Handling sessions in Web Services

Similar Messages

• Sessions in Web Services

  I'm trying to manage sessions in Web Service. Can sombody tell me how to do this

  a bit unspecific, anyway, here a solution for a plain JAX-RPC implementation
  in a JAX-RPC client, use
  ((javax.xml.rpc.Stub)myProxy)._setProperty(javax.xml.rpc.Stub.SESSION_MAINTAIN_PROPERTY, Boolean.TRUE);
  to let the client maintain session state
  in JAX-RPC server, implement ServiceLifecycle and call getHttpSession() on the servlet endpoint context
  Merten

• Implementation of session handling for using web services

  Hi,
  I would like to use session handling in web services using ABAP stack in order to start the session with an user login function followed by other RFC calls till a user logout. So far, I found only the following help note in the SAP online help:
  Interface Profile
  In the interface profile, choose the required processing type: Stateful or Stateless.
  A stateful service retains its status within the framework of a HTTP session throughout several calls form the same service consumer. The standard value for services is Stateless.If you require stateful communication, you can choose this instead.
  [http://help.sap.com/saphelp_nwpi71/helpdata/de/45/25291b5a2657c0e10000000a1553f7/content.htm |http://help.sap.com/saphelp_nwpi71/helpdata/en/45/25291b5a2657c0e10000000a1553f7/content.htm]
  Please, could someone explain me the further required steps of SAPs session handling idea cause just settting the status to stateful is still not the solution itself...
  Regards,
  Jens

  Now, I found the possible scenarios, suggest by SAP Help, regarding security for Web Services ([http://help.sap.com/saphelp_nw73/helpdata/en/48/8ebbba66be06b2e10000000a42189b/content.htm|http://help.sap.com/saphelp_nw73/helpdata/en/48/8ebbba66be06b2e10000000a42189b/content.htm]):
  - SAML & WS SecureConversation -> SSO
  - WS Security UsernameToken & WS SecureConversation
  - User ID and Password in HTTP Header & HTTPS
  - SAP Authentication Assertion Ticket & HTTPS -> SSO
  - X.509 SSL Client Certificate through HTTPS
  - WS Security: X.509 Certificate Authentication at Message Level
  Are scenarios with SSO the solution for creating sessions!?

• Error Handling in a web service

  Hi,
  We are going through the process of producing some test web services, and was wondering if there is a way of handling errors so that a more meaningful message can be output instead of a SOAP Exception.
  For example if a number was passed in that was invalid, such as a negative number when only positive would be allowed. Is it possible to output a message that would say something like
  'Number input must be positive'
  instead of this type of error
  [SOAPException: faultCode=SOAP-ENV:Server; msg=ORA-06502: PL/SQL: numeric or value error
  ORA-06512: at "CDDEV.SQUARE_ROOT", line 6
  ORA-06512: at line 1
       java.lang.String mypackage3.Square_rootStub.get_square_root(java.math.BigDecimal)
            Square_rootStub.java:68
       void mypackage3.Class1.main(java.lang.String[])
            Class1.java:15
  This example was done using a PL/SQL web service, but equally using Java if you throw an exception for a negative number you get a NaN type error.
  Thanks
  Gary

  As the error is thrown by the PL/SQL Java wrapper, you possibly could capture it on the server side and throw a more meaningful message. What is happening is that java.sql.SQLException thrown on the server side by the Java PL/SQL wrappers is wrapped into a SOAP fault.
  If you were to catch it yourself before propagating it back, you could replace the string. Unfortunately, the java.sql.SQLException is strewn about the generated code so it is hard to isolate - it isn't exactly straight forward. Another avenue to consider might be to wrapper the stored procedure code Java wrapper itself and write your own exception handling where you set the string explicitly (remember the string value set in any exception is what is passed back in the SOAP fault).
  None of these are perfect, but perhaps they might give you some ideas ...
  Mike.

• How to keep alive a session in Web Services?

  I have to do my project, that will be including some following features:
  1. Login to Application through Web Services method. For example:
  http://mydomain.com/web-services/Login?WSDL
  2. After logging in, use mySms method to send message to Cellphone through Web Services! For example:
  http://mydomain.com/web-services/mySms?WSDL
  My questions are:
  1. How can I keep alive the session after logging in the application in Web Services? In Web, I can use "Session".
  2. If someone has not logged in the Application, he/she could not use mySms method for sending Sms. How can I do that?
  3. I know, when I invoke a Web Services, one JavaBean has been called, and this bean is persistence with his own states. It means, if I set value to parameters of this bean, these values are persistence for invoked methods by other persons.
  For example:
  mySms bean has a private field "jid" inited with NULL value.
  Person A invoked mySms.
  Then, A set jid of mySms to value "A".
  Person B invoked mySms. B got jid value. He receive the result value is "A".
  The question is, how can I set mySms bean so that mySms bean is not persistence?
  Thanks many!

  Hi,
  I can right away answer your FIRST Question.
  Since WebServices are PURELY Based on SOAP which is in tern based on HTTP, they rely on a Stateless protocol.
  I am sure you know that the HTTP is the STATELESS Protocol and so you can not maintain Session and so EACH Http REQUEST is considered as a SEPERATE REQUEST.
  Now, still you want to maintain the Session in WebServices,
  The simple answer is PASSING PARAMETERS.
  Just Maintain your Session on Client (If you are using JSPs or Servlets to CAll WEBSERVICES then maintain Session through your HTTPSession) and each time you Invoke WebService PASS ON REQUIRED Parameters.
  This Approach is Exactly like your URL REWriting OR your Parameters Passing through QUERY STRINGS.
  I hope you got what I am saying!
  Take care,
  Himanshu/

• Session with web service

  Hi,
  I would like to know if there is a kind of session management with SOAP messages. I have found the interface IF_SOAP_SESSION_PROTOCOL, in which you can put in 'stateful' mode, however I wasn't able to use it.
  In fact, I try to understand what stateful means for SOAP in SAP, and if you can log/manage the session of a user, in order to see what he do (without requested authentification/identification).
  Regards,
  Gautier
  Edit: I don't know if it is the good forum or if I would have choose 'NetWeaver Platform's one
  null

  Any comments ?
  mark
  "markhu" <[email protected]> wrote in message
  news:[email protected]..
  Hi, every one:
  Here's my question of my day - >>>
  I am using weblogic 6.1 SP2 right now - running on Unix and Win 2K,and
  I got a web service up and running called Price Update web service through
  which user can pick up a price and push a deal to another web service
  called: deal service, the deal service will take the user deal and bookthe
  deal ( sending a JMS message to a Queue, a MD will pick up and do thework,
  then send the confirmation to another JMS Queue ), then the confirmation
  will be picked up and sent to another web service , called: User Deal
  Confirmation Service, here's the question:
  1. Since the client application is only allowed to see its own confirmed
  deals, how I can make the confirmed deal encrypted based on a server
  generated key or the session id that client application provides
  2. Now, I have 3 webservices: update, deal and confirm, each of them has a
  client.jar file available - from the client application point of view, doI
  need all these 3 client.jar, or I just need one of them ?????
  3. How can I use web service call back in wls 6.1 sp2 ?????? - in the 7.0
  beta, you can do this easily in the workshop, in the second questionabove,
  I think I need some how relate the confirmation to the client conversation
  id ??
  thanks a lot for the input, have a nice day.
  regards,
  mark.

• How to handle attachment in Web Services?

  is there any way to handle attachments in JCAPS Web Services? If you have any white paper/documents please provide me link?
  Thanks

  Hi ,
  When you create a Project in JCAPS you need to import saaj.jar file this will allow you to handle attachments comming in soap.
  Thanks,
  -Arun

• Registering EJB/Stateless Session Bean Web Service in Registry

  Hi verybody!
  I would like to know how I can register a Web Service in a registry. The web service is implemented as a session bean.
  The problem is not the actual code to register the service, but how and where can I hook this code into the application so that it is started when the application server is started.
  I've read the Sun J2EE tutorial which registered the service in the moment when the context for the servlet for an ordinary web client was created. This is not what I want. I would like to register the service when starting the EJB container, without the need to give it a kick from some external interface.
  Any help or ideas will be greatly welcome
  Regards
  PI

  1. But I thought you were using a 'stateful session bean'?
  2. For stateless session beans, there is no direct link between a remote reference and an instance of the bean. It is safe to hang on to the remote reference as long as you would like, of course it may go stale if the server dies. You will also find that the create() method does not actually contact the server, so doing it each usage costs very little. So, either way you should be fine.
  3. As for memory leaks, make sure that you are closing all statements, result sets, etc. promptly. These are commonly the problem. Also, use hprof or some other profile tool to determine what types of data you are allocating and (with better tools) what types of data you may be holding on to references to.
  Chuck

• Exception Handling with OC4J Web Services

  Hi,
  I want to throw some custom exceptions from my web services, based upon my business logic. From the documents I came to know that I can use "javax.xml.rpc.soap.SOAPFaultException" for the same. Following is the sample web service code which I'm trying in my environment.
  import javax.ejb.Stateless;
  import javax.jws.WebMethod;
  import javax.jws.WebService;
  import javax.xml.namespace.QName;
  import javax.xml.rpc.soap.SOAPFaultException;
  @WebService
  @Stateless
  public class TestService {
       @WebMethod
       public void greeting()
            throw new SOAPFaultException(new QName("uri", "local"),
       "My Fault String", "My Fault Actor", null);
  Deployment of the web service goes fine and on the invocation of the "greeting" operation the exception is being thrown. But the problem is that, the soap response, which my web service client receives is as of follows,
  <env:Envelope
  xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:ns0="http://service.csm.nb.md.inglife.jp.co/">
  <env:Body>
  <env:Fault>
  <faultcode>env:Server</faultcode>
  <faultstring>Internal Server Error (Caught exception while handling request: oracle.oc4j.rmi.OracleRemoteException: javax.xml.rpc.soap.SOAPFaultException: My Fault String; nested exception is: javax.xml.rpc.soap.SOAPFaultException: My Fault String)</faultstring>
  </env:Fault>
  </env:Body>
  </env:Envelope>
  This means that OC4J again wraps the SOAPFaultException thrown by me. Is there any way by which I can avoid the further wrapping of my exceptions? If there is anything wrong in my approach please do let me know.
  Regards,
  Dipu

  This is one of the "classic" design problems in this kind of architecture. And, unfortunately, the answer is "it depends on how you think you need to handle it." And I'm sure there are plenty of "gurus" that will tell you one way or another is the only way to do it.
  I'll be more honest: I'll give you a couple of personal suggestions, based on experience in this architecture. These are suggestions - you may do with them what you will. I will not say this is the best, most correct, or even remotely relevant to what you're doing.
  If it's simple data validation for "typing" (e.g. String, number, Date, etc.), that is taken care of when you attempt to stuff in the information into the appropriate DTO. If it's more "sophisticated" than that (must be in a certain range, etc.), that particular checking should probably be delegated from your Controller to a helper class. That not only saves the "expense" of transmitting the information back and forth across the wire, it's "faster" to the end user so say "Ooopsie" by redirecting back to the form right then. Basically the same thing if the types are wrong.
  That only leaves the "big" problems in the business layer (EJBs), where you have to deal with concurrency, database failures, etc. Generally these kinds of exceptions are thrown back to to the Controller in one of two forms:
  1) a sublass of RuntimeException, which signals that some Very Bad Things have happened in your container. EJBException is one like that and you can see where it's being thrown from.
  2) a subclass of Exception, also called "application exceptions." They are usually something like a "duplicate record" or a validation-like error (which you mentioned) like a missing field. They're used as a signal to a failure in the logic, not the container. That way you have to decide at what layer of your architecture they should be handled and/or passed on to the next.

• Envorcing authentication with session ejb web service?

  I implemented a web service as a session ejb. Some of the methods exposed by this web service require certain privileges. I modified my ejb-jar.xml file and declaratively specified this by using the <method-permission> element.
  I have a Java client. If I pass credentials (e.g., name, password) into the constructor of the stub for the web service interface, the container properly recognizes this information, authenticates the user and either responds to or rejects the request based on if the user is permitted to call the method.
  I have a non-Java client. If I try to do the same thing, it does not work. Peeking underneath the covers, I've discovered that the credentials are never being used.
  Now I did get something to work. If I manually modify the web.xml for the web-services.war that is generated by servicegen to put a security constraint on the URL for the web service using the <security-constraint> element, when I run the non-Java client again, the credentials are used, properly recognized, etc.
  (1) Does anyone know why the security constraint is necessary for the non-Java client but not the Java client?
  (2) Am I doing something wrong? missing something? Is there a different way to do this?
  (3) Since I implemented the web service as a session EJB but it appears the generated web-services.war content needs to be manually modified, is there a way to generate this security constraint? I've tried various things and cannot seem to do this.
  Thanks for feedback!

  Debu,
  Yes, it successfully deployed.
  Here are the messages from the failed run.
  BUILD SUCCESSFUL
  Total time: 33 seconds
  D:\Oracle_ejb3.0\demo\howtoejb30ws>ant run
  Buildfile: build.xml
  common:
  [echo] BuildName: ejb30ws
  [echo] BuildHome: D:\Oracle_ejb3.0\demo\howtoejb30ws
  [echo] BuildFile: D:\Oracle_ejb3.0\demo\howtoejb30ws\build.xml
  [echo] BuildJVM: 1.5
  oracle-env-check:
  java-env-check:
  init:
  [echo] -----> Initializing project properties
  setup:
  [echo] -----> Creating the required sub-directories
  cli-setup:
  [echo] -----> Setting up the application client module
  [oracle:genProxy] null, WSDLException: faultCode=INVALID_WSDL: The document: http://localhost:8888/ejb
  /ejb30ws?wsdl is not a wsdl file or does not have a root element of "definitions" in the "http://schem
  mlsoap.org/wsdl/" namespace or the "http://www.w3.org/2004/08/wsdl" namespace.
  [oracle:genProxy] WSDLException: faultCode=INVALID_WSDL: The document: http://localhost:8888/ejb30ws/e
  ws?wsdl is not a wsdl file or does not have a root element of "definitions" in the "http://schemas.xml
  .org/wsdl/" namespace or the "http://www.w3.org/2004/08/wsdl" namespace.
  BUILD FAILED
  D:\Oracle_ejb3.0\demo\howtoejb30ws\build.xml:316: oracle.j2ee.ws.common.tools.api.WsdlValidationExcept
  null, WSDLException: faultCode=INVALID_WSDL: The document: http://localhost:8888/ejb30ws/ejb30ws?wsdl
  not a wsdl file or does not have a root element of "definitions" in the "http://schemas.xmlsoap.org/ws
  namespace or the "http://www.w3.org/2004/08/wsdl" namespace.
  Total time: 3 seconds
  D:\Oracle_ejb3.0\demo\howtoejb30ws>

• Authenticating EJB 3 Session Bean Web services

  I have some session beans that I want to expose directly as web services in Glassfish.
  My question is how do I protect them to only be used by authorized people?
  Do I simply use standard role based JEE authentication like normal session beans?
  Is there a client example that talks to an authenticated session bean?
  If this isn't the way it is done, can someone provide an example on how it should be done?
  Thanx!

  The portable way to retrieve an EJB reference in Java EE is to either inject it or look it up via the
  component's private naming environment. The simplest way is :
  @EJB
  private DocumentManager dm;
  The global JNDI name is only used as an implementation specific way to uniquely assign an
  identifier to a specific Remote EJB. It's best for this not to appear directly in the source code.
  There's more on global JNDI names in our EJB FAQ :
  https://glassfish.dev.java.net/javaee5/ejb/EJB_FAQ.html
  The alternative to annotations is to use an ejb-ref to declare the ejb dependency. The ejb-ref
  is declared in the standard deployment descriptor corresponding to the component doing the
  lookup. Each ejb-ref has an ejb-ref-name, e.g. <ejb-ref-name>DM_ref</ejb-ref-name>
  The code looks up the ejb-ref-name relative to the java:comp/env namespace to retrieve the
  EJB reference.
  DocumentManager dm = (DocumentManager)
  new InitialContext().lookup("java:comp/env/DM_ref");

• Session and Web Services

  session variables can't store session data when using for Web
  Services, is that right?

  Hi
  Axis2 offers two ways of doing session management. The first way uses a cookie. You need to specify scope="transportsession" in your services.xml, and ensure that cookies are enabled.
  The second way is not dependent on HTTP cookies, but uses WS-Addressing headers instead. It is scope="soapsession". If you use the Axis2 client then you can do this very simply use setManageSession(true) on your ServiceClient.
  e.g. stub._getServiceClient.setManageSession(true);
  If you use another client, you will need to get the header from the response message and add it to future requests yourself.
  Can I suggest you move this discussion to [email protected] where all the axis2 experts hang out?
  Paul

• Using session in Web Service

  Hello friends;
  I have a question. Can � use session in webservice? Does Web service support session? I searched but didn' t find a good result.

  This has been logged as a bug and was upgraded to severe in March, but nothing has been done on it as far as I am aware. Beware this bug also affects global temporary tables--the same session and everything related to --including session context variables and global temp tables are shared by every call to the web service.
  Service Request 6067517.994 - SYS_CONTEXT SESSION DATA IS NOT PRIVATE BETWEEN MULTIPLE CLIENT SESSIONS has been updated by Oracle Support with relevant information on 18-JAN-07.
  To view the progress on-line via MetaLink, go to this URL:
  http://metalink.oracle.com/metalink/plsql/tar_main.this_tar?tar_num=6067517.994&p_ctryCode=840

• How to get, handle and check web service response?

  Hello All!
  We test web services and try to use e-Tester for this.
  We have some problems with validation of service response. Maybe somebody can help or advice us?
  Service method returns the list of Cards (total is about 300 items) with attributes.
  Below is the sample of one card properties.
  - <Cards>
  - <UserCard>
  - <characteristics>
  - <item>
  <Name>ARM</Name>
  <Value>78</Value>
  </item>
  - <item>
  <Name>BAT</Name>
  <Value>40</Value>
  </item>
  - <item>
  <Name>SPD</Name>
  <Value>30</Value>
  </item>
  - <item>
  <Name>STR</Name>
  <Value>40</Value>
  </item>
  </characteristics>
  <ID>1</ID>
  <FirstName>A.J.</FirstName>
  <LastName>Burnett</LastName>
  <PlayerName>A.J. Burnett</PlayerName>
  - <Team>
  <Name>Blue Jays</Name>
  <City>Toronto</City>
  </Team>
  <cardid>1</cardid>
  - <Flags>
  <IsFavorite>false</IsFavorite>
  <IsForPosters>false</IsForPosters>
  <IsForTrade>false</IsForTrade>
  <IsToppCard>false</IsToppCard>
  </Flags>
  <Count>0</Count>
  </UserCard>
  + <UserCard>
  + <UserCard>
  + <UserCard>
  In one test case we need to check the state of Count property (0 or 1) for all cards, count the quantity of cards with Count=1 and check that it equals to 8.
  So the question is how to get the service request to the VBA for analyzing and verification?
  Thanks a lot!

  Have any other ideas?

• Can XI handle RPC based web services ?

  Is it possible with XI 3.0 to work with RPC based webservices rather than Document based services.
  If it can, can some one send me sample configuration for SOAP Receiver and SOAP Sender.
  I have successfully configured an  SOAP Receiver to access external web service on internet which is a document based but I am having difficulty in accessing rpc based webservice on intranet.
  We are on XI 3.0 SP 14. Appreciate your comments on this topic.
  Thanks
  Prasad

  Hi John!
  > Is using RPC style web services supported out of the
  > box within XI? I have read some forums that suggest
  > only document style are and would like a definitive
  > answer.
  I have opened an OSS message regarding this topic and I was told that RPC-style Web Services are not supported within the XI SOAP adapter. Our current workaround which adds the missing Web Service operation using an additional XSLT mapping is not sufficient. Instead we have to change our WSDL from RPC-style into document-literal style.
  Regards, Tanja