May 11th, 2009, 11:21 AM
Intercepting and Adding Parameters in HTTP Invoker
Hi, I had a question related to using the Spring HTTP Invoker that I was hoping someone might be able to provide some information on.
I have a remote service being exposed using the Spring HTTP invoker that works great. I now have to add some security to this service that I would like to abstract from both the client caller and the server implementation logic. The security checks that I need to perform are pretty customized, so what I was hoping to do was to add the necessary arguments to the outgoing HTTP POST request and intercept them to process using a servlet filter. The filter logic works fine, but I cannot figure out how (or if it is even possible) to have the client add theses to the HTTP request. I have tried the following approaches:
1) Subclassed CommonsHttpInvokerRequestExecutor and overrode the createPostMethod to add my custom security data using addParameter. This does not work because Spring sets the request body which clears out any parameters previously added.
2) Subclassed HttpInvokerProxyFactoryBean and overrode the executeRequest method to add custom security data to the RemoteInvocation object using addAttribute. Not sure what the attributes are for but it does not look like they get passed to the server.
Anyone have any insight on how to accomplish this (or if it is possible)?
Thanks very much.
May 11th, 2009, 01:15 PM
I have been able to work around my problem for now by using HTTP request headers instead of parameters. I can add these request headers in several places (such as the createPostMethod above). The filter will then read the headers to perform its logic.
I plan on looking into a more elegant solution (perhaps using Spring Security) when I have a chance.