001/* 002 * Copyright 2002-2016 the original author or authors. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * https://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017package org.springframework.remoting.httpinvoker; 018 019import org.springframework.aop.framework.ProxyFactory; 020import org.springframework.beans.factory.FactoryBean; 021 022/** 023 * {@link FactoryBean} for HTTP invoker proxies. Exposes the proxied service 024 * for use as a bean reference, using the specified service interface. 025 * 026 * <p>The service URL must be an HTTP URL exposing an HTTP invoker service. 027 * Optionally, a codebase URL can be specified for on-demand dynamic code download 028 * from a remote location. For details, see HttpInvokerClientInterceptor docs. 029 * 030 * <p>Serializes remote invocation objects and deserializes remote invocation 031 * result objects. Uses Java serialization just like RMI, but provides the 032 * same ease of setup as Caucho's HTTP-based Hessian and Burlap protocols. 033 * 034 * <p><b>HTTP invoker is the recommended protocol for Java-to-Java remoting.</b> 035 * It is more powerful and more extensible than Hessian and Burlap, at the 036 * expense of being tied to Java. Nevertheless, it is as easy to set up as 037 * Hessian and Burlap, which is its main advantage compared to RMI. 038 * 039 * <p><b>WARNING: Be aware of vulnerabilities due to unsafe Java deserialization: 040 * Manipulated input streams could lead to unwanted code execution on the server 041 * during the deserialization step. As a consequence, do not expose HTTP invoker 042 * endpoints to untrusted clients but rather just between your own services.</b> 043 * In general, we strongly recommend any other message format (e.g. JSON) instead. 044 * 045 * @author Juergen Hoeller 046 * @since 1.1 047 * @see #setServiceInterface 048 * @see #setServiceUrl 049 * @see #setCodebaseUrl 050 * @see HttpInvokerClientInterceptor 051 * @see HttpInvokerServiceExporter 052 * @see org.springframework.remoting.rmi.RmiProxyFactoryBean 053 * @see org.springframework.remoting.caucho.HessianProxyFactoryBean 054 * @see org.springframework.remoting.caucho.BurlapProxyFactoryBean 055 */ 056public class HttpInvokerProxyFactoryBean extends HttpInvokerClientInterceptor implements FactoryBean<Object> { 057 058 private Object serviceProxy; 059 060 061 @Override 062 public void afterPropertiesSet() { 063 super.afterPropertiesSet(); 064 if (getServiceInterface() == null) { 065 throw new IllegalArgumentException("Property 'serviceInterface' is required"); 066 } 067 this.serviceProxy = new ProxyFactory(getServiceInterface(), this).getProxy(getBeanClassLoader()); 068 } 069 070 071 @Override 072 public Object getObject() { 073 return this.serviceProxy; 074 } 075 076 @Override 077 public Class<?> getObjectType() { 078 return getServiceInterface(); 079 } 080 081 @Override 082 public boolean isSingleton() { 083 return true; 084 } 085 086}