I am trying to set up a session management over a simple login service I have written using JAX-RS. The code might not look good:
@Path("/login")
public class Login {
@GET
@Path("/{id}/{pass}")
@Produces(MediaType.APPLICATION_JSON)
public HashMap<String, Boolean> isUserValid(@PathParam("id") String id, @PathParam("pass") String pass) {
// retrieve user map from database
DatabaseController db = new DatabaseController();
HashMap<String, Boolean> validation = new HashMap<String, Boolean>();
validation.put("isValid", false);
for (Map.Entry<String, String> user : db.user().entrySet()) {
if ( id.equals(user.getKey()) && pass.equals(user.getValue())) {
validation.put("isValid", true);
}
}
return validation;
}
Does someone know how I can set up a session management on this service.
其余的Web服务本应是无状态的,如果您想让Statefull服务使用Soap,则周围会有肮脏的骇客,但它并不安全,请使用身份验证令牌以及其余的所有请求,并将客户端状态(例如浏览器,ip等)保留在其中。数据库和令牌,以便您知道客户端的更改或任何攻击。
By default every webservice should be stateless. It's not the best idea to use webservices in a session-based way. Sometimes there is a need for this but keep in mind that the key idea of webservices is the orchestration of services which contradicts with sessions. (See " Perspectives on Web Services " by Zimmermann).
If there is no other way to accomplish your target, see this .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.