On Apr 4, 2008, at 3:10 PM, Jonathan Cook - Online wrote:
> Hi,
>
> Probably a very simple question so apologies in advance but can you
> get at the HttpSession from within a resource class in a similar
> way that a Servlet class can?
>
> For example if people are logging on to an application with
> username/password could I store their username in the session.
> Maybe this goes against some RESTful principles and there is a
> different approach for this type of stuff but its all quite new to me.
>
If you really want to use HttpSession you can inject the
HttpServletRequest onto your resource:
@Context HttpServletRequest r;
then get the session from that. Alternatively you can actually make
resources classes be stored on the session by writing your own
resource provider and create an annotation like @Session associated
with the provider (very similar to using @Singleton). If interested i
can supply more information on how to do that as i think that
approach is much neater.
The alternative to using session state for logging in is to use an
auth mechanism like. basic auth + secure transport. This ensures that
all information is in the request and the application is not relying
on previous requests (as is the case when using session state).
IMHO i think one of the reasons why session state is used a lot is
because it is so damn hard to configure authentication. We *need* to
make this a lot easier.
Paul.