BasicAuthHttpInvokerRequestExecutor (Spring Rich Client 1.1.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.richclient.security.remoting
Class BasicAuthHttpInvokerRequestExecutor

Show UML class diagram

java.lang.Object
  org.springframework.remoting.httpinvoker.AbstractHttpInvokerRequestExecutor
      org.springframework.remoting.httpinvoker.SimpleHttpInvokerRequestExecutor
          org.springframework.richclient.security.remoting.BasicAuthHttpInvokerRequestExecutor

All Implemented Interfaces:: BeanClassLoaderAware, HttpInvokerRequestExecutor, AuthenticationAware

public class BasicAuthHttpInvokerRequestExecutor
extends SimpleHttpInvokerRequestExecutor
implements AuthenticationAware
extends SimpleHttpInvokerRequestExecutor
implements AuthenticationAware

Adds BASIC authentication support to SimpleHttpInvokerRequestExecutor. This class assumes that a single authentication credential will be used for the whole application (as is typical with a rich client). So, regardless of the thread involved, it will use the Authentication object obtained from the last authentication token received.

In comparison, see org.springframework.security.context.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor for a class that manages the Authentication per-thread. If you need to have threads with different authentication credentials, then you should use the Spring Security class instead.

Typically, instances of this class will be automatically created by using BasicAuthHttpInvokerProxyFactoryBean, which will take care of keeping this instance updated with the latest authentication token. In case you want to use this executor with a different invoker factory, this class implements AuthenticationAware so that it will automatically receive notification of changes in the authentication token.

Note that this configuration could lead to instances of this class receiving two notifications of an authentication token change. However, that would only happen if both the BasicAuthHttpInvokerProxyFactoryBean is used and this class is created as a bean in the application context. This seemed unlikely enough that I erred on the side of "ease of use". Also, the current implementation does nothing more than store a reference to the new token, so receiving two notifications isn't a problem.

Author:: Larry Streepy
See Also:: BasicAuthHttpInvokerProxyFactoryBean

Field Summary

Fields inherited from class org.springframework.remoting.httpinvoker.AbstractHttpInvokerRequestExecutor
`CONTENT_TYPE_SERIALIZED_OBJECT, ENCODING_GZIP, HTTP_HEADER_ACCEPT_ENCODING, HTTP_HEADER_CONTENT_ENCODING, HTTP_HEADER_CONTENT_LENGTH, HTTP_HEADER_CONTENT_TYPE, HTTP_METHOD_POST, logger`

Constructor Summary
`BasicAuthHttpInvokerRequestExecutor()` Constructor.

Method Summary
`protected void`	`doPrepareConnection(HttpURLConnection con, int contentLength)` Provided so subclasses can perform additional configuration if required (eg set additional request headers for non-security related information etc).
`org.springframework.security.Authentication`	`getAuthenticationToken()` Get the Authentication object for the current user, if any.
`protected void`	`prepareConnection(HttpURLConnection con, int contentLength)` Called every time a HTTP invocation is made.
`void`	`setAuthenticationToken(org.springframework.security.Authentication authentication)` Notifies listener of the new (current) Authentication token for the user.

Methods inherited from class org.springframework.remoting.httpinvoker.SimpleHttpInvokerRequestExecutor
`doExecuteRequest, isGzipResponse, openConnection, readResponseBody, validateResponse, writeRequestBody`

Methods inherited from class org.springframework.remoting.httpinvoker.AbstractHttpInvokerRequestExecutor
`createObjectInputStream, decorateInputStream, decorateOutputStream, doReadRemoteInvocationResult, doWriteRemoteInvocation, executeRequest, getBeanClassLoader, getByteArrayOutputStream, getContentType, isAcceptGzipEncoding, readRemoteInvocationResult, setAcceptGzipEncoding, setBeanClassLoader, setContentType, writeRemoteInvocation`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

BasicAuthHttpInvokerRequestExecutor

public BasicAuthHttpInvokerRequestExecutor()

Constructor.

Method Detail

setAuthenticationToken

public void setAuthenticationToken(org.springframework.security.Authentication authentication)

Description copied from interface: AuthenticationAware

Notifies listener of the new (current) Authentication token for the user. This may be null if the authentication state is unknown (as it may be when the Application context is being constructed) or after a user logs out.

Specified by:: setAuthenticationToken in interface AuthenticationAware

Parameters:: authentication - token

getAuthenticationToken

public org.springframework.security.Authentication getAuthenticationToken()

Get the Authentication object for the current user, if any.

doPrepareConnection

protected void doPrepareConnection(HttpURLConnection con,
                                   int contentLength)
                            throws IOException

Provided so subclasses can perform additional configuration if required (eg set additional request headers for non-security related information etc).

Parameters:: con - the HTTP connection to prepare; contentLength - the length of the content to send
Throws:: IOException - if thrown by HttpURLConnection methods

prepareConnection

protected void prepareConnection(HttpURLConnection con,
                                 int contentLength)
                          throws IOException

Called every time a HTTP invocation is made.

Simply allows the parent to setup the connection, and then adds an Authorization HTTP header property that will be used for BASIC authentication. Following that a call to doPrepareConnection(java.net.HttpURLConnection, int) is made to allow subclasses to apply any additional configuration desired to the connection prior to invoking the request.

The previously saved authentication token is used to obtain the principal and credentials. If the saved token is null, then the "Authorization" header will not be added to the request.

Overrides:: prepareConnection in class SimpleHttpInvokerRequestExecutor

Parameters:: con - the HTTP connection to prepare; contentLength - the length of the content to send
Throws:: IOException - if thrown by HttpURLConnection methods