Spring Security in a Distributed Application

Question

Spring Security in a Distributed Application

We recently upgraded our application to Spring 3.0 and Spring Security 3.0. In addition to the extra work we want to do is split the backend from the front for various reasons. We plan to use Spring’s transparent RMI solution to familiarize our services with our interface. However, as things are being developed today, the front and back rely on Spring SecurityContext to protect services, etc. From unauthorized users. As far as I understand, SecurityContext for the JVM? If this is correct, how can I effectively use the context with the backend? I would suggest that I pass the authentication token to RMI calls that require this?

+6

spring spring-security

predhme Feb 26 '10 at 14:01

source share

1 answer

Steved · Accepted Answer · 2010-02-26T14:48:35+0000

Previously working with removing Spring HTTP HTTP calls, I can say that there is built-in support for transferring Spring security tokens. I would suggest that the Spring RMI solution also has this feature, but you need to delve into the RMI / javadoc classes in Spring to confirm this.

On the client side, you will need the ContextPropagatingRemoteInvocationFactory class, which will automatically enable the Spring security context when remotely invoked.

Spring Security in a Distributed Application

More articles: