Creating session state without http or ejb

[iksrazal]

Hi all,

I want to duplicate a feature I used in an ejb-based web service, in an
non-ejb tomcat-based web service. I want to allow a user to login via a
web service, on successful authentication return a session id String,
and on future call pass in the session id:

public ReturnWeb_Login web_Login(
String user_name,
String user_password) throws RemoteException {

soap_session_id = serviceLocator.getSoapSession_Id(soapSession);
if (athenticate(user_name,user_password)) {
return new ReturnWeb_Login (soap_session_id, user_name);
}
}

The idea here is that soap_session_id is generated from a Stateful
Session bean, and times out. Once logged in, subsequent calls are like:

public ReturnWeb_Base doSomething(
String soap_session_id) throws RemoteException {

//check authorization
SoapSession soapSession = checkAuthorization(soap_session_id);
if(soapSession!=null) {
//do something
}
}

The above works without messing around with the internal servlet the
web service uses, axis in this case.

My question is simple, though the answer may be difficult: How can I
create a session id that times out, independent of http or ejb ?

iksrazal

 

[Chris Smith]

The above works without messing around with the internal servlet the
web service uses, axis in this case.

My question is simple, though the answer may be difficult: How can I
create a session id that times out, independent of http or ejb ?

You absolutely can't create a session without HTTP. I doubt that your
code in your EJB container would have worked outside of HTTP as a
transport protocol, and you can't write the code yourself in Tomcat/Axis
without referencing the classes HttpServletRequest and HttpSession.

You'll also need to use one Axis-specific class, namely MessageContext.
This will be used to get the HttpServletRequest in the first place.

--
www.designacourse.com
The Easiest Way To Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation