• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

context passing with RMI

 
Ranch Hand
Posts: 142
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,
My question is about context passing from client to server using RMI. Here is my situation :

I am using spring as framework on client and server in non-J2EE application. I am planning to use RMI to expose a number of services on the server side, using I guess RmiServiceExporter in Spring. The services need authorization but I don't want to pass a user name as a parameter as part of each operation on interface, so I need to transparently pass the user/security context to the server side (user name is all that is required). On the server, side I plan to use AOP to intercept the calls to these operations and delegate authorization to an aspect which connects to a legacy security service (which I must use) and checks if specified user name has permission for specified service. I don't think I need Acegi as all I want to propogate to server is the user name, the mapping of user name to roles is defined on server side in legacy security service.

Can anyone point me in the right direction on how to accomplish this as I am a little worried about the following comment in the Spring reference docs :

"Using Spring's support for RMI, you can transparently expose your services through the RMI infrastructure. After having this set up, you basically have a configuration similar to remote EJBs, except for the fact that there is no standard support for security context propagation or remote transaction propagation. Spring does provide hooks for such additional invocation context when using the RMI invoker, so you can for example plug in security frameworks or custom security credentials here."

-- Is there any example of these "hooks" as I could not find any? Not sure if this should be in the "frameworks" forum or not....

Thanks in advance for any assistance
/Tom
reply
    Bookmark Topic Watch Topic
  • New Topic