Feb 24th, 2006, 02:03 PM
Security with Lingo/JMS based remoting
first, apologies for the x-post from the security forum but I thought people actually using the remoting solution may have more to say.
So, I'm looking to extend my current solution, which uses HttpInvoker remoting, to asych via either Lingo or Spring MDP solutions.
My question is does anyone have an experience of using these solutions with acegi security for securing remote services?
Feb 27th, 2006, 02:33 AM
I've used Lingo with an in-house security mechanism with a client - but not Acegi. Basically we just added a custom Marshaller into Lingo to transmit the correct security tokens as message headers then on the server side read them from the marshaller and communicated with an interceptor for the security framework so that server side method invocations operate under the correct user.
It should be pretty easy to do something like this with Acegi
Feb 27th, 2006, 05:15 AM
I'm going to try this.....
When i derive from DefaultMarshaller I can add my security tokens in
protected void appendMessageHeaders(Message message, Session session, Object value)
but where's the correct point to intercept wrong security tokens:
protected void handleInvocationResultHeaders(Message message)
Feb 28th, 2006, 02:13 AM
the handleInvocationHeaders() method provides a hook for you to process the message headers in any way you wish. When the method on your service is called you can throw an exception for invalid security tokens or insufficient access rights etc which will then be passed back to the client