@UsesSunHttpServer public class SimpleHttpInvokerServiceExporter extends RemoteInvocationSerializingExporter implements com.sun.net.httpserver.HttpHandler
HttpHandler
interface.
Deserializes remote invocation objects and serializes remote invocation result objects. Uses Java serialization just like RMI, but provides the same ease of setup as Caucho's HTTP-based Hessian and Burlap protocols.
HTTP invoker is the recommended protocol for Java-to-Java remoting. It is more powerful and more extensible than Hessian and Burlap, at the expense of being tied to Java. Nevertheless, it is as easy to set up as Hessian and Burlap, which is its main advantage compared to RMI.
WARNING: Be aware of vulnerabilities due to unsafe Java deserialization: Manipulated input streams could lead to unwanted code execution on the server during the deserialization step. As a consequence, do not expose HTTP invoker endpoints to untrusted clients but rather just between your own services. In general, we strongly recommend any other message format (e.g. JSON) instead.
HttpInvokerClientInterceptor
,
HttpInvokerProxyFactoryBean
,
SimpleHessianServiceExporter
,
SimpleBurlapServiceExporter
CONTENT_TYPE_SERIALIZED_OBJECT
logger
Constructor and Description |
---|
SimpleHttpInvokerServiceExporter() |
Modifier and Type | Method and Description |
---|---|
protected InputStream |
decorateInputStream(com.sun.net.httpserver.HttpExchange exchange,
InputStream is)
Return the InputStream to use for reading remote invocations,
potentially decorating the given original InputStream.
|
protected OutputStream |
decorateOutputStream(com.sun.net.httpserver.HttpExchange exchange,
OutputStream os)
Return the OutputStream to use for writing remote invocation results,
potentially decorating the given original OutputStream.
|
void |
handle(com.sun.net.httpserver.HttpExchange exchange)
Reads a remote invocation from the request, executes it,
and writes the remote invocation result to the response.
|
protected RemoteInvocation |
readRemoteInvocation(com.sun.net.httpserver.HttpExchange exchange)
Read a RemoteInvocation from the given HTTP request.
|
protected RemoteInvocation |
readRemoteInvocation(com.sun.net.httpserver.HttpExchange exchange,
InputStream is)
Deserialize a RemoteInvocation object from the given InputStream.
|
protected void |
writeRemoteInvocationResult(com.sun.net.httpserver.HttpExchange exchange,
RemoteInvocationResult result)
Write the given RemoteInvocationResult to the given HTTP response.
|
protected void |
writeRemoteInvocationResult(com.sun.net.httpserver.HttpExchange exchange,
RemoteInvocationResult result,
OutputStream os)
Serialize the given RemoteInvocation to the given OutputStream.
|
afterPropertiesSet, createObjectInputStream, createObjectOutputStream, doReadRemoteInvocation, doWriteRemoteInvocationResult, getContentType, getProxy, isAcceptProxyClasses, prepare, setAcceptProxyClasses, setContentType
getRemoteInvocationExecutor, invoke, invokeAndCreateResult, setRemoteInvocationExecutor
checkService, checkServiceInterface, getExporterName, getProxyForService, getService, getServiceInterface, setInterceptors, setRegisterTraceInterceptor, setService, setServiceInterface
getBeanClassLoader, overrideThreadContextClassLoader, resetThreadContextClassLoader, setBeanClassLoader
public void handle(com.sun.net.httpserver.HttpExchange exchange) throws IOException
handle
in interface com.sun.net.httpserver.HttpHandler
IOException
readRemoteInvocation(HttpExchange)
,
RemoteInvocationBasedExporter.invokeAndCreateResult(RemoteInvocation, Object)
,
writeRemoteInvocationResult(HttpExchange, RemoteInvocationResult)
protected RemoteInvocation readRemoteInvocation(com.sun.net.httpserver.HttpExchange exchange) throws IOException, ClassNotFoundException
Delegates to readRemoteInvocation(HttpExchange, InputStream)
with the HttpExchange.getRequestBody()
request's input stream}.
exchange
- current HTTP request/responseIOException
- in case of I/O failureClassNotFoundException
- if thrown by deserializationprotected RemoteInvocation readRemoteInvocation(com.sun.net.httpserver.HttpExchange exchange, InputStream is) throws IOException, ClassNotFoundException
Gives decorateInputStream(com.sun.net.httpserver.HttpExchange, java.io.InputStream)
a chance to decorate the stream
first (for example, for custom encryption or compression). Creates a
CodebaseAwareObjectInputStream
and calls RemoteInvocationSerializingExporter.doReadRemoteInvocation(java.io.ObjectInputStream)
to actually read the object.
Can be overridden for custom serialization of the invocation.
exchange
- current HTTP request/responseis
- the InputStream to read fromIOException
- in case of I/O failureClassNotFoundException
- if thrown during deserializationprotected InputStream decorateInputStream(com.sun.net.httpserver.HttpExchange exchange, InputStream is) throws IOException
The default implementation returns the given stream as-is. Can be overridden, for example, for custom encryption or compression.
exchange
- current HTTP request/responseis
- the original InputStreamIOException
- in case of I/O failureprotected void writeRemoteInvocationResult(com.sun.net.httpserver.HttpExchange exchange, RemoteInvocationResult result) throws IOException
exchange
- current HTTP request/responseresult
- the RemoteInvocationResult objectIOException
- in case of I/O failureprotected void writeRemoteInvocationResult(com.sun.net.httpserver.HttpExchange exchange, RemoteInvocationResult result, OutputStream os) throws IOException
The default implementation gives decorateOutputStream(com.sun.net.httpserver.HttpExchange, java.io.OutputStream)
a chance
to decorate the stream first (for example, for custom encryption or compression).
Creates an ObjectOutputStream
for the final stream and calls
RemoteInvocationSerializingExporter.doWriteRemoteInvocationResult(org.springframework.remoting.support.RemoteInvocationResult, java.io.ObjectOutputStream)
to actually write the object.
Can be overridden for custom serialization of the invocation.
exchange
- current HTTP request/responseresult
- the RemoteInvocationResult objectos
- the OutputStream to write toIOException
- in case of I/O failuredecorateOutputStream(com.sun.net.httpserver.HttpExchange, java.io.OutputStream)
,
RemoteInvocationSerializingExporter.doWriteRemoteInvocationResult(org.springframework.remoting.support.RemoteInvocationResult, java.io.ObjectOutputStream)
protected OutputStream decorateOutputStream(com.sun.net.httpserver.HttpExchange exchange, OutputStream os) throws IOException
The default implementation returns the given stream as-is. Can be overridden, for example, for custom encryption or compression.
exchange
- current HTTP request/responseos
- the original OutputStreamIOException
- in case of I/O failure