Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Please improve my code/approach.

 
Gupta Tarun
Greenhorn
Posts: 22
Hibernate MyEclipse IDE Postgres Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My Requirements are :

  • We want to implement a simple userId password based authentication mechanism for our web services that are exposed to other web applications inside internal network. Right now I am not worried about SSL encryption etc.
  • We want the "authenticated" client state to be persisted (Client Web application should persist state in HTTP session) so that every time we make service calls, userid password is not passed as HTTPheader or SOAP header.
  • Caller User identity should be available at server side for permissions checks in simplest possible ways.
  • Using standard techniques, which works in a clustered server and clustered client environment.
  • Development Team is new to Web Services especially Axis2, so we do not want to introduce complex technologies at this stage (WSSecurity we find, is not so simple to understand and use please correct me if I am wrong).


  • I implemented a POC using Stateful Axis2 Web Services and a standalone client program based on a Previous Post

    Here is how the POC for Authentication looks like :

    There are 2 services which are added to a one group -
    Hello World Web Service has 2 operations authenticate and hello :



    Second Service which has one operation :


    sevice.xml looks like this :



    After Generating Stubs for both the services using Eclipse WTP - The Client Program looks like this :



    This example works fine. Please comment on following Queries :
  • I would like to have further suggestions on how to improve this code or my overall approach.
  • Apache Axis2 Article Clustering for Stateful Web Services says: "You may safely use services in "soapsession" scope provided you don't modify (or modify at all) state in ServiceGroupContext frequently." - Please let me know if there are some risks in using this approach in clustered environment where web services are hosted on a cluster (Jboss in this case).
  • As it can be seen from TestWSClient I am planning to store the client state by storing "ServiceClient sc" object in web application's HTTP session. This object is obtained from authentication service and then same is reused to call other services. As per my initial test this approach works fine but since this object is not Serializable I dont think I will be able to use it when the Web application runs on clustered environment. Please provide any suggestions regarding this.
  • Please highlight any other drawback of this approach.


  • Thanks for having patience in reading this long post.

    Regards,
    Tarun Gupta

     
    Gupta Tarun
    Greenhorn
    Posts: 22
    Hibernate MyEclipse IDE Postgres Database
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Okay,
    Let me try to put my scenario in very few words :

    Using Axis2 Stateful Services what is the best way to store the client state inside the caller applications HTTP Session, Axis2 Engine and Web Application both are running on clustered environment.
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic