0 Replies Latest reply on Jun 11, 2012 11:53 AM by Steve Jagels

    Saving token for RestEasy web service

    Steve Jagels Newbie

      Awhile back I created a jboss jax-ws web service and for security I had it save a token to the session.  It has worked fine.

       

      Now I have a Rest Easy web service and I need it to also save a token to the web service session. I have looked at doing it two ways, but neither one is working.  The first way uses @Resource and the session gets a null pointer exception.  The second way uses @Context and the session is not null, but any attribute saved to it (token) is null.

       

      First way (same as is working for the jboss jax-ws web service):

      @Resource private WebServiceContext ctx;

       

      public String saveTokenToSession(@QueryParam("consumerName") String consumerName, @QueryParam("token") String token){

         HttpSession session = getTheSession();

            if (session == null) {

                  throw new WebServiceException("Error: could not get session for web service.");

         }

       

            if (!checkLogin(token)) {

            System.out.println("Saving token to session - invalid token.");

                  return "N";

         }

         session.setAttribute("token", token);

           

            return "Y";

      }

       

      private HttpSession getTheSession() {

         javax.xml.ws.handler.MessageContext mc = ctx.getMessageContext();  //null pointer exception occurs here

         HttpServletRequest request = (javax.servlet.http.HttpServletRequest) mc.get(javax.xml.ws.handler.MessageContext.SERVLET_REQUEST);

         HttpSession session = request.getSession();

            return session;

      }

       

      Second way:

      public String saveTokenToSession(@QueryParam("consumerName") String consumerName, @QueryParam("token") String token, @Context HttpServletRequest inRequest){

         HttpSession session = inRequest.getSession();

            if (session == null) {  //session is not null

                  throw new WebServiceException("Error: could not get session for web service.");

         }

       

            if (!checkLogin(token)) {

            System.out.println("Saving token to session - invalid token.");

                  return "N";

         }

         session.setAttribute("token", token);

                 

            return "Y";

      }

       

      public String getPermissions(@QueryParam("consumerName") String consumerName, @QueryParam("strPermission") String strPermission, @Context HttpServletRequest inRequest) {

            List<Permission> toBeReturned = null;

            Permission permissionInput = null;

                  try {

               String token;

               HttpSession session = inRequest.getSession();

                        if (session == null) {  //session is not null

                              throw new WebServiceException("Error: could not get session for web service.");

               }

               token = (String) session.getAttribute("token");  //null

       

                        if (null == token || token.equals("")){

                              return "";

               }

       

               ...

               ...

                        return permissions;

            }catch(Exception e){

               e.printStackTrace();

            }

                  return null;

      }

       

      Any idea why either of these does not work?

       

      I'm using jboss 5.1.2 and jdk 1.6.0.