[jboss-user] [JBoss Web Services] - Saving token for RestEasy web service
Steve Jagels
do-not-reply at jboss.com
Mon Jun 11 11:53:51 EDT 2012
Steve Jagels [https://community.jboss.org/people/sej] created the discussion
"Saving token for RestEasy web service"
To view the discussion, visit: https://community.jboss.org/message/741035#741035
--------------------------------------------------------------
Awhile back I created a jboss jax-ws web service and for security I had it save a token to the session. It has worked fine.
Now I have a Rest Easy web service and I need it to also save a token to the web service session. I have looked at doing it two ways, but neither one is working. The first way uses @Resource and the session gets a null pointer exception. The second way uses @Context and the session is not null, but any attribute saved to it (token) is null.
*First way* (same as is working for the jboss jax-ws web service):
@Resource *private* WebServiceContext ctx;
*public* String saveTokenToSession(@QueryParam("consumerName") String consumerName, @QueryParam("token") String token){
HttpSession session = getTheSession();
*if* (session == *null*) {
*throw* *new* WebServiceException("Error: could not get session for web service.");
}
*if* (!+checkLogin+(token)) {
System.+out+.println("Saving token to session - invalid token.");
*return* "N";
}
session.setAttribute("token", token);
*return* "Y";
}
*private* HttpSession getTheSession() {
javax.xml.ws.handler.MessageContext mc = ctx.getMessageContext(); //null pointer exception occurs here
HttpServletRequest request = (javax.servlet.http.HttpServletRequest) mc.get(javax.xml.ws.handler.MessageContext.+SERVLET_REQUEST+);
HttpSession session = request.getSession();
*return* session;
}
*Second way*:
*public* String saveTokenToSession(@QueryParam("consumerName") String consumerName, @QueryParam("token") String token, @Context HttpServletRequest inRequest){
HttpSession session = inRequest.getSession();
*if* (session == *null*) { //session is not null
*throw* *new* WebServiceException("Error: could not get session for web service.");
}
*if* (!+checkLogin+(token)) {
System.+out+.println("Saving token to session - invalid token.");
*return* "N";
}
session.setAttribute("token", token);
*return* "Y";
}
*public* String getPermissions(@QueryParam("consumerName") String consumerName, @QueryParam("strPermission") String strPermission, @Context HttpServletRequest inRequest) {
List<Permission> toBeReturned = *null*;
Permission permissionInput = *null*;
*try* {
String token;
HttpSession session = inRequest.getSession();
*if* (session == *null*) { //session is not null
*throw* *new* WebServiceException("Error: could not get session for web service.");
}
token = (String) session.getAttribute("token"); //null
*if* (*null* == token || token.equals("")){
*return* "";
}
...
...
*return* permissions;
}*catch*(Exception e){
e.printStackTrace();
}
*return* *null*;
}
Any idea why either of these does not work?
I'm using jboss 5.1.2 and jdk 1.6.0.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/741035#741035]
Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20120611/66473f47/attachment-0001.html
More information about the jboss-user
mailing list