You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by "Otto, Frank" <ot...@delta-barth.de> on 2006/01/23 10:18:46 UTC

token handling

Hi,
 
I want to use axis to implement a webservice.
 
Now, I need an authentication mechanism to secure the webservice. I want to use login method with login/password. After successful login, I will generate a token, which the user have to put as parameter with other webservice methods. The token must have an expire time.
 
Has someone do this? Can someone give me hints?
 
 
kind regards,
 
Frank

Re: token handling

Posted by iksrazal <ik...@gmail.com>.

At least three options I know of: 

1) 1.3 - SimpleSessionHandler
2) axis2 - serviceGroupContext. 
3) Roll your own. 

#3 is what I've done on several occasions. If using EJB, you can use 
getHandle() on EJBObject. The advantage here is you let the server time out 
the session. 

Lately I've been inclined to just use java.util.UUID and cache it(Singlenton, 
EHCache, Jtree etc), then returning it as a String from the login. Just have 
the client pass it back in on subsequent requests. From there, doing the 
timeout is just simple Java. 

HTH,
iksrazal
http://www.braziloutsource.com/

Em Segunda 23 Janeiro 2006 07:18, o Otto, Frank escreveu:
> Hi,
>
> I want to use axis to implement a webservice.
>
> Now, I need an authentication mechanism to secure the webservice. I want to
> use login method with login/password. After successful login, I will
> generate a token, which the user have to put as parameter with other
> webservice methods. The token must have an expire time.
>
> Has someone do this? Can someone give me hints?
>
>
> kind regards,
>
> Frank

--