[英]How can I manage users' sessions when I use web services?
In case if user works with web application via web browser, the user's session is managed by application server. 如果用户通过Web浏览器使用Web应用程序,则用户的会话由应用程序服务器管理。 It takes care of sessions creation, validation, timeouts, disposings, etc. 它负责会话创建,验证,超时,处理等。
And as far as I know there is no such mechanisms in the other case, if user works with app via remote client and uses SOAP web services. 据我所知,在其他情况下没有这样的机制,如果用户通过远程客户端使用app并使用SOAP Web服务。
So the question is, how can we manage users' sessions in case of web services and implement the same mechanisms of session management such as invalidation, prolongation, disposing? 所以问题是,我们如何在Web服务的情况下管理用户的会话,并实现相同的会话管理机制,如失效,延长,处置?
Assuming you use JAX-WS and SOAP/HTTP it is possible to work with container managed security (and eg session cookies) as well. 假设您使用JAX-WS和SOAP / HTTP,则可以使用容器管理的安全性(例如会话cookie)。 You just have to inject WebServiceContext in your service. 您只需要在服务中注入WebServiceContext 。 It allows access to all HTTP environment variables: 它允许访问所有HTTP环境变量:
@Resource
WebServiceContext wsContext;
A detailed example is available here . 这里有一个详细的例子。 Of course, your clients must support this as well (if they are JAX-WS based it works). 当然,您的客户也必须支持这一点(如果它们是基于JAX-WS的,它可以工作)。 Nevertheless, a rule of thumb is that web services should not maintain any state at all, they should behave stateless. 然而,经验法则是Web服务根本不应该保持任何状态,它们应该表现为无状态。 See this on SO . 在SO上看到这个 。
Edit: You can access the ServletRequest by: 编辑:您可以通过以下方式访问ServletRequest:
@WebMethod
public void foo() {
final MessageContext mc = this.wsContext.getMessageContext();
final ServletRequest sr = mc.get(MessageContext.SERVLET_REQUEST);
/* works if this is a HTTP(s) request */
if (sr != null && sr instanceof HttpServletRequest) {
final HttpServletRequest hsr = (HttpServletRequest) sr;
hsr.getSession(true);
/* ... */
} else {
/* do some exceptional stuff */
}
}
The session created above should behave in exactly the same way as a 'standard' web session. 上面创建的会话应该与“标准”Web会话完全相同。 You must make sure that your clients understand that as well. 您必须确保您的客户也理解这一点。 They have to submit the session identifier (cookie) on each subsequent call. 他们必须在每次后续调用时提交会话标识符(cookie)。
I think you are talking about how to maintain web-services session(state-full web-services). 我想你正在讨论如何维护网络服务会话(状态完整的网络服务)。
In this case following link can help you: 在这种情况下,以下链接可以帮助您:
https://blogs.oracle.com/sujit/entry/ws_addressing_and_stateful_webservice https://blogs.oracle.com/sujit/entry/ws_addressing_and_stateful_webservice
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.