Posts Tagged ‘jsessionid’

A new 0.5 version of CP2JavaWS bridge isĀ available at Sourceforge. It includes the following new features :

– full digest authentication (rfc2617) support (tested on Safari and Firefox), with automatic retrigger of original connection.
Besides digest parameters settings (nonce life, realm, etc.), the authentication filter allows to set list of services that require (or not) authentication (using includes and excludes).
Authentication occurs only once (for the first service that requires it).

Note : only works with sameDomain (when using JSONP digest authentication could happen, but there is no mean to check response status nor retrieve response headers – see security considerations)

– session/state management : JSESSIONID cookie is automatically retrieved once authentication challenge ends (Authentication-info response header with Ok code) and added to following requests (had to be coded for Safari – Firefox handles it natively).

Note : only works with sameDomain (when using JSONP, for security reason the server isn’t allowed to set a cookie to the client, as it originates from another domain).

– a new Habilitation fillter has been added : it allows (through a custom habilitation service) to set access rules for services, depending on the user, remote service and method called (these rules apply after authentication check).

– sameDomain setting moved from remoteService to endPoint (the same for all services of a web app).

– the packaged cp2javaws-filter.jar now includes the right files (sources files were ok however).