User Authentication
A stock trading application can have a wide variety of schemes for authenticating users. For a sessionless application, you might have users send a username and password along with each request, or you might require users to digitally sign their requests. For a session-oriented application, users can supply a username and password up front, or use a digitally signed login request. After the initial login, the system provides the user with a session token that identifies that user's unique session. You may recall that the UDDI publishing API uses a token scheme for identifying users.
For large-scale applications, you should avoid sessions if possible. If you have the potential of tens of thousands of users, you probably can't ...
Get Java™ Web Services Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
