spring整合rmi 后,想要使用安全策略,之后是自己写一个rmi.policy文件,里面写着授权哪些IP有哪些权限,但是我要怎么导入到spring中呢?
这个问题真的木有人会吗?
我要限制连接RMI的IP,要如何限制,结合SPRING配置。如何弄?
不用policy文件,用spring的interceptor试试:
<bean class="org.springframework.remoting.rmi.RmiServiceExporter">
<property name="serviceName" value="testService" />
<property name="service" ref="testService" />
<property name="serviceInterface" value="test.ITestService" />
<property name="registryPort" value="1199" />
<property name="interceptors">
<list><ref bean="securityInterceptor"/></list>
</property>
</bean>
<bean id="securityInterceptor" class="test.SecurityInterceptor">
<!-- 这里配置允许访问RMI的客户端IP地址 -->
<property name="allowed">
<set>
<value>192.168.0.1</value>
<value>192.168.0.2</value>
</set>
</property>
</bean>
package test;
import java.rmi.server.RemoteServer;
import java.util.Set;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
public class SecurityInterceptor implements MethodInterceptor {
private Set allowed;
public Object invoke(MethodInvocation methodInvocation) throws Throwable {
String clientHost = RemoteServer.getClientHost();
if (allowed != null && allowed.contains(clientHost)) {
return methodInvocation.proceed();
} else {
throw new SecurityException("非法访问。");
}
}
public void setAllowed(Set allowed) {
this.allowed = allowed;
}
}
rmisecuritymanager
Using Spring Security in a Swing Desktop
https://sacrephill.wordpress.com/2009/06/12/using-spring-security-in-a-swing-desktop-application/