i am using spring remoting alongside spring security I have 2 servers (let's call them "front" and "back") The "front" server is exposed to the outside world and receives, along with the rest of the request, the "Authorization" header. However, i notice that when i use spring remoting to call the "back" that header is not copied. What do i do? BTW, I haven't checked it yet but i am almost certain that it won't work for "JSESSIONID" as well.. what do i need to do in order to propagate these 2 headers?
Asked
Active
Viewed 4,940 times
3
-
1What are the servers? Are you running the common Apache + Tomcat as "front" and "back" or something else? – millhouse Nov 03 '11 at 01:12
1 Answers
5
If you are using Spring-Remoting, then spring-security-remoting to the rescue! This module contains several request factories and executors that enrich the requests with a security context.
Philipp Jardas
- 3,222
- 3
- 29
- 42
-
I've looked it up. however it looks like this class has been removed in spring security 3. is there any alternative? – ShinySpiderdude Apr 03 '12 at 15:43
-
It's still there but in a separate JAR: http://repo1.maven.org/maven2/org/springframework/security/spring-security-remoting/3.1.0.RELEASE/ – Philipp Jardas Apr 04 '12 at 16:29
-
Thanks for the answer. But this solution does not allow for connection pooling, which i need. Is there an example that inherits from the CommonsHttp...Executor? – ShinySpiderdude May 13 '12 at 12:13
-
You could simply look at the code of `AuthenticationSimpleHttpInvokerRequestExecutor` and copy the behavior to `CommonsHttp...Executor` to configure the request with the current security context. See http://svn.apache.org/viewvc/httpcomponents/oac.hc3x/trunk/src/examples/BasicAuthenticationExample.java?view=markup for an example. – Philipp Jardas May 14 '12 at 15:18