使用Apache CXF DOSGi进行身份验证和会话管理
[英]Authentication and Session management with Apache CXF DOSGi
问题描述
I have a client - server application which uses cxf DOSGi [1]. 
我有一个使用cxf DOSGi [1]的客户端-服务器应用程序。 Now I want to authenticate the clients from the server and create a session for the client. 现在,我想从服务器验证客户端并为客户端创建会话。 The client will have a cookie which is used to access the service once authenticated. 客户端将具有一个cookie,该cookie一旦通过身份验证即可用于访问服务。 I would like to know what is the best way for the server to access the HTTP session and the best way to store a cookie at the client end once authenticated. 我想知道什么是服务器访问HTTP会话的最佳方法,以及经过身份验证后在客户端存储cookie的最佳方法。
I was thinking of making a custom Session object at application level once authenticated and send a Cookie object to the client. 我正在考虑在通过身份验证后在应用程序级别创建自定义Session对象,并将Cookie对象发送给客户端。 So when the client accesses the service methods, it will pass the cookie as an argument. 因此,当客户端访问服务方法时,它将把cookie作为参数传递。 The client will be validated in every service method. 客户端将通过每种服务方法进行验证。 But I dont think this is the best way to handle this since every service method must have a separate argument to pass the Cookie. 但是我认为这不是处理此问题的最佳方法,因为每个服务方法都必须有一个单独的参数来传递Cookie。
I came across this when I was googling [2]. 我在谷歌搜索时遇到了这个问题[2]。 Is it possible to get "WebServiceContext" in the service in DOSGi? 是否可以在DOSGi中的服务中获取“ WebServiceContext”? Even if I get it, how would I store the cookie at client end and make sure the client sends the cookie in every subsequent web service call? 即使得到它,我如何在客户端存储cookie并确保客户机在随后的每个Web服务调用中都发送cookie?
[1] http://cxf.apache.org/distributed-osgi-greeter-demo-walkthrough.html [1] http://cxf.apache.org/distributed-osgi-greeter-demo-walkthrough.html
[2] How can I manage users' sessions when I use web services? [2] 使用Web服务时如何管理用户的会话?
Any help is highly appreciated. 非常感谢您的帮助。 Thanks. 谢谢。
1 个解决方案
解决方案1
1 已采纳 2013-06-23 19:03:07
You can use a custom intent to control authentication. 您可以使用自定义意图来控制身份验证。 Basically an intent is a CXF feature that is applied to the webservice by DOSGi. 基本上,意图是一种由DOSGi应用于Web服务的CXF功能。 You create the feature in a separate bundle and then publish it with a special property for its name: See the DOSGi reference guide . 您可以在单独的捆绑软件中创建功能,然后使用其特殊名称发布该功能:请参阅《 DOSGi参考指南》 。
In a project we created a feature that read a threadlocal containing the authentication context and used the credentials stored there to populate the CXF authentication. 在一个项目中,我们创建了一个功能,该功能读取包含身份验证上下文的threadlocal并使用存储在其中的凭据填充CXF身份验证。 So you just have to store the credentials once into the threadlocal at the start of you application and all calls work. 因此,您只需要在应用程序启动时将凭据一次存储到threadlocal中,所有调用就可以进行。
Currently there is no simple documenation or example for this case but I plan to create it in the near future as authentication is a common problem. 当前没有这种情况的简单文档或示例,但是我计划在不久的将来创建它,因为身份验证是一个常见问题。 I plan to use shiro as an authentication framework and write a generic adapter for CXF. 我计划将shiro用作身份验证框架,并为CXF编写通用适配器。 I will add a comment or another answer as soon as I got it ready. 准备好后,我会立即添加评论或其他答案。 In the meantime you can try to do the same yourself. 同时,您可以尝试自己做同样的事情。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.