spring整合rmi 如何使用安全策略

spring整合rmi 后，想要使用安全策略，之后是自己写一个rmi.policy文件，里面写着授权哪些IP有哪些权限，但是我要怎么导入到spring中呢？

这个问题真的木有人会吗？

我要限制连接RMI的IP，要如何限制，结合SPRING配置。如何弄？

不用policy文件,用spring的interceptor试试：

<bean class="org.springframework.remoting.rmi.RmiServiceExporter">
<property name="serviceName" value="testService" />
<property name="service" ref="testService" />
<property name="serviceInterface" value="test.ITestService" />
<property name="registryPort" value="1199" />
<property name="interceptors">
<list><ref bean="securityInterceptor"/></list>
</property>
</bean>
<bean id="securityInterceptor" class="test.SecurityInterceptor">
<!-- 这里配置允许访问RMI的客户端IP地址 -->
<property name="allowed">
<set>
<value>192.168.0.1</value>
<value>192.168.0.2</value>
</set>
</property>
</bean>

package test;

import java.rmi.server.RemoteServer;
import java.util.Set;

import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;

public class SecurityInterceptor implements MethodInterceptor {
private Set allowed;

public Object invoke(MethodInvocation methodInvocation) throws Throwable {
String clientHost = RemoteServer.getClientHost();
if (allowed != null && allowed.contains(clientHost)) {
return methodInvocation.proceed();
} else {
throw new SecurityException("非法访问。");
}
}

public void setAllowed(Set allowed) {
this.allowed = allowed;
}
}

rmisecuritymanager

Using Spring Security in a Swing Desktop

https://sacrephill.wordpress.com/2009/06/12/using-spring-security-in-a-swing-desktop-application/