@UsesSunHttpServer open class SimpleHttpInvokerServiceExporter : RemoteInvocationSerializingExporter, HttpHandler
HTTP request handler that exports the specified service bean as HTTP invoker service endpoint, accessible via an HTTP invoker proxy. Designed for Sun's JRE 1.6 HTTP server, implementing the com.sun.net.httpserver.HttpHandler interface.
Deserializes remote invocation objects and serializes remote invocation result objects. Uses Java serialization just like RMI, but provides the same ease of setup as Caucho's HTTP-based Hessian protocol.
HTTP invoker is the recommended protocol for Java-to-Java remoting. It is more powerful and more extensible than Hessian, at the expense of being tied to Java. Nevertheless, it is as easy to set up as Hessian, which is its main advantage compared to RMI.
WARNING: Be aware of vulnerabilities due to unsafe Java deserialization: Manipulated input streams could lead to unwanted code execution on the server during the deserialization step. As a consequence, do not expose HTTP invoker endpoints to untrusted clients but rather just between your own services. In general, we strongly recommend any other message format (e.g. JSON) instead.
Author
Juergen Hoeller
Since
2.5.1
See Also
org.springframework.remoting.httpinvoker.HttpInvokerClientInterceptororg.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBeanorg.springframework.remoting.caucho.SimpleHessianServiceExporter
SimpleHttpInvokerServiceExporter()
HTTP request handler that exports the specified service bean as HTTP invoker service endpoint, accessible via an HTTP invoker proxy. Designed for Sun's JRE 1.6 HTTP server, implementing the com.sun.net.httpserver.HttpHandler interface. Deserializes remote invocation objects and serializes remote invocation result objects. Uses Java serialization just like RMI, but provides the same ease of setup as Caucho's HTTP-based Hessian protocol. HTTP invoker is the recommended protocol for Java-to-Java remoting. It is more powerful and more extensible than Hessian, at the expense of being tied to Java. Nevertheless, it is as easy to set up as Hessian, which is its main advantage compared to RMI. WARNING: Be aware of vulnerabilities due to unsafe Java deserialization: Manipulated input streams could lead to unwanted code execution on the server during the deserialization step. As a consequence, do not expose HTTP invoker endpoints to untrusted clients but rather just between your own services. In general, we strongly recommend any other message format (e.g. JSON) instead. |
open fun handle(exchange: HttpExchange): Unit
Reads a remote invocation from the request, executes it, and writes the remote invocation result to the response. |