File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Services and the fly likes does a web-service have a state? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "does a web-service have a state?" Watch "does a web-service have a state?" New topic

does a web-service have a state?

Miki Muzsi
Ranch Hand

Joined: Jun 23, 2003
Posts: 120
Does a web service maintain a state?
For e.g. would it be possible to implement a sort of login(username, password) method (of the service), that should always be called before calling any other service methods, and based on the username, to restrict the access to some of the service methods?

Miki<br /> <br />SCJP 1.4, SCBCD 1.3
Stan James
(instanceof Sidekick)
Ranch Hand

Joined: Jan 29, 2003
Posts: 8791
A remote system like a web service can hold state on behalf of a client. But because the HTTP protocol is connectionless the server can't automatically tell when the same client calls twice and when it should use some saved state. It's common for the client to identify itself with a unique token, and for the server to pull some saved state out of storage using the token as key. If this makes you think of HashTables or maybe even database tables, those will work.
There's a downside, naturally. Anything the server holds for you takes up memory or storage and time and effort of some kind to save and retrieve. This adds up with zillions of users. And if there are multiple servers behind a load balancer you need some way to guarantee you hit the same server or some way for servers to share state. It gets tricky in a hurry.
Ordinary web servers do exactly this kind of thing with Session objects of one kind or another. Your web service can use Session if it meets your requirements. Fancy servers like EJB stateful session beans do this in much more robust ways.
For a simple flag like "has this client been authenticated" you can force the client to keep the state. Web servers send out cookies that the client sends back. With web services, your authentication service might return a token and require the client to send it along with subsequent calls. I think it's more common for web services to authenticate every call, tho.

A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
I agree. Here's the link:
subject: does a web-service have a state?
It's not a secret anymore!