axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Roder <mro...@wamnet.com>
Subject RE: How to get/pass header session information
Date Mon, 01 Oct 2001 17:11:51 GMT


I think the spec shows that a client should be allowed access to the header
information(see below).  Maybe it is not the full header, but a "soap header
block" that is passed in?  This would reduce exposure of a full header, but
also allow for a trasactionid/sessionid type setup to work.

How would a handler be setup?

Later

Mark


From: http://www.w3c.org/TR/soap12/
7.2 RPC and SOAP Header
Additional information relevant to the encoding of an RPC invocation but not
part of the formal procedure or method signature MAY be expressed in the RPC
encoding. If so, it MUST be expressed as a header block.

An example of the use of a header block is the passing of a transaction ID
along with a message. Since the transaction ID is not part of the signature
and is typically held in an infrastructure component rather than application
code, there is no direct way to pass the necessary information with the
invocation. By adding a header block with a fixed name, the transaction
manager on the receiving side can extract the transaction ID and use it
without affecting the coding of remote procedure calls.


-----Original Message-----
From: Russell Butek [mailto:butek@us.ibm.com]
Sent: Monday, October 01, 2001 7:58 AM
To: axis-dev@xml.apache.org
Cc: axis-user@xml.apache.org
Subject: RE: How to get/pass header session information


Do we have any concern with letting clients have direct control over
message header info?

I'm still a newbie to the SOAP world, so maybe my assumptions are baloney,
but in the CORBA world, we really didn't want the client to be able to muck
with the message headers.  The header was the realm of the ORB and its
services:  security, transactions, etc. and we didn't want clients to
tamper with their information.  Portable interceptors were developed for
service folks to gain limited access to the header.  A client could always
write an interceptor, but access to the header was limited enough that they
could add their own info, but not mess with what was already there.

Russell Butek
butek@us.ibm.com


Glen Daniels <gdaniels@macromedia.com> on 09/28/2001 04:04:14 PM

Please respond to axis-dev@xml.apache.org

To:   "'axis-user@xml.apache.org'" <axis-user@xml.apache.org>
cc:   "'axis-dev@xml.apache.org'" <axis-dev@xml.apache.org>
Subject:  RE: How to get/pass header session information




Good catch, Mark.

I think the right solution to this might be to add APIs like this to
ServiceClient:

  public void addHeader(SOAPHeader header)
  public void clearHeaders()

This would allow the user to add headers to outgoing messages.  I'm not
sure, but I think a good default might be to persist the headers across
invoke()s unless clearHeaders() is called, which would enable very easy
usage in scenarios like the session one you mention.

Axis-dev'ers?  +1, -1?

--Glen

> -----Original Message-----
> From: Mark Roder [mailto:mroder@wamnet.com]
> Sent: Friday, September 28, 2001 4:02 PM
> To: 'axis-user@xml.apache.org'
> Subject: RE: How to get/pass header session information
>
>
>
> I figured out how to get the session information by doing the
> following:
>     User aUser=ArchiveDataTEST.getValidUser();
>     RPCParam userParam = new RPCParam("User", aUser) ;
>
>     String endpoint =
> "http://localhost:80/cgi-bin/wambase/mvsrch_front";
>
>     ServiceClient client = new ServiceClient(endpoint);
>     client.addOption(AxisEngine.PROP_DOMULTIREFS, new Boolean(false));
>     client.addSerializer(User.class,new QName(),new BeanSerializer());
>     String ret = (String)client.invoke("Login",
>                                        new Object []
> {userParam });
>     Message msg = client.getResponseMessage();
>     SOAPEnvelope env=msg.getAsSOAPEnvelope();
>     SOAPHeader sessionHeader =
> env.getHeaderByName("urn:schemas-wamnet-com:Session","SessionID");
>     String aString = (String) sessionHeader.getValueAsType(new
> QName(Constants.URI_2001_SCHEMA_XSD, "string"));
>
>     String sessionId = aString.trim();
>     System.out.println("SessionID:" +sessionId);
>
> I can create(I think it works) a header using the following code:
>     Document doc = XMLUtils.newDocument();
>     Element element =
> doc.createElement(ArchiveConstants.NS_SESSION_ID);
>     element.setAttribute(ArchiveConstants.NS_AUTH_REF,
> ArchiveConstants.NS_AUTH_URI);
>     element.appendChild(doc.createTextNode(sessionId));
>     SOAPHeader sessionHeader = new SOAPHeader(element);
>
> Now that I have the SOAPHeader, it looks like ServiceClient
> is written in a
> way that doesn't allow me to add my own SOAPHeaders to a message.
>
> The invoke(method,args) creates a RPCElement and then runs
> invoke(RPCElement).
>
> The invoke(RPCElement) creates the SOAPEnvelope and adds the
> body, creates
> the message, calls invoke() and then decodes the response.
>
> What I want to do is add my own header after the
> invoke(RPCElement) does the
> work of setting up the message but before invoke() is called.
>
> Options:
>   Option1: I started down the wrong path and there is an easier way.
>   Option2:
>       Change how the invoke methods are called so that the
> RPC invokes call
> a "createEnvelope(method,args)" method that returns a
> SOAPEnvelope.  They
> then call the invoke(SOAPEnvelope) method to make the call.  A
> "decode(SOAPEnvelope)" method will then return the object.
> This is breaking
> up the  current invoke(RPCElement) method into the part above
> invoke() and
> below invoke().
>
>    This change would allow me to do the following in my code:
>
>    reqEnv = client.createMessage(method,args);
>    reqEnv.addHeader(myHeader);
>    responseEnv = client.invoke(reqEnv);
>    resultObject = client.decode(responeEnv)
>
>   Option3:  Make a method that you can pass in a header for
> the message
>
> Does this make sense?  Am I missing something?
>
> Later
>
> Mark
>
>
>
>
>
>
> -----Original Message-----
> From: Mark Roder [mailto:mroder@wamnet.com]
> Sent: Friday, September 28, 2001 12:29 PM
> To: 'axis-user@xml.apache.org'
> Subject: How to get/pass header session information
>
>
>
> I am just starting to use axis, so this may be simple.  I am
> working on a
> soap client application hitting an existing server.
>
> How do I pull the session information out of the header of
> the following
> response?
>
> Then, how do I add it all following requests?
>
>
> My current code:
>
>     User aUser=ArchiveDataTEST.getValidUser();
>     RPCParam userParam = new RPCParam("User", aUser) ;
>
>     String endpoint =
"http://localhost:80/cgi-bin/wambase/mvsrch_front";

    ServiceClient client = new ServiceClient(endpoint);
    client.addOption(AxisEngine.PROP_DOMULTIREFS, new Boolean(false));
    client.addSerializer(User.class,new QName(),new BeanSerializer());
    String ret = (String)client.invoke("Login",
                                       new Object [] {userParam });
    System.out.println("Sent 'Hello!', got '" + ret + "'");



Response I need to get session information out of:

HTTP/1.1 200 OK Date: Fri, 28 Sep 2001 16:39:10 GMT Server: Apache/1.3.11
(Unix) mod_ssl/2.5.0 OpenSSL/0.9.4 Connection: close Content-Type: text/xml
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
     <soap:Header>

           <auth:SessionID xmlns:auth="urn:schemas-wamnet-com:Session"
soap:mustUnderstand="1">
               ses09281011739119691.id
          </auth:SessionID>
     </soap:Header>
     <soap:Body>
          <m:LoginResponse xmlns:m="urn:schemas-wamnet-com:Archive" />
     </soap:Body>
</soap:Envelope>


Example request I need to put the session information into:

POST /cgi-bin/wambase/mvsrch_front HTTP/1.0 Host: localhost Content-Type:
text/xml; charset=utf-8 Content-Length: 608 SOAPAction:
"urn:schemas-wamnet-com:Archive#GetLibraries"  <?xml version='1.0'
encoding='UTF-8'?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/1999/XMLSchema">
<SOAP-ENV:Header>
<auth:SessionID soap:mustUnderstand="1"
xmlns:auth="urn:schemas-wamnet-com:Authentication">
ses09281011809017084.id       </auth:SessionID>
</SOAP-ENV:Header>
<SOAP-ENV:Body> <ns1:GetLibraries xmlns:ns1
="urn:schemas-wamnet-com:Archive"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
</ns1:GetLibraries> </SOAP-ENV:Body> </SOAP-ENV:Envelope>


Thanks

Mark


Mime
View raw message