Session sharing in webservice - web-services

I am using a gwt based application and I want to introduce web service [Apache CXF ] to provide access business layer to other application which is build up in other technology like php, iphone and android.
As per client requirement,
->create gui pages in php
->create login module (with oauth concept) in php
->Use php webservice for login process
->Use java webservice to access business layer
Now my question is to access particular business layer for security reason we have to maintain user session some how. right?
so as I mention requirement how can I manage session in my Java EE app server. should I have to create a session for per user request?
How could I maintain session for user if my login module on Apache server?
Note: Please note that my login is using a php app which has some oauth feature and that will redirect to Java EE app.

Passing JSESSIONID between instances of application server will do you nothing. Unless sessions are clustered, each application has it's own session container and cannot be shared, (unless you write a custom valve that will search for all sessions in application server). Plus WS does not have a notion of http session, you would have to implement your own mechanism. Plese elaborate what are you trying to achieve? And then we will be able to help you more.

Related

User authentication in java web services

Im developing a java web application which is deployed on a glassfish server. The web services are used to connect to user databases. Each user has a database. My question is, is there a way to keep track of the user? For example in servlets we use sessions in order to store some user specific data. Is there something similar to it in web services? It seems impractical to have to authenticate the username and password each time the user sends a request to a web service. Thanks.
Web services may also use sessions, however there are good reasons to keep them stateless:
it might be that the clients do not support sessions (cookies), e.g. if your clients are not browser based;
stateless services are easier to scale.
You do not have to use username+password for authentication. You may use JWT (or other kind of access tokens) to protect them.
Auth0 has got nice article on this topic:
https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/

How will remote api calls in PhoneGap app work with Good?

I want to use an existing developed PhoneGap app I have developed and deploy it onto Good.
What I don't understand is how authentication of remote api calls will work within Good?
For example
Within the app I make remote calls to a webservice end point
The webservice is strictly only available to authenticated users' within
the network (It's behind a firewall)
Questions
Does Good provide a proxy, where the url of the webservice is pointed to the Good server which in turn calls the actual webservice end point?
If so, is the proxy 'automatically; created or does a proxy alias have to be created in good and it is this alias as what I specify within the phonegap app? i.e. Do I have to change the web service url in the PhoneGap app
Any ideas how fire-walled web services are configured in Good?
Is the authentication of the user passed through Good which effectively is setup to access resources within the fire-walled internal network?
Do I have to package the PhoneGap app into a 'Good' app?
Thanks
Edit
I have seen that 'Containerizing via App Wrapping' may come into this somewhere?

Do I need a web service in this case? When do we use them?

my issue is about web services and all the stuff around that. I've developed a java web app, using hibernate (to connect with a mysql DB), jsf and primefaces. The only thing I have to show to the user is the index.xhtml which will search a data in a database. All of this is running on my PC with my local apache server.
But a doubt comes to my mind when I wonder if I deploy this web app in the apache server of the company, do we need something such as a web service o something like that o they just can access to the index.xhtml and start the queries?
Sorry for this but I'm totally new repesct web services, web app, web server and all these stuff.
PS. So, when do we use web services? and web server?
Thanks in advance :)
A web service is typically used as an API that might be integrated into another application. For example, if you have a way to accept payment information. You could make that a web service that would let some other application (e.g. an auction site) make calls into your web service to do some work.
Think of it a bit like a DLL that is accessible on the web. It won't have an interface, it is a collection of methods that either return data or execute some code. It will not return a UI.
So when you use a web service would be a similar question to when you need to break code out into a separate assembly.
On your specific question above, you would not need a web service, if your web application is doing everything you need it to do, then all you need is a web application.

Liferay custom web services

I have some questions about the use of Liferay and Lyferay web services.
I have read the documentation liferay in particular the chapter 11 and 12 (development/Documentation)about the development (or use) of web services in Liferay ... but this documentation does not seem complete than what you can do (Searching on the web you can find different approaches regarding the use of Liferay).
So, here are my questions / concerns ...
Suppose you develop your portlets in Liferay .. This way I can interact with the 'core' of Liferay and also write the front-end of my webapp that will be on Liferay. For example I can authenticate the user in my webapp using the Liferay API.
If I wanted to have an authentication system to access in my web app through my mobile app?
I'm not crazy .. I also would like to have my own mobile app developed with native code. In this case I would expect to have a REST service to interact with Liferay.
I think that, in this case, I have to expose all of the functionality of my web app (portlet) also as web serivices
For example ... we can reason with regard to the user authentication..
I thought that you can:
1. Use the webservice native Liferay to access from the outside.
2. E'possibile to write my own web service.
   In this case, I'll have to write a portlet that is actually a webservice?
   When it might be convenient to implement a CAS?
As Liferay works as regards the user session (for authenticated users)?
   In this case we will provide somehow username and password.
If successful, I will have a token or session ID?
Here I can read:
To call the AXIS web service using credentials, you would use the
following URL syntax:
http://" + userIdAsString + ":" + password + "#[server.com]:[port]/api/secure/axis/" + serviceName
I did not really understand if this should be done only to authorize the untente during login
I probably I am confused but the official documentation for Liferay is not my friend right now: (
Yes you want to use custom portlet services in your native mobile app...
I have written very simple blog for doing exactly this:
Please follow the below link:
http://integrating-java.blogspot.in/2014/04/liferay-mobile-sdk-custom-services-part_4.html
By this you can use your portlet's custom service in your mobile native application.
And best part is you do not have to go through the authentication process if you use Liferay mobile sdk for this thing direct service call is enough.

Sharing sessions between webapps in Jetty 8

I am looking into migrating from Tomcat to Jetty 8 for a custom web application that will essentially be a portal (though it won't be using a JSR-168 or similar portal container). The key concept for the purposes of this post is that the user will only need to log in once, and then he will need to access URLs from several different web applications all running on the same Jetty server. Once the user has logged in they should automatically be authenticated to any other web application running on the server.
Tomcat has the org.apache.catalina.authenticator.SingleSignOn valve which accomplishes this exact task. Once you log into a web application, the SingleSignOn valve will automatically log you into any other web applications.
So, is there a similar way to provide this same functionality in Jetty 8? It seems that there is a separate SessionManager for each web application. Can you configure or programatically assign the same SessionManager instance to each web application? Is there some other solution that is provided by Jetty out of the box?
HashSSORealm provides a simple way to use SingleSign on with Jetty. See:
http://docs.codehaus.org/display/JETTY/Single+Sign+On+-+Jetty+HashSSORealm