How to secure Java webservices with login and session handling

Posted by hubertg on Stack Overflow See other posts from Stack Overflow or by hubertg
Published on 2010-03-31T07:38:31Z Indexed on 2010/03/31 7:43 UTC
Read the original article Hit count: 410

Filed under:

java

|

webservice

|

metro

|

java-ws

|

sessions

I'd like to secure my (Java metro) webservice with a login.

Here's how I'm planning to do that:

Steps required when calling a webservice method are:

call login(user,pwd), receive a session token 1.1 remember the token
call servicemethod (token, arg1, arg2...)
webservice checks if the token is known, if not throw exception otherwise proceed
logout or timeout after x time periods of inactivity

my questions: 1. what's your opinion on this approach? does it make sense? 2. are there any libraries which take the burden of writing a session handling (maybe with database persistence to survive app restarts)

(the solution should be simple and easily usable with Java and .NET clients)

thanks!

© Stack Overflow or respective owner

Related posts about java

Tomcat 6: Access Control Exception?

as seen on Server Fault - Search for 'Server Fault'
I'm trying to setup a tomcat6 server, and I'm trying to match another setup someone else established. However, my deployment (default Ubuntu install) uses a policy.d/ directory structure, and the established server just uses a catalina.policy file. I've tried setting every entry in policy.d to match… >>> More
Problem in creation MDB Queue connection at Jboss StartUp

as seen on Stack Overflow - Search for 'Stack Overflow'
I am not able to create a Queue connection in JBOSS4.2.3GA Version & Java1.5, as I am using MDB as per the below details. I am putting this MDB in a jar file(named utsJar.jar) and copied it in deploy folder of JBOSS, In the test env. this MDB works well but in another env. [ env settings and… >>> More
failing to establish connection between Postgres db and gwt

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am using Postgres and gwt 2.0 for one of my applications. I am facing problem connecting to the database. When I try to connect it gives "ClassNotFoundException". Here is what I get when I try to connect to database: java.lang.ClassNotFoundException: org.postgresql.Driver at java.net… >>> More
failing to establish connection between postgre db and gwt

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, For i am using postgre and gwt 2.0 for one of my applications. I am facing problem connecting to the database. When i try to connect it gives "ClassNotFoundException". Here is what i get when i try to connect to database: java.lang.ClassNotFoundException: org.postgresql.Driver at java.net… >>> More
Migration and deployement problems JBoss 4.2.2.GA to JBoss 6.0.0.M2

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm trying to migrate an application running on JBoss 4.2.2.GA to JBoss 6.0.0.M2 I give you some log to explain my problem : boot.log : 2010-03-16 09:59:29,406 ERROR [org.jboss.system.server.profileservice.ProfileServiceBootstrap] (Thread-2) Failed to load profile: Summary of incomplete deployments… >>> More

Related posts about webservice

Unable to call webservice from another webservice : NETBEANS

as seen on Stack Overflow - Search for 'Stack Overflow'
############## WEBSERVICE 1 (banking.java) package bank; import client.TestserviceService; import javax.jws.WebMethod; import javax.jws.WebService; import javax.xml.ws.WebServiceRef; @WebService() public class banking { @WebServiceRef(wsdlLocation = "WEB-INF/wsdl/localhost_23164/testwebservice/testserviceService… >>> More
[MAJ] Utilisation d'un Webservice simple en .NET - Exemple d'utilisation de WebService avec .NET

as seen on ASP-PHP.net - Search for 'ASP-PHP.net'
Mise en ligne de la version .NET 2.0 pour Visual Studio 2005 du controle. >>> More
URL Rewrite in IIS7 Web Service - WebService.asmx => WebService in the SOAP doc

as seen on Server Fault - Search for 'Server Fault'
I have an IIS7.5 (Server 2008 R2) based web service that I would like to make as independant on the current implementations technology as possible. I am using the URL rewrite module (http://learn.iis.net/page.aspx/734/url-rewrite-module/) to remove the .asmx portion of the URL and that is working… >>> More
how can I invoke a webservice from another webservice

as seen on Stack Overflow - Search for 'Stack Overflow'
I have two webservices A and B. A needs to invoke one of the webMethods in B. How can I achieve this? I am using maven's wsimport plugin to build A. This is to generate the necessary stubs for B and include them as part of the Webservice A. However, when I try to Invoke the webmethod o f B, I get… >>> More
URGENT : Consuming apachesoap:Map complex datatype in webservice using .net with webservice methods

as seen on Stack Overflow - Search for 'Stack Overflow'
web service methods written in java & a method return type is map how can i get value from map type? when i call getDetails then it return result properly but when i call getCit method it return a nothing in response because of map type. i .net there is no data type like map type Dim objweb… >>> More