Hi there
I'm designing a Axis Web Service that would run under tomcat. The Web
Service client is a standalone Java/Swing WebStart enabled program.
Basically, the Web Service exposes 3 methods that could be called only by
authentified users (Defined in a database table). When client program starts
it display a dialog box with login and password to allow the user to
identify himself. I need to implement the following features:
- User sessions : Once a user is connected, a session is created. Session is
destroyed if user disconnects or timeouts ( stays idle for a certain time ).
When session expires, a subsequent call to web service method has to inform
client application that session expired, and though display again the login
dialog box.
- When web service is called from a client browser, users session is
automatic since tomcat either sends a cookie or uses url rewriting ( If
cookies not enabled ). In my case, it's a webstart enabled application, and
I think there a Cookie management service in webstart api, but the remaining
question is: How to read the cookie sent by the server ?
- Using java:RPC method call doesn't allow to access to SOAP message, right?
So I was thinking to use message calls, and write in SOAP response header
the session id to allow the client to store it for future calls!
- Another feature I want to add is, encrypting messages exchanges using
HTTPS.
Well, i would greatly appreciate any design ideas, and would like to know if
what I'm trying to do is feasable ?
Thanks in advance
|