cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: Application Layer Session Management for WS
Date Wed, 11 Feb 2009 20:43:43 GMT
> CXF Page here( http://cxf.apache.org/getting-involved.html ) shows
> "WS-Context & Session support" as an Idea.
> But the page was last updated on Sep 19, 2007 as you can see.
> Can you please confirm whether its been taken to the next level, or is
> still open for exploration?

Definitely still open for exploration.   Explore away!   :-)

Dan



On Wed February 11 2009 6:52:21 am Anoop Prasad wrote:
> Dear Dan,
>
> Thank you for your Inputs.
>
> My focus is to build a secure Session handling mechanish independent of
> Transport or any low level details.
> " Encrypted XML Document containing Session Tokens; and an aggrement
> between two Web services about the way they will use and Update the token"
> should do the trick. And as you suggested we can use the Interceptors to
> realize this.
>
> Im reading about the standards, and It looks like WS-Context is the right
> way to proceed.
> Ref:
> http://www.idealliance.org/proceedings/xml05/ship/54/xml2005-wssessions.HTM
>L #d0e217
> http://www.w3.org/2001/03/WSWS-popa/paper29
>
> WS Addressing is not advocated; also the Working Group is now closed
> Ref: http://www.infoq.com/news/2007/09/wsacloses
>
> CXF Page here( http://cxf.apache.org/getting-involved.html ) shows
> "WS-Context & Session support" as an Idea.
> But the page was last updated on Sep 19, 2007 as you can see.
> Can you please confirm whether its been taken to the next level, or is
> still open for exploration?
>
> I would really appreacte it if you would correct me if any of these
> understandings is wrong;
>
> Thanks a lot.
>
>
> PS : Im also planning to add WS-Security to the system; for that I probably
> might use the WSS4J Interceptor solution.
>
> regards
> anoopPrasad
>
> Two roads diverged in a wood, and I -- I took the one less traveled by, and
> that has made all the difference!
>
> HUAWEI TECHNOLOGIES CO.,LTD
>
> Address: Huawei Industrial Base
> Bantian Longgang
> Shenzhen 518129, P.R.China
> www.huawei.com
> ---------------------------------------------------------------------------
>- ---------------------------------------------------------
> This e-mail and its attachments contain confidential information from
> HUAWEI, which
> is intended only for the person or entity whose address is listed above.
> Any use of the
> information contained herein in any way (including, but not limited to,
> total or partial
> disclosure, reproduction, or dissemination) by persons other than the
> intended
> recipient(s) is prohibited. If you receive this e-mail in error, please
> notify the sender by
> phone or email immediately and delete it!
>
>
> -----Original Message-----
> From: Daniel Kulp [mailto:dkulp@apache.org]
> Sent: Tuesday, February 10, 2009 10:34 PM
> To: dev@cxf.apache.org
> Cc: anoopPrasad
> Subject: Re: Application Layer Session Management for WS
>
>
>
> I'm really not aware of any non-http level session stuff going on right
> now.
>
> It wouldn't be hard to write a set of interceptors that would do this for
> JMS.
> The server "in" interceptor would just pull a session ID from someplace
> (soap header or JMS header or similar) and validate it and store it on the
> exchange/message to be used later in the implementation or similar.   An
> "out"
> interceptor would add it to the response.  Client side would be similar.
>
> Dan
>
> On Fri February 6 2009 3:53:49 am anoopPrasad wrote:
> > Dear All,
> >
> > I have Integrated the latest CXF 2.1.3 with my system and it started
> > working without making much noise (Some noise near the JMS area ;-)
> > ;change in the way we were configuring it)
> >
> > We do have a need to maintain session for certain Web Services for
> > licensing the same for certain Service consumers.I started exploring
> > options within CXF and found an interesting discussion here
> > http://www.nabble.com/session-management-td11326045.html
> > But that discussion focused on HTTP/jetty based session handling.
> >
> > Do we have a mechanism to handle the Sessions at the application layer
> > level itself; something like what they have in Axis2. If yes kindly
> > point me in the right direction.
> > If not please let me know if we have any work in progress in this
> > direction.
> >
> > Thanks in advance.
> >
> > regards
> > anoopPrasad
>
> --
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog

-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog

Mime
View raw message