4.3.9.RELEASE Spring Framework 670 Linking in the service at the client Our client is a simple object using the AccountService to manage accounts: public class SimpleObject { private AccountService accountService; public void setAccountServiceAccountService accountService { this .accountService = accountService; } additional methods using the accountService } To link in the service on the client, we’ll create a separate Spring container, containing the simple object and the service linking configuration bits: bean class = example.SimpleObject property name = accountService ref = accountService bean bean id = accountService class = org.springframework.remoting.rmi.RmiProxyFactoryBean property name = serviceUrl value = rmi:HOST:1199AccountService property name = serviceInterface value = example.AccountService bean That’s all we need to do to support the remote account service on the client. Spring will transparently create an invoker and remotely enable the account service through the RmiServiceExporter . At the client we’re linking it in using the RmiProxyFactoryBean .

28.3 Using Hessian or Burlap to remotely call services via HTTP

Hessian offers a binary HTTP-based remoting protocol. It is developed by Caucho and more information about Hessian itself can be found at http:www.caucho.com . Wiring up the DispatcherServlet for Hessian and co. Hessian communicates via HTTP and does so using a custom servlet. Using Spring’s DispatcherServlet principles, as known from Spring Web MVC usage, you can easily wire up such a servlet exposing your services. First we’ll have to create a new servlet in your application this is an excerpt from web.xml : servlet servlet-name remoting servlet-name servlet-class org.springframework.web.servlet.DispatcherServlet servlet-class load-on-startup 1 load-on-startup servlet servlet-mapping servlet-name remoting servlet-name url-pattern remoting url-pattern servlet-mapping You’re probably familiar with Spring’s DispatcherServlet principles and if so, you know that now you’ll have to create a Spring container configuration resource named remoting-servlet.xml after the name of your servlet in the WEB-INF directory. The application context will be used in the next section. 4.3.9.RELEASE Spring Framework 671 Alternatively, consider the use of Spring’s simpler HttpRequestHandlerServlet . This allows you to embed the remote exporter definitions in your root application context by default in WEB-INF applicationContext.xml , with individual servlet definitions pointing to specific exporter beans. Each servlet name needs to match the bean name of its target exporter in this case. Exposing your beans by using the HessianServiceExporter In the newly created application context called remoting-servlet.xml , we’ll create a HessianServiceExporter exporting your services: bean id = accountService class = example.AccountServiceImpl -- any additional properties, maybe a DAO? -- bean bean name = AccountService class = org.springframework.remoting.caucho.HessianServiceExporter property name = service ref = accountService property name = serviceInterface value = example.AccountService bean Now we’re ready to link in the service at the client. No explicit handler mapping is specified, mapping request URLs onto services, so BeanNameUrlHandlerMapping will be used: Hence, the service will be exported at the URL indicated through its bean name within the containing DispatcherServlet’s mapping as defined above: ’ http:HOST:8080remotingAccountService . Alternatively, create a HessianServiceExporter in your root application context e.g. in WEB-INF applicationContext.xml : bean name = accountExporter class = org.springframework.remoting.caucho.HessianServiceExporter property name = service ref = accountService property name = serviceInterface value = example.AccountService bean In the latter case, define a corresponding servlet for this exporter in web.xml , with the same end result: The exporter getting mapped to the request path remotingAccountService . Note that the servlet name needs to match the bean name of the target exporter. servlet servlet-name accountExporter servlet-name servlet-class org.springframework.web.context.support.HttpRequestHandlerServlet servlet-class servlet servlet-mapping servlet-name accountExporter servlet-name url-pattern remotingAccountService url-pattern servlet-mapping Linking in the service on the client Using the HessianProxyFactoryBean we can link in the service at the client. The same principles apply as with the RMI example. We’ll create a separate bean factory or application context and mention the following beans where the SimpleObject is using the AccountService to manage accounts: bean class = example.SimpleObject property name = accountService ref = accountService bean bean id = accountService class = org.springframework.remoting.caucho.HessianProxyFactoryBean property name = serviceUrl value = http:remotehost:8080remotingAccountService property name = serviceInterface value = example.AccountService bean 4.3.9.RELEASE Spring Framework 672 Using Burlap We won’t discuss Burlap, the XML-based equivalent of Hessian, in detail here, since it is configured and set up in exactly the same way as the Hessian variant explained above. Just replace the word Hessian with Burlap and you’re all set to go. Applying HTTP basic authentication to a service exposed through Hessian or Burlap One of the advantages of Hessian and Burlap is that we can easily apply HTTP basic authentication, because both protocols are HTTP-based. Your normal HTTP server security mechanism can easily be applied through using the web.xml security features, for example. Usually, you don’t use per-user security credentials here, but rather shared credentials defined at the Hessian BurlapProxyFactoryBean level similar to a JDBC DataSource . bean class = org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping property name = interceptors ref = authorizationInterceptor bean bean id = authorizationInterceptor class = org.springframework.web.servlet.handler.UserRoleAuthorizationInterceptor property name = authorizedRoles value = administrator,operator bean This is an example where we explicitly mention the BeanNameUrlHandlerMapping and set an interceptor allowing only administrators and operators to call the beans mentioned in this application context. Note Of course, this example doesn’t show a flexible kind of security infrastructure. For more options as far as security is concerned, have a look at the Spring Security project at http:projects.spring.io spring-security .

28.4 Exposing services using HTTP invokers