Results 1 to 4 of 4
  1. #1
    bluesheeva is offline Member
    Join Date
    Dec 2008
    Posts
    3
    Rep Power
    0

    Default Redirect page in web service

    Hi,

    I am developing a web service for a client. When a client access the web service, he will be authenticated first. If the authentication is fail, he will be redirected to the error page. The question is how to redirect into a web page from web service? My code is below:

    @WebService()
    public class basicWS {

    @Resource()
    WebServiceContext wsContext;

    /**
    * Web service operation
    */
    @WebMethod(operationName = "returnName")
    public String returnName(@WebParam(name = "i") String i) {

    //TODO write your implementation code here:
    String tokenTest = "invalidToken:";
    if (globalVar.testToken == false) {
    response.redirect("error.html) --> this doesn't work for redirect page
    return tokenTest+";"+i;
    } else{
    return "success:" +globalVar.clientPerm;
    }
    }


    I want to redirect page after the if statement above. Does anybody know how to solve it?

    Thanks,

    Rick

  2. #2
    Steve11235's Avatar
    Steve11235 is offline Senior Member
    Join Date
    Dec 2008
    Posts
    1,046
    Rep Power
    8

    Default

    With a Web service, your approach doesn't sound like it will work. You are trying to make Web page authentication work with a Web service, and they don't operate the same way. Web services are much more simple. Also, you can't send a Web service client an error page. It expects back a SOAP message.

    Look at the documentation for your Web application server and see if it provides any Web service request authentication methods, such as requiring a certificate be attached to the request before the request can be processed.

    The other option is to include authentication information in each request. Web services are stateless, so the authentication must be provided every time.

    A solution for your situation is to require the client to access two Web services. The first one requires credentials and returns a token if the request provides valid credentials. The second service requires a valid token as part of its request. The client can store the token for multiple requests, although the token should "expire" before long.

  3. #3
    bluesheeva is offline Member
    Join Date
    Dec 2008
    Posts
    3
    Rep Power
    0

    Default

    Hi Steve,

    Thanks for your reply. It helps me understand more about web service.

    Talking about two web services. Let say if the user is not authenticated /not valid user in the first web service, can the user still be redirected to other web page (error web page?)? From your explanation, it seems that web service can't redirect user to the other web page residing in web server. could you advise more.

    Thanks,

    rick

  4. #4
    Steve11235's Avatar
    Steve11235 is offline Senior Member
    Join Date
    Dec 2008
    Posts
    1,046
    Rep Power
    8

    Default

    In a Web service, there are no pages. Instead, special XML messages are exchanged, containing fields. In the authentication reply, you would return a token of some sort, probably as a string. You could return a zero-length value in the token field if the authentication failed, or you could include an error message field. Remember, the client is generally a program as well, so the response needs to be clear enough for a program to interpret.

    As far a redirecting, there isn't any. The client calls the first service to get a token, and then calls the second service if the first service returns a valid token. If not, the client program has to do something else.

    One last thing. Be careful how you design the token, depending on how secure the application needs to be. One way to approach that is to encrypt some information in the first service, and have the second service decrypt the token and check the information.

    However, if you need real security, as in someone might actually want to hack your system, you have to be careful that someone watching the traffic doesn't intercept the token. Using secure connections is generally good enough (SSL/TLS).

Similar Threads

  1. Redirect Page in SOAP Message Handler
    By bluesheeva in forum Advanced Java
    Replies: 0
    Last Post: 12-28-2008, 01:43 PM
  2. How to redirect the output
    By JavaBean in forum Java Tip
    Replies: 0
    Last Post: 10-04-2007, 10:30 PM
  3. redirect page within a java applet
    By paul in forum Java Applets
    Replies: 1
    Last Post: 08-07-2007, 06:11 AM
  4. how to redirect the browser
    By simon in forum Java Applets
    Replies: 1
    Last Post: 08-02-2007, 06:24 PM
  5. How can I redirect in servlet?
    By Heather in forum Java Servlet
    Replies: 1
    Last Post: 07-14-2007, 06:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •