How to secure Java webservices with login and session handling

Posted by hubertg on Stack Overflow See other posts from Stack Overflow or by hubertg
Published on 2010-03-31T07:38:31Z Indexed on 2010/03/31 7:43 UTC
Read the original article Hit count: 416

Filed under:
|
|
|
|

I'd like to secure my (Java metro) webservice with a login.

Here's how I'm planning to do that:

Steps required when calling a webservice method are:

  1. call login(user,pwd), receive a session token 1.1 remember the token
  2. call servicemethod (token, arg1, arg2...)
  3. webservice checks if the token is known, if not throw exception otherwise proceed
  4. logout or timeout after x time periods of inactivity

my questions: 1. what's your opinion on this approach? does it make sense? 2. are there any libraries which take the burden of writing a session handling (maybe with database persistence to survive app restarts)

(the solution should be simple and easily usable with Java and .NET clients)

thanks!

© Stack Overflow or respective owner

Related posts about java

Related posts about webservice