File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Services and the fly likes Please improve my code/approach. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "Please improve my code/approach." Watch "Please improve my code/approach." New topic

Please improve my code/approach.

Gupta Tarun

Joined: Sep 16, 2010
Posts: 22

My Requirements are :

  • We want to implement a simple userId password based authentication mechanism for our web services that are exposed to other web applications inside internal network. Right now I am not worried about SSL encryption etc.
  • We want the "authenticated" client state to be persisted (Client Web application should persist state in HTTP session) so that every time we make service calls, userid password is not passed as HTTPheader or SOAP header.
  • Caller User identity should be available at server side for permissions checks in simplest possible ways.
  • Using standard techniques, which works in a clustered server and clustered client environment.
  • Development Team is new to Web Services especially Axis2, so we do not want to introduce complex technologies at this stage (WSSecurity we find, is not so simple to understand and use please correct me if I am wrong).

  • I implemented a POC using Stateful Axis2 Web Services and a standalone client program based on a Previous Post

    Here is how the POC for Authentication looks like :

    There are 2 services which are added to a one group -
    Hello World Web Service has 2 operations authenticate and hello :

    Second Service which has one operation :

    sevice.xml looks like this :

    After Generating Stubs for both the services using Eclipse WTP - The Client Program looks like this :

    This example works fine. Please comment on following Queries :
  • I would like to have further suggestions on how to improve this code or my overall approach.
  • Apache Axis2 Article Clustering for Stateful Web Services says: "You may safely use services in "soapsession" scope provided you don't modify (or modify at all) state in ServiceGroupContext frequently." - Please let me know if there are some risks in using this approach in clustered environment where web services are hosted on a cluster (Jboss in this case).
  • As it can be seen from TestWSClient I am planning to store the client state by storing "ServiceClient sc" object in web application's HTTP session. This object is obtained from authentication service and then same is reused to call other services. As per my initial test this approach works fine but since this object is not Serializable I dont think I will be able to use it when the Web application runs on clustered environment. Please provide any suggestions regarding this.
  • Please highlight any other drawback of this approach.

  • Thanks for having patience in reading this long post.

    Tarun Gupta

    Gupta Tarun

    Joined: Sep 16, 2010
    Posts: 22

    Let me try to put my scenario in very few words :

    Using Axis2 Stateful Services what is the best way to store the client state inside the caller applications HTTP Session, Axis2 Engine and Web Application both are running on clustered environment.
    I agree. Here's the link:
    subject: Please improve my code/approach.
    It's not a secret anymore!