UrlBlogGrey

I am using the JAX-RPC 1.1 Reference Implementation (RI) at work to expose operations in a business processing system we're building as XML Web Services. I've been building XML Web Services for several years, and have used numerous APIs to perform Object-XML (O-X) binding (notably, JAXM and JAXB). I wanted to use JAX-RPC on this project to take advantage of the automated WSDL generation and generation of serialization components from existing Java classes.

One nice feature of JAX-RPC is the support for Handlers, which follow the Intercepting Filter design pattern. The 1.1 specification support SOAP protocol handlers, while the 1.2 specification makes a further distinction between Logical and Protocol Handlers. I like the idea of being able to plug Handlers in series to perform functions like logging, auditing, and security operations.

In this case, I was trying to create my first Handler which would restrict access to the service to trusted hosts. This is pretty simple in principle: inspect the ServletRequest for the remote address and verify that it is trusted.

I had a hell of a time finding documentation on how to specify server Handlers. I finally got it straightened out. I needed to modify the config.xml file used by the wscompile process. Here's what the config.xml looked like when I was done (names changed to protect my employer):

<?xml version="1.0" encoding="UTF-8"?>
<configuration xmlns="http://java.sun.com/xml/ns/jax-rpc/ri/config">
  <service name="MyService" targetNamespace="urn://MyService/wsdl" 
                   typeNamespace="urn://MyService/types" packageName="foo">
    <interface name="foo.MyService" servantName="foo.MyServiceImpl"/>
    <handlerChains>
      <chain runAt="server">
        <handler className="foo.handlers.TrustedHostsHandler"/>
      </chain>
    </handlerChains>
  </service>
</configuration>

Then, the TrustedHostsHandler class overrode the handleRequest method in the Handler interface in order to inspect the remote host's IP. Here are the relevent sections:

public class TrustedHostsHandler extends GenericHandler {
  private static final String SERVLET_CONTEXT_CLASS = 
    "com.sun.xml.rpc.server.http.HttpServletRequest";
  private HandlerInfo config;

  public TrustedHostsHandler() {
  }

  public void init(HandlerInfo config) {
    assert null != config : "HandlerInfo argument was unexpectedly null";
    this.config = config;
  }

  public QName[] getHeaders() {
    return config.getHeaders();
  }

  public boolean handleRequest(MessageContext msgContext) {
    assert null != msgContext : "MessageContext argument unexpectedly null";

    ServletRequest req = 
        (ServletRequest) msgContext.getProperty(SERVLET_CONTEXT_CLASS);
    assert null != req : "ServletRequest unexpectedly null";

    boolean result = false;
    String remoteAddress = req.getRemoteAddr();

    if ((null != remoteAddress) && isTrusted(remoteAddress)) {
      result = true;
    }

    return result;
  }
}

Posted by Scott at 11:12 AM | Permalink

In case you haven't heard, my girlfriend Natalie and I are now engaged! Yay!

Posted by Scott at 9:52 PM | Permalink

I've been able to download programming listings and software updates for our Tivo since we purchased and configured an 802.11g wireless adapter on it. It's the only way to go, in my opinion - if only because we don't have a standard phone line (the only other means for obtaining Tivo content).

But another great feature of the Tivo 7.1 software is the ability to interact with the Tivo box(es) over the LAN. Tivo has sponsored a great Sourceforge project called the Tivo Home Media Engine (HME) which allows developers to produce Java applications that can be discovered and invoked through the Tivo interface. Rendezvous is used for discovery, which makes service discovery automatic. Pretty cool. I'd like to develop some apps in the near future.

Posted by Scott at 6:41 PM | Permalink