Announcement Announcement Module
Collapse
No announcement yet.
Security with Lingo/JMS based remoting Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security with Lingo/JMS based remoting

    Hi,

    first, apologies for the x-post from the security forum but I thought people actually using the remoting solution may have more to say.

    So, I'm looking to extend my current solution, which uses HttpInvoker remoting, to asych via either Lingo or Spring MDP solutions.

    My question is does anyone have an experience of using these solutions with acegi security for securing remote services?

    thanks,
    Jonny

  • #2
    I've used Lingo with an in-house security mechanism with a client - but not Acegi. Basically we just added a custom Marshaller into Lingo to transmit the correct security tokens as message headers then on the server side read them from the marshaller and communicated with an interceptor for the security framework so that server side method invocations operate under the correct user.

    It should be pretty easy to do something like this with Acegi

    Comment


    • #3
      I'm going to try this.....


      When i derive from DefaultMarshaller I can add my security tokens in
      protected void appendMessageHeaders(Message message, Session session, Object value)

      but where's the correct point to intercept wrong security tokens:
      protected void handleInvocationResultHeaders(Message message)
      there?


      thanks
      fonz

      Comment


      • #4
        the handleInvocationHeaders() method provides a hook for you to process the message headers in any way you wish. When the method on your service is called you can throw an exception for invalid security tokens or insufficient access rights etc which will then be passed back to the client

        Comment

        Working...
        X