JAX-WS - Turning on outgoing SOAP headers for client

Discussion in 'Java' started by Richard Maher, Feb 20, 2008.

  1. Hi,

    Sorry if this question is a dog's-breakfast with incorrect terminology (all
    the test stuff is back in another office and I'm too lazy to re-look it all
    up :) but the fundemental question is a very basic one. We're using JAX-WS
    to generate client code from a Application Service provider's WSDL that is
    intended to provide stateful sessions between client and server. We have
    turned on http message dumping to the console and can see that incoming
    replies contain a SOAP header (with a Session Id) but the outgoing calls
    only have a SOAP body. So, how do we (or the WSDL authors) tell Java to turn
    on SOAP headers so that we can reply with the SessionId we got back from the
    Authenticate?

    1) I've turned on the
    (portormaybeservice)somethingBinding.SESSIONSOMETHINGPERSISTENT=true (but
    without a header we can't really tell the server what session id they gave
    us last time?)
    2) I've seen the code examples about injecting seemingly arbitrary header
    tags, but I'm guessing if we can just make the header appear at all then the
    Session Id <tag> will automagically appear?
    3) I've seen at the GlassFish site that @webParams has a (mode=out,
    head=true) option, but it didn't like "out" and the head(er)=true didn't
    seem to do anything (and this should be controlled by the WSDL right? Or the
    Import?)

    The SessionId and Stateful Sessions stuff is supposed to be transparent is
    it not?

    Anyway, just thought I'd run it up the flag-pole in case it's obvious to
    everyone except me.

    Cheers Richard Maher
     
    Richard Maher, Feb 20, 2008
    #1
    1. Advertising

  2. Richard Maher

    Arne Vajhøj Guest

    Richard Maher wrote:
    > Sorry if this question is a dog's-breakfast with incorrect terminology (all
    > the test stuff is back in another office and I'm too lazy to re-look it all
    > up :) but the fundemental question is a very basic one. We're using JAX-WS
    > to generate client code from a Application Service provider's WSDL that is
    > intended to provide stateful sessions between client and server. We have
    > turned on http message dumping to the console and can see that incoming
    > replies contain a SOAP header (with a Session Id) but the outgoing calls
    > only have a SOAP body. So, how do we (or the WSDL authors) tell Java to turn
    > on SOAP headers so that we can reply with the SessionId we got back from the
    > Authenticate?
    >
    > 1) I've turned on the
    > (portormaybeservice)somethingBinding.SESSIONSOMETHINGPERSISTENT=true (but
    > without a header we can't really tell the server what session id they gave
    > us last time?)
    > 2) I've seen the code examples about injecting seemingly arbitrary header
    > tags, but I'm guessing if we can just make the header appear at all then the
    > Session Id <tag> will automagically appear?
    > 3) I've seen at the GlassFish site that @webParams has a (mode=out,
    > head=true) option, but it didn't like "out" and the head(er)=true didn't
    > seem to do anything (and this should be controlled by the WSDL right? Or the
    > Import?)
    >
    > The SessionId and Stateful Sessions stuff is supposed to be transparent is
    > it not?
    >
    > Anyway, just thought I'd run it up the flag-pole in case it's obvious to
    > everyone except me.


    Is the session supposed to be maintained at the HTTP level (via cookies)
    or at the SOAP level (with an element within the SOAP envelope) ?

    The first should be relative easy. See something like:

    http://weblogs.java.net/blog/ramapulavarthi/archive/2006/06/maintaining_ses.html

    The second could be more difficult. And I would find it tempting to
    use a heavier web service toolkit like Axis to do it.

    Arne
     
    Arne Vajhøj, Feb 25, 2008
    #2
    1. Advertising

  3. Hi Arne,

    Thanks for the reply.

    > Is the session supposed to be maintained at the HTTP level (via cookies)
    > or at the SOAP level (with an element within the SOAP envelope) ?
    >
    > The first should be relative easy. See something like:
    >
    >

    http://weblogs.java.net/blog/ramapulavarthi/archive/2006/06/maintaining_ses.html
    >
    > The second could be more difficult. And I would find it tempting to
    > use a heavier web service toolkit like Axis to do it.
    >


    In this particular case, as we are obviously bound by the rules an
    conventions of the Application Provider, we had to poke a "SessionId tag
    into the SOAP header. What's more, we had to append a sequence number to
    categorize/demarcate each message interaction. That is, set it to N when we
    send a message and then get N back, before incrementing it to N+1 for the
    next exchange, and so on.We did this with: -

    WSBindingProvider bp = (WSBindingProvider)myProxyPort;
    bp.setOutboundHeaders(
    Headers.create(new QName("http://somehost.com","SessionId"), SessionId +
    "|" + SessionSeq)

    (I'm guessing this is similar to SQL Server and <sqloptions:sqlSession>?)

    Setting this tag had the desired side effect of forcing the SOAP headers
    out. I had already read the web-link you provided and we had previously
    tried the
    bp.getRequestContext().put(WSBindingProvider.SESSION_MAINTAIN_PROPERTY,true)
    ; Exactly what [WS]BindingProvider provides over and above BindingProvider
    I'm not sure, but these seem to be the instruments of the mega-fudge for
    poking all sorts of crap in there that were left out of the standard.

    I think the main problem here is that, like all http, "By design
    Web-services are stateless"! This seems to be a common theme running through
    most of the web-sites discussing SOAP-Sessions that I could find. (If there
    are people using the WSSE standards out there, I certainly couldn't find
    them.) I did have a brief look at Axis2 and ServiceGroupId but it started to
    look even more idiosyncratic and certainly harder. Which reminded me of one
    of the pages I visited recently: -

    "Why is Java Web Services so hard?" blog
    http://soabook.com/blog/?p=5

    Dave Podnar's 5 Stages of Dealing with Web Services
    -------------------------------------------------------

    Denial - It's Simple Object Access Protocol, right?

    Over Involvement - OK, I'll read the SOAP, WSDL, WS-I BP, JAX-RPC, SAAJ,
    JAX-P,. specs. next, I'll check the Wiki and finally follow an example
    showing service and client sides.

    Anger - I can't believe those #$%&*@s made it so difficult!

    Guilt - Everyone is using Web Services, it must be me, I must be missing
    something.

    Acceptance - It is what it is, Web Services aren't simple or easy.
    -----------------------------------------------------------------------

    Then this particular Application Provider Authentication deploys:-

    .. Application-specific authentication with Username/Password sent via the
    XML/body

    .. Authentication/sign-on errors returned via XML messages while other
    exceptions are thrown as SOAP[Fault]Exceptions (which presumably are more
    appropriate and the mut's-nut's when compared to simple SOAPExceptions?

    .. Customer tailored WSDL files then generate nested Java Sub-classes for
    every layer of XML tag.

    At this stage I'm wondering what *exactly* SOAP gives us over and above a
    simple XMLHttpRequest-type mechanism? But like David Podnar's "Guilt" I
    figure it must be me, and it's time to learnt more about SOAP, until I hear
    that a colleague's wife over here, at an ex-government quango utility, has
    just cost USD$15K to go on a SOAP course! No wonder Gartner, and IT industry
    in general, love SOAP; it's ahuge money-spinner! We get to stick-it to the
    customer one more time - hoorah! And we wonder why everyone's outsourcing to
    Mumbai and Bangalore :-(

    Cheers Richard Maher

    "Arne Vajhøj" <> wrote in message
    news:47c224bd$0$90266$...
    > Richard Maher wrote:
    > > Sorry if this question is a dog's-breakfast with incorrect terminology

    (all
    > > the test stuff is back in another office and I'm too lazy to re-look it

    all
    > > up :) but the fundemental question is a very basic one. We're using

    JAX-WS
    > > to generate client code from a Application Service provider's WSDL that

    is
    > > intended to provide stateful sessions between client and server. We have
    > > turned on http message dumping to the console and can see that incoming
    > > replies contain a SOAP header (with a Session Id) but the outgoing calls
    > > only have a SOAP body. So, how do we (or the WSDL authors) tell Java to

    turn
    > > on SOAP headers so that we can reply with the SessionId we got back from

    the
    > > Authenticate?
    > >
    > > 1) I've turned on the
    > > (portormaybeservice)somethingBinding.SESSIONSOMETHINGPERSISTENT=true

    (but
    > > without a header we can't really tell the server what session id they

    gave
    > > us last time?)
    > > 2) I've seen the code examples about injecting seemingly arbitrary

    header
    > > tags, but I'm guessing if we can just make the header appear at all then

    the
    > > Session Id <tag> will automagically appear?
    > > 3) I've seen at the GlassFish site that @webParams has a (mode=out,
    > > head=true) option, but it didn't like "out" and the head(er)=true didn't
    > > seem to do anything (and this should be controlled by the WSDL right? Or

    the
    > > Import?)
    > >
    > > The SessionId and Stateful Sessions stuff is supposed to be transparent

    is
    > > it not?
    > >
    > > Anyway, just thought I'd run it up the flag-pole in case it's obvious to
    > > everyone except me.

    >
    > Is the session supposed to be maintained at the HTTP level (via cookies)
    > or at the SOAP level (with an element within the SOAP envelope) ?
    >
    > The first should be relative easy. See something like:
    >
    >

    http://weblogs.java.net/blog/ramapulavarthi/archive/2006/06/maintaining_ses.html
    >
    > The second could be more difficult. And I would find it tempting to
    > use a heavier web service toolkit like Axis to do it.
    >
    > Arne
     
    Richard Maher, Feb 28, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Karl Uppiano

    Migrating JAX-RPC to JAX-WS

    Karl Uppiano, Dec 15, 2006, in forum: Java
    Replies:
    1
    Views:
    580
    Karl Uppiano
    Dec 15, 2006
  2. Karl Uppiano
    Replies:
    3
    Views:
    679
    Karl Uppiano
    Dec 19, 2006
  3. Replies:
    0
    Views:
    776
  4. Sascha Roth
    Replies:
    2
    Views:
    842
    Sascha Roth
    Jul 3, 2009
  5. Devesh Kumar

    How to see the outgoing SOAP envelop

    Devesh Kumar, Feb 20, 2004, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    142
    Devesh Kumar
    Feb 20, 2004
Loading...

Share This Page