axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran" <stev...@iseran.com>
Subject Re: Stateful Web Services
Date Wed, 15 Jan 2003 21:02:05 GMT

----- Original Message -----
From: "David Peterson" <peterson@ee.usyd.edu.au>
To: <axis-user@xml.apache.org>
Sent: Wednesday, January 15, 2003 12:48
Subject: Re: Stateful Web Services


>
> Hi Steve,
>
> But in the simplest possible case, where I just want to persist data
> between *invocations* (i.e. separate calls), do I still need session
> info to be propogated client side?
>
> e.g.
>
> Call 1: deposit(100);
> Call 2: deposit(200);
> Call 3: getBalance() -> 300
> Call 4: withdrawl(50);
> Call 5: getBalance() -> 250
>
> Where Call 1 - Call 5 are 5 separate invocations (maybe from the same
> client, but maybe not).

think about this for a moment. How are you going to specify bank account and
auth info? If it goes with every request, then you could be stateless.
Otherwise the caller needs to first 'bind' to an account, then make requests
on it. We call that 'state', no matter how it is actually implemented.

Nb, this example is a bit dangerous as http is inherently unreliable, you
need to make the calls idempotent. Otherwise, how do you know when a deposit
failed, where

one way to do this in soap would be

* a required SoapHeader that contains authentication info, whatever that may
be

* all requests include
 -a requestID, that is some guid to distinguish requests (if we have a logon
call then it could be a sequence number since logon)
 -account info

* the getbalance call includes not just the balance, but the time that
balance was valid. I'd use xsd:long containg time_t in GMT, for that, as
xsd:dateTime always causes problems for me wrt timezones.

* you also need the from/to details for all withdrawals and deposits; 'cash'
probably needs to include location details like ATM#242.

Splitting auth info from account info allows for logins with >1 account, and
for admin 'bank teller' accounts that have broader rights. The requestID can
be used to discard repeated requests.








Mime
View raw message