WSO2 check if user is authenticated JSESSIONID, if session is still valid

StackOverflow https://stackoverflow.com/questions/17339118

  •  01-06-2022
  •  | 
  •  

Frage

I am using the AuthenticationAdmin webservices supplied by WSO2 Identity Server 4.1.0 for user authentication.

With the webservice operation 'login', I can authenticate a user and retrieve a JSESSIONID.

The created session will eventually time out. How do I check whether the session is still valid?

Some context (also to check if I am getting this right): I running a secondary webservice which is not 'protected' by the WSO2 server. I can modify this secondary webservice, so that it can check whether or not a user has successfully logged in. But I dont know how. So once the JSESSIONID has been retrieved, I will need to use it every time the user is accessing the secondary webservice.

War es hilfreich?

Lösung

If I understand correctly, you need to give access to the web service only for authenticated users.

There are many ways to secure a web service. Since you are using AuthenticationAdmin to login, you can define your web service as an Admin Service.

I guess you are trying code first approach for your web service. You can try extending your web service to org.wso2.carbon.core.AbstractAdmin.

For example, we can see UserAdmin service in WSO2 Kernel. https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.1.0/core/org.wso2.carbon.user.mgt/4.1.0/

UserAdmin service: https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.1.0/core/org.wso2.carbon.user.mgt/4.1.0/src/main/java/org/wso2/carbon/user/mgt/UserAdmin.java

axis2 services.xml: https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.1.0/core/org.wso2.carbon.user.mgt/4.1.0/src/main/resources/META-INF/services.xml

You can see following properties in services.xml

<parameter name="adminService" locked="false">true</parameter>
<parameter name="hiddenService" locked="false">true</parameter>

Using the generated WSDL from this service you can create the service stub.

See https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.1.0/service-stubs/org.wso2.carbon.user.mgt.stub/4.1.0/

Now you can use the stub and your cookie to access the service. For example see https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.1.0/core/org.wso2.carbon.user.mgt.ui/4.1.0/src/main/java/org/wso2/carbon/user/mgt/ui/UserAdminClient.java

ServiceClient client = stub._getServiceClient();
Options option = client.getOptions();
option.setManageSession(true);
option.setProperty(org.apache.axis2.transport.http.HTTPConstants.COOKIE_STRING, cookie);

I hope this helps.

Thanks!

Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top