org.springframework/spring-web/5.1.5.RELEASE : org/springframework/remoting/httpinvoker/HttpInvokerProxyFactoryBean.java

HttpInvokerProxyFactoryBean

https://github.com/spring-projects/spring-framework: Spring Web (Spring IO)

Apache License, Version 2.0

Juergen Hoeller

/*
 * Copyright 2002-2017 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.remoting.httpinvoker;

import org.springframework.aop.framework.ProxyFactory;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.lang.Nullable;
import org.springframework.util.Assert;

FactoryBean for HTTP invoker proxies. Exposes the proxied service for use as a bean reference, using the specified service interface. The service URL must be an HTTP URL exposing an HTTP invoker service.
Optionally, a codebase URL can be specified for on-demand dynamic code download
from a remote location. For details, see HttpInvokerClientInterceptor docs.
Serializes remote invocation objects and deserializes remote invocation
result objects. Uses Java serialization just like RMI, but provides the
same ease of setup as Caucho's HTTP-based Hessian protocol.
HTTP invoker is the recommended protocol for Java-to-Java remoting.
It is more powerful and more extensible than Hessian, at the expense of
being tied to Java. Nevertheless, it is as easy to set up as Hessian,
which is its main advantage compared to RMI.
WARNING: Be aware of vulnerabilities due to unsafe Java deserialization:
Manipulated input streams could lead to unwanted code execution on the server
during the deserialization step. As a consequence, do not expose HTTP invoker
endpoints to untrusted clients but rather just between your own services.
In general, we strongly recommend any other message format (e.g. JSON) instead.
Author: Juergen Hoeller
See Also: RemoteAccessor.setServiceInterface
UrlBasedRemoteAccessor.setServiceUrl
HttpInvokerClientInterceptor.setCodebaseUrl
HttpInvokerClientInterceptor
HttpInvokerServiceExporter
RmiProxyFactoryBean
HessianProxyFactoryBean
Since: 1.1/**
 * {@link FactoryBean} for HTTP invoker proxies. Exposes the proxied service
 * for use as a bean reference, using the specified service interface.
 *
 * <p>The service URL must be an HTTP URL exposing an HTTP invoker service.
 * Optionally, a codebase URL can be specified for on-demand dynamic code download
 * from a remote location. For details, see HttpInvokerClientInterceptor docs.
 *
 * <p>Serializes remote invocation objects and deserializes remote invocation
 * result objects. Uses Java serialization just like RMI, but provides the
 * same ease of setup as Caucho's HTTP-based Hessian protocol.
 *
 * <p><b>HTTP invoker is the recommended protocol for Java-to-Java remoting.</b>
 * It is more powerful and more extensible than Hessian, at the expense of
 * being tied to Java. Nevertheless, it is as easy to set up as Hessian,
 * which is its main advantage compared to RMI.
 *
 * <p><b>WARNING: Be aware of vulnerabilities due to unsafe Java deserialization:
 * Manipulated input streams could lead to unwanted code execution on the server
 * during the deserialization step. As a consequence, do not expose HTTP invoker
 * endpoints to untrusted clients but rather just between your own services.</b>
 * In general, we strongly recommend any other message format (e.g. JSON) instead.
 *
 * @author Juergen Hoeller
 * @since 1.1
 * @see #setServiceInterface
 * @see #setServiceUrl
 * @see #setCodebaseUrl
 * @see HttpInvokerClientInterceptor
 * @see HttpInvokerServiceExporter
 * @see org.springframework.remoting.rmi.RmiProxyFactoryBean
 * @see org.springframework.remoting.caucho.HessianProxyFactoryBean
 */
public class HttpInvokerProxyFactoryBean extends HttpInvokerClientInterceptor implements FactoryBean<Object> {

	@Nullable
	private Object serviceProxy;


	@Override
	public void afterPropertiesSet() {
		super.afterPropertiesSet();
		Class<?> ifc = getServiceInterface();
		Assert.notNull(ifc, "Property 'serviceInterface' is required");
		this.serviceProxy = new ProxyFactory(ifc, this).getProxy(getBeanClassLoader());
	}


	@Override
	@Nullable
	public Object getObject() {
		return this.serviceProxy;
	}

	@Override
	public Class<?> getObjectType() {
		return getServiceInterface();
	}

	@Override
	public boolean isSingleton() {
		return true;
	}

}

Author:	Juergen Hoeller
See Also:	RemoteAccessor.setServiceInterface UrlBasedRemoteAccessor.setServiceUrl HttpInvokerClientInterceptor.setCodebaseUrl HttpInvokerClientInterceptor HttpInvokerServiceExporter RmiProxyFactoryBean HessianProxyFactoryBean
Since:	1.1

/

org.springframework/ spring-web/ 5.1.5.RELEASE/ org/springframework/remoting/httpinvoker/HttpInvokerProxyFactoryBean.java