpSession when using HttpInvokerServiceExport

Similar Threads

HttpSession handling

Custom HttpSession implementations

Problem: SecureContextImpl reused in subsequent session

Losing objects stored in HttpSession at end of flow

Keeping detached instances in Httpsession or not?

Posting Permissions