Hessian offers a binary HTTP-based remoting protocol. It is developed by Caucho and more information about Hessian itself can be found at http://www.caucho.com.
Hessian communicates via HTTP and does so using a custom servlet.
Using Spring's DispatcherServlet principles, as
known from Spring Web MVC usage, you can easily wire up such a servlet
exposing your services. First we'll have to create a new servlet in your
application (this an excerpt from
'web.xml'):
<servlet> <servlet-name>remoting</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>remoting</servlet-name> <url-pattern>/remoting/*</url-pattern> </servlet-mapping>
You're probably familiar with Spring's
DispatcherServlet principles and if so, you know
that now you'll have to create a Spring container configuration resource
named 'remoting-servlet.xml' (after the name of
your servlet) in the 'WEB-INF'
directory. The application context will be used in the next
section.
Alternatively, consider the use of Spring's simpler
HttpRequestHandlerServlet. This allows you to
embed the remote exporter definitions in your root application context
(by default in 'WEB-INF/applicationContext.xml'),
with individual servlet definitions pointing to specific exporter beans.
Each servlet name needs to match the bean name of its target exporter in
this case.
In the newly created application context called
remoting-servlet.xml, we'll create a
HessianServiceExporter exporting your
services:
<bean id="accountService" class="example.AccountServiceImpl"> <!-- any additional properties, maybe a DAO? --> </bean> <bean name="/AccountService" class="org.springframework.remoting.caucho.HessianServiceExporter"> <property name="service" ref="accountService"/> <property name="serviceInterface" value="example.AccountService"/> </bean>
Now we're ready to link in the service at the client. No explicit
handler mapping is specified, mapping request URLs onto services, so
BeanNameUrlHandlerMapping will be used: Hence,
the service will be exported at the URL indicated through its bean name
within the containing DispatcherServlet's mapping
(as defined above):
'http://HOST:8080/remoting/AccountService'.
Alternatively, create a
HessianServiceExporter in your root application
context (e.g. in
'WEB-INF/applicationContext.xml'):
<bean name="accountExporter" class="org.springframework.remoting.caucho.HessianServiceExporter"> <property name="service" ref="accountService"/> <property name="serviceInterface" value="example.AccountService"/> </bean>
In the latter case, define a corresponding servlet for this
exporter in 'web.xml', with the same end result:
The exporter getting mapped to the request path
/remoting/AccountService. Note that the servlet name
needs to match the bean name of the target exporter.
<servlet> <servlet-name>accountExporter</servlet-name> <servlet-class>org.springframework.web.context.support.HttpRequestHandlerServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>accountExporter</servlet-name> <url-pattern>/remoting/AccountService</url-pattern> </servlet-mapping>
Using the HessianProxyFactoryBean we can
link in the service at the client. The same principles apply as with the
RMI example. We'll create a separate bean factory or application context
and mention the following beans where the
SimpleObject is using the
AccountService to manage accounts:
<bean class="example.SimpleObject"> <property name="accountService" ref="accountService"/> </bean> <bean id="accountService" class="org.springframework.remoting.caucho.HessianProxyFactoryBean"> <property name="serviceUrl" value="http://remotehost:8080/remoting/AccountService"/> <property name="serviceInterface" value="example.AccountService"/> </bean>
We won't discuss Burlap, the XML-based equivalent of Hessian, in
detail here, since it is configured and set up in exactly the same way
as the Hessian variant explained above. Just replace the word
Hessian with Burlap and you're all
set to go.
One of the advantages of Hessian and Burlap is that we can easily
apply HTTP basic authentication, because both protocols are HTTP-based.
Your normal HTTP server security mechanism can easily be applied through
using the web.xml security features, for example.
Usually, you don't use per-user security credentials here, but rather
shared credentials defined at the
Hessian/BurlapProxyFactoryBean level (similar to a
JDBC DataSource).
<bean class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping"> <property name="interceptors" ref="authorizationInterceptor"/> </bean> <bean id="authorizationInterceptor" class="org.springframework.web.servlet.handler.UserRoleAuthorizationInterceptor"> <property name="authorizedRoles" value="administrator,operator"/> </bean>
This an example where we explicitly mention the
BeanNameUrlHandlerMapping and set an interceptor
allowing only administrators and operators to call the beans mentioned
in this application context.
![[Note]](images/note.gif) | Note |
|---|---|
Of course, this example doesn't show a flexible kind of security infrastructure. For more options as far as security is concerned, have a look at the Acegi Security System for Spring, to be found at http://acegisecurity.sourceforge.net. |