I'd like to write in JSF a simpler online banking webapplication in which you can transfer amount, check your balance, and modify your account details( address, reachability, name..). There's also a login page.
Each of these operations would invoke a webservice. I have already got the WSDLs,XSDs.
After you logged in you can choose these 3 operations.
e.g. If you click on "check your balance" link, it'll invoke CheckYourBalanceService, and a SOAP Request message will be sent to the endpoint with the accountID used for login in it. In the response message will be an accountee's balance belonging to the requested accountID and you'll get the CHECKyourBalance.jsp page.
Login method is also a webservice call.
How should I process the outgoing/incoming SOAP messages ? I've read about JAXB, StAx, DOM, but which is the optimal in my case? Any suggestion?
(I used to test the webservice invoking only with a simple SOAP message created as a string, then used Dispatch<Source> for the endpoint calling. I could write out the response as string, but neither validating nor processing the response XML.( It was just for testing the webservice endpoint (calling it from J2ee ))
Each operation has also a Stateless Session bean in which the webservice callings take place and (the XML processing would be, I think).
I've created the managed beans for each pages/operations so far.
And now the questions, if I may.
I'm a bit confused, because Stateless Session beans are for HTTP calls. Right?
So these managed beans calling the webservice with the inputText values will only use Request scope and the Login(ManagedBean) used for the login-and-password-value would be in SessionScope? If I see it in the right way?
why do i need to store the user and his/her stuffs, when this application "only" calls webservices ? Or should I use/ should I store users? How should I use JPA entities for storing the users in a database?
If I'm only working with the data of the response message or just sending the typed values to the webservices...
And a strict requirement: 2 users with the same login/pass in application at a time is forbidden
How can I work this 2 man in one place situation out?
Any help/suggestion appreciated!
Thanks for reading it!
Personally, I would consider the following solutions. This may not be the best solutions, due to limitations of my knowledge.
- Regarding calling web services and interpreting the result:
I would definitely use stubs etc. generated by wsimport or similar tool. This way I do not have to process any XML etc, since it is all taken care of. For an example on how to write web service clients that use generated stubs, please refer to the web service section of the tutorials at http://www.netbeans.org - Regarding authorization and authentication:
I would consider using Spring Security or some similar framework.
As far as I understand, this has the following advantages:
1. The framework of choice probably is tried and tested.
This hopefully means less bugs, more features, better documentation etc.
Additionally, if you need commercial support, this may also be available (at least it is with Spring Security, as far as I understand).
Spring Security also integrates with Spring WS-Security.
2. Code managing authorization and authentication do not have to be mixed with the business logic etc. This since, at least Spring Security, uses AOP and/or AOP-like functionality to interact with the application.
Finally, I have to say that I do not work for, nor am I affiliated in any way, with the creators of Spring Security.