Class HttpInvokerServiceExporter
- java.lang.Object
- org.springframework.remoting.support.RemotingSupport
- org.springframework.remoting.support.RemoteExporter
- org.springframework.remoting.support.RemoteInvocationBasedExporter
- org.springframework.remoting.rmi.RemoteInvocationSerializingExporter
- org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter
- All Implemented Interfaces:
Aware
,BeanClassLoaderAware
,InitializingBean
,HttpRequestHandler
public class HttpInvokerServiceExporter extends RemoteInvocationSerializingExporter implements HttpRequestHandler
Servlet-API-based HTTP request handler that exports the specified service bean as HTTP invoker service endpoint, accessible via an HTTP invoker proxy.Note: Spring also provides an alternative version of this exporter, for Sun's JRE 1.6 HTTP server:
SimpleHttpInvokerServiceExporter
.Deserializes remote invocation objects and serializes remote invocation result objects. Uses Java serialization just like RMI, but provides the same ease of setup as Caucho's HTTP-based Hessian and Burlap protocols.
HTTP invoker is the recommended protocol for Java-to-Java remoting. It is more powerful and more extensible than Hessian and Burlap, at the expense of being tied to Java. Nevertheless, it is as easy to set up as Hessian and Burlap, which is its main advantage compared to RMI.
WARNING: Be aware of vulnerabilities due to unsafe Java deserialization: Manipulated input streams could lead to unwanted code execution on the server during the deserialization step. As a consequence, do not expose HTTP invoker endpoints to untrusted clients but rather just between your own services. In general, we strongly recommend any other message format (e.g. JSON) instead.
- Since:
- 1.1
- Author:
- Juergen Hoeller
- See Also:
HttpInvokerClientInterceptor
,HttpInvokerProxyFactoryBean
,RmiServiceExporter
,HessianServiceExporter
,BurlapServiceExporter
Field Summary
Fields inherited from class org.springframework.remoting.rmi.RemoteInvocationSerializingExporter
CONTENT_TYPE_SERIALIZED_OBJECT
Fields inherited from class org.springframework.remoting.support.RemotingSupport
logger
Constructor Summary
Constructors Constructor Description HttpInvokerServiceExporter()
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected InputStream
decorateInputStream(HttpServletRequest request, InputStream is)
Return the InputStream to use for reading remote invocations, potentially decorating the given original InputStream.protected OutputStream
decorateOutputStream(HttpServletRequest request, HttpServletResponse response, OutputStream os)
Return the OutputStream to use for writing remote invocation results, potentially decorating the given original OutputStream.void
handleRequest(HttpServletRequest request, HttpServletResponse response)
Reads a remote invocation from the request, executes it, and writes the remote invocation result to the response.protected RemoteInvocation
readRemoteInvocation(HttpServletRequest request)
Read a RemoteInvocation from the given HTTP request.protected RemoteInvocation
readRemoteInvocation(HttpServletRequest request, InputStream is)
Deserialize a RemoteInvocation object from the given InputStream.protected void
writeRemoteInvocationResult(HttpServletRequest request, HttpServletResponse response, RemoteInvocationResult result)
Write the given RemoteInvocationResult to the given HTTP response.protected void
writeRemoteInvocationResult(HttpServletRequest request, HttpServletResponse response, RemoteInvocationResult result, OutputStream os)
Serialize the given RemoteInvocation to the given OutputStream.Methods inherited from class org.springframework.remoting.rmi.RemoteInvocationSerializingExporter
afterPropertiesSet, createObjectInputStream, createObjectOutputStream, doReadRemoteInvocation, doWriteRemoteInvocationResult, getContentType, getProxy, isAcceptProxyClasses, prepare, setAcceptProxyClasses, setContentType
Methods inherited from class org.springframework.remoting.support.RemoteInvocationBasedExporter
getRemoteInvocationExecutor, invoke, invokeAndCreateResult, setRemoteInvocationExecutor
Methods inherited from class org.springframework.remoting.support.RemoteExporter
checkService, checkServiceInterface, getExporterName, getProxyForService, getService, getServiceInterface, setInterceptors, setRegisterTraceInterceptor, setService, setServiceInterface
Methods inherited from class org.springframework.remoting.support.RemotingSupport
getBeanClassLoader, overrideThreadContextClassLoader, resetThreadContextClassLoader, setBeanClassLoader
Constructor Detail
HttpInvokerServiceExporter
public HttpInvokerServiceExporter()
Method Detail
handleRequest
public void handleRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
Reads a remote invocation from the request, executes it, and writes the remote invocation result to the response.- Specified by:
handleRequest
in interfaceHttpRequestHandler
- Parameters:
request
- current HTTP requestresponse
- current HTTP response- Throws:
ServletException
- in case of general errorsIOException
- in case of I/O errors- See Also:
readRemoteInvocation(HttpServletRequest)
,RemoteInvocationBasedExporter.invokeAndCreateResult(org.springframework.remoting.support.RemoteInvocation, Object)
,writeRemoteInvocationResult(HttpServletRequest, HttpServletResponse, RemoteInvocationResult)
readRemoteInvocation
protected RemoteInvocation readRemoteInvocation(HttpServletRequest request) throws IOException, ClassNotFoundException
Read a RemoteInvocation from the given HTTP request.Delegates to
readRemoteInvocation(HttpServletRequest, InputStream)
with theservlet request's input stream
.- Parameters:
request
- current HTTP request- Returns:
- the RemoteInvocation object
- Throws:
IOException
- in case of I/O failureClassNotFoundException
- if thrown by deserialization
readRemoteInvocation
protected RemoteInvocation readRemoteInvocation(HttpServletRequest request, InputStream is) throws IOException, ClassNotFoundException
Deserialize a RemoteInvocation object from the given InputStream.Gives
decorateInputStream(javax.servlet.http.HttpServletRequest, java.io.InputStream)
a chance to decorate the stream first (for example, for custom encryption or compression). Creates aCodebaseAwareObjectInputStream
and callsRemoteInvocationSerializingExporter.doReadRemoteInvocation(java.io.ObjectInputStream)
to actually read the object.Can be overridden for custom serialization of the invocation.
- Parameters:
request
- current HTTP requestis
- the InputStream to read from- Returns:
- the RemoteInvocation object
- Throws:
IOException
- in case of I/O failureClassNotFoundException
- if thrown during deserialization
decorateInputStream
protected InputStream decorateInputStream(HttpServletRequest request, InputStream is) throws IOException
Return the InputStream to use for reading remote invocations, potentially decorating the given original InputStream.The default implementation returns the given stream as-is. Can be overridden, for example, for custom encryption or compression.
- Parameters:
request
- current HTTP requestis
- the original InputStream- Returns:
- the potentially decorated InputStream
- Throws:
IOException
- in case of I/O failure
writeRemoteInvocationResult
protected void writeRemoteInvocationResult(HttpServletRequest request, HttpServletResponse response, RemoteInvocationResult result) throws IOException
Write the given RemoteInvocationResult to the given HTTP response.- Parameters:
request
- current HTTP requestresponse
- current HTTP responseresult
- the RemoteInvocationResult object- Throws:
IOException
- in case of I/O failure
writeRemoteInvocationResult
protected void writeRemoteInvocationResult(HttpServletRequest request, HttpServletResponse response, RemoteInvocationResult result, OutputStream os) throws IOException
Serialize the given RemoteInvocation to the given OutputStream.The default implementation gives
decorateOutputStream(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.io.OutputStream)
a chance to decorate the stream first (for example, for custom encryption or compression). Creates anObjectOutputStream
for the final stream and callsRemoteInvocationSerializingExporter.doWriteRemoteInvocationResult(org.springframework.remoting.support.RemoteInvocationResult, java.io.ObjectOutputStream)
to actually write the object.Can be overridden for custom serialization of the invocation.
- Parameters:
request
- current HTTP requestresponse
- current HTTP responseresult
- the RemoteInvocationResult objectos
- the OutputStream to write to- Throws:
IOException
- in case of I/O failure- See Also:
decorateOutputStream(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.io.OutputStream)
,RemoteInvocationSerializingExporter.doWriteRemoteInvocationResult(org.springframework.remoting.support.RemoteInvocationResult, java.io.ObjectOutputStream)
decorateOutputStream
protected OutputStream decorateOutputStream(HttpServletRequest request, HttpServletResponse response, OutputStream os) throws IOException
Return the OutputStream to use for writing remote invocation results, potentially decorating the given original OutputStream.The default implementation returns the given stream as-is. Can be overridden, for example, for custom encryption or compression.
- Parameters:
request
- current HTTP requestresponse
- current HTTP responseos
- the original OutputStream- Returns:
- the potentially decorated OutputStream
- Throws:
IOException
- in case of I/O failure