Hi,
Is there some way to get the username and jsessionid of an authenticated user into a backend web app running on glassfish without relying on clients to include that information in their requests?
To describe my setup .... I've successfully got a web application deployed to glassfish (v2.1) which uses a security realm (flexibleJDBC) to authenticate clients. Successfully auth'd clients then communicate with the backend via encrypted web services. What I would like to do is to include the jsessionids in every client soap request so that I can basically validate every soap request sessionid within my webapp. I'm also thinking this would allow me to invalidate any session from within my backend webapp if I want to.
So is there a way to expose the username and sessionids to webapps within glassfish as soon as every client is authenticated, so that my backend knows to expect soap messages with a given sessionid. (so some sort of MBean interface into glassfish or so)
Hope that makes sense ...
Tks
Alex
p.s. I'm not using a clustered setup at the moment but plan to do so when in production.
[Message sent by forum member 'curtisa' (curtisa)]
http://forums.java.net/jive/thread.jspa?messageID=360478