Steve Jagels [https://community.jboss.org/people/sej] created the discussion "Saving token for RestEasy web service" To view the discussion, visit: https://community.jboss.org/message/741035#741035 -------------------------------------------------------------- Awhile back I created a jboss jax-ws web service and for security I had it save a token to the session.  It has worked fine. Now I have a Rest Easy web service and I need it to also save a token to the web service session. I have looked at doing it two ways, but neither one is working.  The first way uses @Resource and the session gets a null pointer exception.  The second way uses @Context and the session is not null, but any attribute saved to it (token) is null. *First way* (same as is working for the jboss jax-ws web service): @Resource *private* WebServiceContext ctx; *public* String saveTokenToSession(@QueryParam("consumerName") String consumerName, @QueryParam("token") String token){    HttpSession session = getTheSession(); *if* (session == *null*) { *throw* *new* WebServiceException("Error: could not get session for web service.");    } *if* (!+checkLogin+(token)) {       System.+out+.println("Saving token to session - invalid token."); *return* "N";    }    session.setAttribute("token", token); *return* "Y"; } *private* HttpSession getTheSession() {    javax.xml.ws.handler.MessageContext mc = ctx.getMessageContext();  //null pointer exception occurs here    HttpServletRequest request = (javax.servlet.http.HttpServletRequest) mc.get(javax.xml.ws.handler.MessageContext.+SERVLET_REQUEST+);    HttpSession session = request.getSession(); *return* session; } *Second way*: *public* String saveTokenToSession(@QueryParam("consumerName") String consumerName, @QueryParam("token") String token, @Context HttpServletRequest inRequest){    HttpSession session = inRequest.getSession(); *if* (session == *null*) {  //session is not null *throw* *new* WebServiceException("Error: could not get session for web service.");    } *if* (!+checkLogin+(token)) {       System.+out+.println("Saving token to session - invalid token."); *return* "N";    }    session.setAttribute("token", token); *return* "Y"; } *public* String getPermissions(@QueryParam("consumerName") String consumerName, @QueryParam("strPermission") String strPermission, @Context HttpServletRequest inRequest) {       List<Permission> toBeReturned = *null*;       Permission permissionInput = *null*; *try* {          String token;          HttpSession session = inRequest.getSession(); *if* (session == *null*) {  //session is not null *throw* *new* WebServiceException("Error: could not get session for web service.");          }          token = (String) session.getAttribute("token");  //null *if* (*null* == token || token.equals("")){ *return* "";          }          ...          ... *return* permissions;       }*catch*(Exception e){          e.printStackTrace();       } *return* *null*; } Any idea why either of these does not work? I'm using jboss 5.1.2 and jdk 1.6.0. -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/741035#741035] Start a new discussion in JBoss Web Services at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&...]