JBoss Community

Saving token for RestEasy web service

created by Steve Jagels in JBoss Web Services - View the full discussion

Awhile back I created a jboss jax-ws web service and for security I had it save a token to the session.  It has worked fine.

 

Now I have a Rest Easy web service and I need it to also save a token to the web service session. I have looked at doing it two ways, but neither one is working.  The first way uses @Resource and the session gets a null pointer exception.  The second way uses @Context and the session is not null, but any attribute saved to it (token) is null.

 

First way (same as is working for the jboss jax-ws web service):

@Resource private WebServiceContext ctx;

 

public String saveTokenToSession(@QueryParam("consumerName") String consumerName, @QueryParam("token") String token){

   HttpSession session = getTheSession();

      if (session == null) {

            throw new WebServiceException("Error: could not get session for web service.");

   }

 

      if (!checkLogin(token)) {

      System.out.println("Saving token to session - invalid token.");

            return "N";

   }

   session.setAttribute("token", token);

     

      return "Y";

}

 

private HttpSession getTheSession() {

   javax.xml.ws.handler.MessageContext mc = ctx.getMessageContext();  //null pointer exception occurs here

   HttpServletRequest request = (javax.servlet.http.HttpServletRequest) mc.get(javax.xml.ws.handler.MessageContext.SERVLET_REQUEST);

   HttpSession session = request.getSession();

      return session;

}

 

Second way:

public String saveTokenToSession(@QueryParam("consumerName") String consumerName, @QueryParam("token") String token, @Context HttpServletRequest inRequest){

   HttpSession session = inRequest.getSession();

      if (session == null) {  //session is not null

            throw new WebServiceException("Error: could not get session for web service.");

   }

 

      if (!checkLogin(token)) {

      System.out.println("Saving token to session - invalid token.");

            return "N";

   }

   session.setAttribute("token", token);

           

      return "Y";

}

 

public String getPermissions(@QueryParam("consumerName") String consumerName, @QueryParam("strPermission") String strPermission, @Context HttpServletRequest inRequest) {

      List<Permission> toBeReturned = null;

      Permission permissionInput = null;

            try {

         String token;

         HttpSession session = inRequest.getSession();

                  if (session == null) {  //session is not null

                        throw new WebServiceException("Error: could not get session for web service.");

         }

         token = (String) session.getAttribute("token");  //null

 

                  if (null == token || token.equals("")){

                        return "";

         }

 

         ...

         ...

                  return permissions;

      }catch(Exception e){

         e.printStackTrace();

      }

            return null;

}

 

Any idea why either of these does not work?

 

I'm using jboss 5.1.2 and jdk 1.6.0.

Reply to this message by going to Community

Start a new discussion in JBoss Web Services at Community