org.springframework.richclient.security.remoting
Class BasicAuthCommonsHttpInvokerProxyFactoryBean
java.lang.Object
org.springframework.remoting.support.RemoteAccessor
org.springframework.remoting.support.UrlBasedRemoteAccessor
org.springframework.remoting.support.RemoteInvocationBasedAccessor
org.springframework.remoting.httpinvoker.HttpInvokerClientInterceptor
org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean
org.springframework.richclient.security.remoting.BasicAuthCommonsHttpInvokerProxyFactoryBean
- All Implemented Interfaces:
- org.aopalliance.aop.Advice, org.aopalliance.intercept.Interceptor, org.aopalliance.intercept.MethodInterceptor, BeanClassLoaderAware, FactoryBean, InitializingBean, HttpInvokerClientConfiguration, AuthenticationAware
public class BasicAuthCommonsHttpInvokerProxyFactoryBean
- extends HttpInvokerProxyFactoryBean
- implements AuthenticationAware
Extension of HttpInvokerProxyFactoryBean that supports the use of BASIC
authentication on each HTTP request while using commons-httpclient.
Commons-httpclient can be easily configured to use SSL (so the BASIC authentication isn't sniffable):
ProtocolSocketFactory authSSLProtocolSocketFactory = new AuthSSLProtocolSocketFactory(null, null,
truststoreUrl, TRUSTSTORE_PASSWORD);
Protocol.registerProtocol("https", new Protocol("https", authSSLProtocolSocketFactory, 443));
This factory takes care of instantiating the proper invocation executor and keeping
it up to date with the latest user credentials. Once a more complete AOP implementation
is available, then this "token forwarding" can be removed as the default executor is
already wired to receive notifications when it is constructed by the application
context.
This configuration assumes that the user's credentials are "global" to the application
and every invocation should use the same credentials. If you need per-thread
authentication then you should look at using a combination of
HttpInvokerProxyFactoryBean and
org.acegisecurity.context.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor.
AuthenticationAware is implemented in order to get notifications of changes in
the user's credentials. Please see the class documentation for
AuthenticationAware to see how to configure the application context so
that authentication changes are broadcast properly.
- Author:
- Geoffrey De Smet, Larry Streepy
|
Method Summary |
void |
setAuthenticationToken(org.acegisecurity.Authentication authentication)
Handle a change in the current authentication token. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
BasicAuthCommonsHttpInvokerProxyFactoryBean
public BasicAuthCommonsHttpInvokerProxyFactoryBean()
- Constructor. Install the default executor.
setAuthenticationToken
public void setAuthenticationToken(org.acegisecurity.Authentication authentication)
- Handle a change in the current authentication token.
This method will fail fast if the executor isn't a CommonsHttpInvokerRequestExecutor.
- Specified by:
setAuthenticationToken in interface AuthenticationAware
- Parameters:
authentication - token- See Also:
AuthenticationAware.setAuthenticationToken(org.acegisecurity.Authentication)
Copyright © 2004-2008 The Spring Framework. All Rights Reserved.