users@jersey.java.net

Re: HttpSession

From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
Date: Tue, 08 Apr 2008 13:16:04 +0200

Jonathan Cook - Online wrote:
> Hi Paul,
>
> Yes I'd be interested in the @Session method you describe.
>

Create the annotation @PerSession:


import com.sun.ws.rest.spi.resource.ResourceFactory;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

@Target({ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
@ResourceFactory(PerSessionProvider.class)
public @interface PerSession {
}


Create the PerSessionProvider:


import com.sun.ws.rest.api.core.HttpContext;
import com.sun.ws.rest.api.model.AbstractResource;
import com.sun.ws.rest.spi.resource.ResourceProvider;
import com.sun.ws.rest.spi.service.ComponentProvider;
import com.sun.ws.rest.spi.service.ComponentProvider.Scope;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.core.Context;

public final class PerSessionProvider implements ResourceProvider {
     @Context HttpServletRequest r;

     private Class<?> c;

     public void init(ComponentProvider provider,
             AbstractResource abstractResource) {
         this.c = abstractResource.getResourceClass();
     }

     public Object getInstance(ComponentProvider provider, HttpContext
context) {
         HttpSession s = r.getSession();
         Object resource = s.getAttribute(c.getName());
         if (resource == null) {
             try {
                 resource =
provider.getInstance(Scope.ApplicationDefined, c);
                 s.setAttribute(c.getName(), resource);
             } catch (Exception e) {
                 throw new RuntimeException(e);
             }
         }

         return resource;
     }
}


Create the per-session resource:


import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.ProduceMime;

@Path("/")
@PerSession
public class SessionedResource {
     int count;

     @ProduceMime("text/plain")
     @GET public String count() {
         return Integer.toString(count++);
     }
}


Deploy in a Web container and goto the URL using a browser and keep
reloading. You should see a number in the browser increment on each reload.



> The state I was really interested in storing was whether a user was
> logged in or not, would the authentication mechanism you mention still
> be appropriate for this?
>

You can use HTTP authentication for this. The equivalent question is "is
the user authenticated or not". You can use the
javax.ws.rs.core.SecurityContext to check if authenticated or not by
calling the SecurityContext.getUserPrinciple method. But you need to
configure the Web container to require HTTP authentication.


You might find this article helpful:

http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html

if you want to using standard form-based security using a Web container
rather than doing your own thing. But i need to verify whether it is
compatible with Jersey....

Paul.

> Jon
>
> ------------------------------------------------------------------------
> *From:* Jonathan Cook - Online
> *Sent:* 04 April 2008 14:11
> *To:* users_at_jersey.dev.java.net
> *Subject:* HttpSession
>
> Hi,
>
> Probably a very simple question so apologies in advance but can you get
> at the HttpSession from within a resource class in a similar way that a
> Servlet class can?
>
> For example if people are logging on to an application with
> username/password could I store their username in the session. Maybe
> this goes against some RESTful principles and there is a different
> approach for this type of stuff but its all quite new to me.
>
> Thanks
> Jon
>
>
>
> http://www.bbc.co.uk
> This e-mail (and any attachments) is confidential and may contain
> personal views which are not the views of the BBC unless specifically
> stated.
> If you have received it in error, please delete it from your system.
> Do not use, copy or disclose the information in any way nor act in
> reliance on it and notify the sender immediately.
> Please note that the BBC monitors e-mails sent or received.
> Further communication will signify your consent to this.

-- 
| ? + ? = To question
----------------\
    Paul Sandoz
         x38109
+33-4-76188109