You are viewing a plain text version of this content. The canonical link for it is here.
Posted to soap-user@xml.apache.org by Maris Orbidans <M....@datapro.lv> on 2002/05/20 17:45:12 UTC
client session/authorization
In my WEB service I want to check client's username and password.
Does client need to send his authorization information every time he calls my WEB service ?
Can SOAP maintain user session ?
If SOAP can't then I have to check client's password every time, isnt it ?
regards,
Maris Orbidans
RE: client session/authorization
Posted by Erich Izdepski <ei...@cysive.com>.
//assumes Call already created
SOAPHTTPConnection connection = new SOAPHTTPConnection();
connection.setUserName("user");
connection.setPassword("password");
call.setSOAPTransport(connection);
Each Call object must have the SOAPHttpConnection set into it, with the
username and password for HTTP Basic Authentication. You could just create a
single SOAPHttpConnection and re-use it for each call made to a web service
for a given client, perhaps storing it in the user's session. This assumes
you are managing session somewhere, such as in a servlet, or by how you have
deployed your web services (yes, Apache SOAP can maintain session). See the
docs (\soap-2_2\docs\guide\rpcclient.html) for a discussion on using
stateful web services.
Erich Izdepski
Senior Software Engineer
Cysive, Inc.
-----Original Message-----
From: Maris Orbidans [mailto:M.Orbidans@datapro.lv]
Sent: Monday, May 20, 2002 11:45 AM
To: soap-user@xml.apache.org
Subject: client session/authorization
In my WEB service I want to check client's username and password.
Does client need to send his authorization information every time he calls
my WEB service ?
Can SOAP maintain user session ?
If SOAP can't then I have to check client's password every time, isnt it ?
regards,
Maris Orbidans
RE: client session/authorization
Posted by Erich Izdepski <ei...@cysive.com>.
//assumes Call already created
SOAPHTTPConnection connection = new SOAPHTTPConnection();
connection.setUserName("user");
connection.setPassword("password");
call.setSOAPTransport(connection);
Each Call object must have the SOAPHttpConnection set into it, with the
username and password for HTTP Basic Authentication. You could just create a
single SOAPHttpConnection and re-use it for each call made to a web service
for a given client, perhaps storing it in the user's session. This assumes
you are managing session somewhere, such as in a servlet, or by how you have
deployed your web services (yes, Apache SOAP can maintain session). See the
docs (\soap-2_2\docs\guide\rpcclient.html) for a discussion on using
stateful web services.
Erich Izdepski
Senior Software Engineer
Cysive, Inc.
-----Original Message-----
From: Maris Orbidans [mailto:M.Orbidans@datapro.lv]
Sent: Monday, May 20, 2002 11:45 AM
To: soap-user@xml.apache.org
Subject: client session/authorization
In my WEB service I want to check client's username and password.
Does client need to send his authorization information every time he calls
my WEB service ?
Can SOAP maintain user session ?
If SOAP can't then I have to check client's password every time, isnt it ?
regards,
Maris Orbidans