spring整合rmi 如何使用安全策略

spring整合rmi 后,想要使用安全策略,之后是自己写一个rmi.policy文件,里面写着授权哪些IP有哪些权限,但是我要怎么导入到spring中呢?
这个问题真的木有人会吗?

我要限制连接RMI的IP,要如何限制,结合SPRING配置。如何弄?

不用policy文件,用spring的interceptor试试:

<bean class="org.springframework.remoting.rmi.RmiServiceExporter">
    <property name="serviceName" value="testService" />
    <property name="service" ref="testService" />
    <property name="serviceInterface" value="test.ITestService" />
    <property name="registryPort" value="1199" />
    <property name="interceptors">
        <list><ref bean="securityInterceptor"/></list>
    </property>
</bean>
<bean id="securityInterceptor" class="test.SecurityInterceptor">
    <!-- 这里配置允许访问RMI的客户端IP地址 -->
    <property name="allowed">
        <set>
            <value>192.168.0.1</value>
            <value>192.168.0.2</value>
        </set>
    </property>
</bean>
package test;

import java.rmi.server.RemoteServer;
import java.util.Set;

import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;

public class SecurityInterceptor implements MethodInterceptor {
    private Set allowed;

    public Object invoke(MethodInvocation methodInvocation) throws Throwable {
        String clientHost = RemoteServer.getClientHost();
        if (allowed != null && allowed.contains(clientHost)) {
            return methodInvocation.proceed();
        } else {
            throw new SecurityException("非法访问。");
        }
    }

    public void setAllowed(Set allowed) {
        this.allowed = allowed;
    }
}
rmisecuritymanager

Using Spring Security in a Swing Desktop

https://sacrephill.wordpress.com/2009/06/12/using-spring-security-in-a-swing-desktop-application/

相关推荐
©️2020 CSDN 皮肤主题: 酷酷鲨 设计师:CSDN官方博客 返回首页