0

This is for use with Apache CXF based SOAP service.

I have a particular scenario where the client is not able to return a cookie or keep track of a cookie. However, I am attempting to handle the session support via URL rewriting.

What I'm looking to do is to define my URL as: 

 http://{server}/{session}/service/path/goes/here

How might I handle the incoming request on the service/path/goes/here handler to take the id given in the URL?

It looks like the HTTPSession is deeply embedded within the PhaseInterceptorChain.

A simplified version of this question: Is there any way to override the session resolver behavior for HTTPSessions.

Note I realize this is a bad practice in public to expose session tokens, however the context of this service is restricted to particular clients, and the URLs are generated. (It's meant for mocking out requests)

monksy
  • 14,156
  • 17
  • 75
  • 124
  • Still not sure why you want session in SOAP callls? If you need to get the user that calls your service maybe you need to use authentication? – tsolakp Jul 11 '17 at 21:25
  • I'm looking to mock out an existing service and the session is used to keep the state of the current object .. this isn't an authentication practice A session is needed to keep the state of that object for that user/client (and how it deviated from the baseline) The sesssion support can expire that user's object – monksy Jul 11 '17 at 21:36

0 Answers0