Package org.springframework.security.remoting.rmi

Class ContextPropagatingRemoteInvocation

  • All Implemented Interfaces:
    java.io.Serializable
    public class ContextPropagatingRemoteInvocation
extends org.springframework.remoting.support.RemoteInvocation
    The actual RemoteInvocation that is passed from the client to the server.

    The principal and credentials information will be extracted from the current security context and passed to the server as part of the invocation object.

    To avoid potential serialization-based attacks, this implementation interprets the values as Strings and creates a UsernamePasswordAuthenticationToken on the server side to hold them. If a different token type is required you can override the createAuthenticationRequest method.

    See Also:
    Serialized Form

    • Constructor Summary

      Constructors 
      Constructor Description
      ContextPropagatingRemoteInvocation​(org.aopalliance.intercept.MethodInvocation methodInvocation)
      Constructs the object, storing the principal and credentials extracted from the client-side security context.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected Authentication createAuthenticationRequest​(java.lang.String principal, java.lang.String credentials)
      Creates the server-side authentication request object.
      java.lang.Object invoke​(java.lang.Object targetObject)
      Invoked on the server-side.

      • Methods inherited from class org.springframework.remoting.support.RemoteInvocation

        addAttribute, getArguments, getAttribute, getAttributes, getMethodName, getParameterTypes, setArguments, setAttributes, setMethodName, setParameterTypes, toString

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    • Constructor Detail

      • ContextPropagatingRemoteInvocation

        public ContextPropagatingRemoteInvocation​(org.aopalliance.intercept.MethodInvocation methodInvocation)
        Constructs the object, storing the principal and credentials extracted from the client-side security context.
        Parameters:
        methodInvocation - the method to invoke

    • Method Detail

      • invoke

        public java.lang.Object invoke​(java.lang.Object targetObject)
                        throws java.lang.NoSuchMethodException,
                               java.lang.IllegalAccessException,
                               java.lang.reflect.InvocationTargetException
        Invoked on the server-side.

        The transmitted principal and credentials will be used to create an unauthenticated Authentication instance for processing by the AuthenticationManager.

        Overrides:
        invoke in class org.springframework.remoting.support.RemoteInvocation
        Parameters:
        targetObject - the target object to apply the invocation to
        Returns:
        the invocation result
        Throws:
        java.lang.NoSuchMethodException - if the method name could not be resolved
        java.lang.IllegalAccessException - if the method could not be accessed
        java.lang.reflect.InvocationTargetException - if the method invocation resulted in an exception

      • createAuthenticationRequest

        protected Authentication createAuthenticationRequest​(java.lang.String principal,
                                                     java.lang.String credentials)
        Creates the server-side authentication request object.