context passing with RMI
Tom Johnson
Ranch Hand
Posts: 142
posted 10 years ago
Hi all,
My question is about context passing from client to server using RMI. Here is my situation :
I am using spring as framework on client and server in non-J2EE application. I am planning to use RMI to expose a number of services on the server side, using I guess RmiServiceExporter in Spring. The services need authorization but I don't want to pass a user name as a parameter as part of each operation on interface, so I need to transparently pass the user/security context to the server side (user name is all that is required). On the server, side I plan to use AOP to intercept the calls to these operations and delegate authorization to an aspect which connects to a legacy security service (which I must use) and checks if specified user name has permission for specified service. I don't think I need Acegi as all I want to propogate to server is the user name, the mapping of user name to roles is defined on server side in legacy security service.
Can anyone point me in the right direction on how to accomplish this as I am a little worried about the following comment in the Spring reference docs :
"Using Spring's support for RMI, you can transparently expose your services through the RMI infrastructure. After having this set up, you basically have a configuration similar to remote EJBs, except for the fact that there is no standard support for security context propagation or remote transaction propagation. Spring does provide hooks for such additional invocation context when using the RMI invoker, so you can for example plug in security frameworks or custom security credentials here."
-- Is there any example of these "hooks" as I could not find any? Not sure if this should be in the "frameworks" forum or not....
Thanks in advance for any assistance
/Tom
My question is about context passing from client to server using RMI. Here is my situation :
I am using spring as framework on client and server in non-J2EE application. I am planning to use RMI to expose a number of services on the server side, using I guess RmiServiceExporter in Spring. The services need authorization but I don't want to pass a user name as a parameter as part of each operation on interface, so I need to transparently pass the user/security context to the server side (user name is all that is required). On the server, side I plan to use AOP to intercept the calls to these operations and delegate authorization to an aspect which connects to a legacy security service (which I must use) and checks if specified user name has permission for specified service. I don't think I need Acegi as all I want to propogate to server is the user name, the mapping of user name to roles is defined on server side in legacy security service.
Can anyone point me in the right direction on how to accomplish this as I am a little worried about the following comment in the Spring reference docs :
"Using Spring's support for RMI, you can transparently expose your services through the RMI infrastructure. After having this set up, you basically have a configuration similar to remote EJBs, except for the fact that there is no standard support for security context propagation or remote transaction propagation. Spring does provide hooks for such additional invocation context when using the RMI invoker, so you can for example plug in security frameworks or custom security credentials here."
-- Is there any example of these "hooks" as I could not find any? Not sure if this should be in the "frameworks" forum or not....
Thanks in advance for any assistance
/Tom
<a href="http://faq.javaranch.com/java/UseCodeTags" target="_blank" rel="nofollow">Use Code Tags!!</a>
