Class ContextPropagatingRemoteInvocation

  extended by
      extended by
All Implemented Interfaces:

public class ContextPropagatingRemoteInvocation
extends RemoteInvocation

The actual RemoteInvocation that is passed from the client to the server, which contains the contents of SecurityContextHolder, being a SecurityContext object.

When constructed on the client via ContextPropagatingRemoteInvocationFactory, the contents of the SecurityContext are stored inside the object. The object is then passed to the server that is processing the remote invocation. Upon the server invoking the remote invocation, it will retrieve the passed contents of the SecurityContextHolder and set them on the server-side SecurityContextHolder while the target object is invoked. When the target invocation has been completed, the security context will be cleared using a call to SecurityContextHolder.clearContext().

$Id: 3550 2009-04-13 13:43:23Z ltaylor $
James Monaghan, Ben Alex
See Also:
Serialized Form

Constructor Summary
ContextPropagatingRemoteInvocation(org.aopalliance.intercept.MethodInvocation methodInvocation)
          Constructs the object, storing the value of the client-side SecurityContextHolder inside the object.
Method Summary
 Object invoke(Object targetObject)
          Invoked on the server-side as described in the class JavaDocs.
Methods inherited from class
addAttribute, getArguments, getAttribute, getAttributes, getMethodName, getParameterTypes, setArguments, setAttributes, setMethodName, setParameterTypes, toString
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail


public ContextPropagatingRemoteInvocation(org.aopalliance.intercept.MethodInvocation methodInvocation)
Constructs the object, storing the value of the client-side SecurityContextHolder inside the object.

methodInvocation - the method to invoke
Method Detail


public Object invoke(Object targetObject)
              throws NoSuchMethodException,
Invoked on the server-side as described in the class JavaDocs.

Invocations will always have their Authentication.setAuthenticated(boolean) set to false, which is guaranteed to always be accepted by Authentication implementations. This ensures that even remotely authenticated Authentications will be untrusted by the server-side, which is an appropriate security measure.

invoke in class RemoteInvocation
targetObject - the target object to apply the invocation to
the invocation result
NoSuchMethodException - if the method name could not be resolved
IllegalAccessException - if the method could not be accessed
InvocationTargetException - if the method invocation resulted in an exception

Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.