How to secure Java webservices with login and session handling
Posted
by hubertg
on Stack Overflow
See other posts from Stack Overflow
or by hubertg
Published on 2010-03-31T07:38:31Z
Indexed on
2010/03/31
7:43 UTC
Read the original article
Hit count: 416
I'd like to secure my (Java metro) webservice with a login.
Here's how I'm planning to do that:
Steps required when calling a webservice method are:
- call login(user,pwd), receive a session token 1.1 remember the token
- call servicemethod (token, arg1, arg2...)
- webservice checks if the token is known, if not throw exception otherwise proceed
- logout or timeout after x time periods of inactivity
my questions: 1. what's your opinion on this approach? does it make sense? 2. are there any libraries which take the burden of writing a session handling (maybe with database persistence to survive app restarts)
(the solution should be simple and easily usable with Java and .NET clients)
thanks!
© Stack Overflow or respective owner