i have an application build with Struts2 used for web layer and Spring (IoC,Transactions),Jpa2,Hibernate used for service layer.
Now i want to split this app into a core of services exposed via webservices, and a web client (in the far future we will also have a mobile client) that will access functionality from the core system. I was thinking in wrapping my service classes that i have now in some jax-ws endpoints.
Due the fact that when i designed the service layer i have applied some bad practices, like accessing Session from service layer, now i have some problems porting the app to the new desired format. I have used sessions in service layer mainly because i have implemented some aspects that log the crud activity in database and i had to knew which was the user performing these actions.
A simple solution would be to either perform these aspects on client, but i guess this is not so elegant (i think that ideally the client should be as thin as it can be), or when performing any CRUD operation to send along with the object to perform also the userId of the user, but this is even uglier then the first approach.
Any idea how can i overcome this? I have to mention that i can change the services part that is based on session if i find a alternative solution.
Regarding the auth problems i was thinking to use a auth token, and build some sort of session management in the core part.
So the client app will hit the login method on core and if auth is ok i will send back a token (using jax-ws handlers) that the client will send on every subsequent request.
What do you think of that? is there a better approach here ?