Re: cookie management between client and server

From: jeff <jeff.blattman_at_Sun.COM>
Date: Mon, 05 Jan 2004 12:13:13 -0800

thanks bobby,

just to clarify, sounds like you are saying that as long as i have a way
to get a handle to an http request / response object in my service impl,
i can get and set cookies to my heart's delight, is that correct? the
example you provided below uses http session not cookies, i just want to
verify that it is okay to use cookies directly and not rely on http session.

Bobby Bissett - Javasoft wrote:

> >
> > a colleague of mine remembers that there was some sort of an SPI on the
> > server side where we'd have to author a plugin to handle this, but we
> > can't find any mention of this in the specification.
> Hi Jeff,
> You don't need a server side handler to set cookies -- once you get
> hold of the javax.servlet.http.HttpSession object you can set it
> there. Here's the way I have done it:

> Make your service impl class implement
> javax.xml.rpc.server.ServiceLifecycle in addition to your Remote
> interface. This will make you add an init() and destroy() method.
> Declare a field of type javax.xml.rpc.server.ServletEndpointContext
> and in your init method do:
> public void init(Object context) throws ServiceException {
> servletEndpointContext = (ServletEndpointContext) context;
> }
> Then you can have a method like login or something that is the first
> method the client calls, and it will set the cookie here. My example
> passes in a username and password, but you can do it however you'd like:
> public boolean login() throws RemoteException {
> HttpSession httpSession =
> servletEndpointContext.getHttpSession();
> httpSession.setAttribute(username, password);
> // put your validation logic here
> Boolean isValidUser = Boolean.valueOf("true");
> httpSession.setAttribute("loginStatus", isValidUser);
> return true;
> }
> There may be better info for you in the javadocs for HttpSession, but
> this is how you can get hold of it in your service. You can check for
> the cookie and any other http info in the response either with your
> filter or with a client side handler that simply gets the SOAPMessage
> and examines the MimeHeaders. (or use a tcp tunnel kind of utility to
> watch the http flow by...)
> Cheers,
> Bobby

To unsubscribe, e-mail:
For additional commands, e-mail: