Spring Security Framework

Class ContextPropagatingRemoteInvocation

  extended by org.springframework.remoting.support.RemoteInvocation
      extended by org.springframework.security.context.rmi.ContextPropagatingRemoteInvocation
All Implemented Interfaces:

public class ContextPropagatingRemoteInvocation
extends RemoteInvocation

The actual RemoteInvocation that is passed from the client to the server, which contains the contents of SecurityContextHolder, being a SecurityContext object.

When constructed on the client via ContextPropagatingRemoteInvocationFactory, the contents of the SecurityContext are stored inside the object. The object is then passed to the server that is processing the remote invocation. Upon the server invoking the remote invocation, it will retrieve the passed contents of the SecurityContextHolder and set them to the server-side SecurityContextHolder whilst the target object is invoked. When the target invocation has been completed, the server-side SecurityContextHolder will be reset to a new instance of SecurityContextImpl.

James Monaghan, Ben Alex
See Also:
Serialized Form

Constructor Summary
ContextPropagatingRemoteInvocation(org.aopalliance.intercept.MethodInvocation methodInvocation)
          Constructs the object, storing the value of the client-side SecurityContextHolder inside the object.
Method Summary
 Object invoke(Object targetObject)
          Invoked on the server-side as described in the class JavaDocs.
Methods inherited from class org.springframework.remoting.support.RemoteInvocation
addAttribute, getArguments, getAttribute, getAttributes, getMethodName, getParameterTypes, setArguments, setAttributes, setMethodName, setParameterTypes, toString
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail


public ContextPropagatingRemoteInvocation(org.aopalliance.intercept.MethodInvocation methodInvocation)
Constructs the object, storing the value of the client-side SecurityContextHolder inside the object.

methodInvocation - the method to invoke
Method Detail


public Object invoke(Object targetObject)
              throws NoSuchMethodException,
Invoked on the server-side as described in the class JavaDocs.

Invocations will always have their Authentication.setAuthenticated(boolean) set to false, which is guaranteed to always be accepted by Authentication implementations. This ensures that even remotely authenticated Authentications will be untrusted by the server-side, which is an appropriate security measure.

invoke in class RemoteInvocation
targetObject - the target object to apply the invocation to
the invocation result
NoSuchMethodException - if the method name could not be resolved
IllegalAccessException - if the method could not be accessed
InvocationTargetException - if the method invocation resulted in an exception

Spring Security Framework

Copyright © 2004-2010 SpringSource, Inc. All Rights Reserved.