Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » scout » Remote Service Call / ServiceTunnel(How does a remote service call work and how is it secured)
Remote Service Call / ServiceTunnel [message #730684] Wed, 28 September 2011 21:23 Go to next message
Ivan Motsch is currently offline Ivan MotschFriend
Messages: 123
Registered: March 2010
Senior Member
See the graphics with the sequence diagram of the ping service call from the client to the server.
The top part of the graphics shows the object structure. The sequence diagram shows the call flow.


The IPingService interface is registered in the client plugin.xml as a service proxy with the ClientProxyServiceFactory.
The PingService implementation is registered in the server plugin.xml as a service impl with the ServerServiceFactory.

Authorization of remote service calls is done as usual using java security permissions.
In your projects own AccessControlService extending AbstractAccessControlService you can assign RemoteServiceAccessPermission to roles.
By design only services implementing IService can be called remotely. The default RemoteServiceAccessPermission assigned to users allows
access to all operations on service interfaces defined in a *.shared.* package (plug-in).

In order to activate central input/output validation, create and use a subclass of ServiceTunnelServlet and override runServerJobTransactionWithDelegate().
There use a subclass of DefaultTransactionDelegate with implemented methods filterInput() and filterOutput().
The easiest way to implement is by calling new DefaultValidator().validate();
The DefaultValidator validates all arguments using a deep-traversal check. Form datas (subclass of AbstarctFormData) are checked with the delegate DefaultFormDataValidator.
This is very useful since the eclipse scout sdk writes all ui model properties relevant for validation automatically to the form data.

For example a StringField in a form defining a maxLength of 200 by
public class LastName extends AbstractStringField{
  protected int getConfiguredMaxLength(){
    return 200;

will result in a form data field

public class LastName extends AbstractValueFieldData<String>{
  public static final HashMap<String,Object> validationRules=new HashMap<String,Object>();

That way you define your business rules exactly once and they are automatically checked at the central input validation on the server, since the shared form data classes
are used on client and server.

For more details see ValidationRule, ValidationStrategy, IValidator.
Re: Remote Service Call / ServiceTunnel [message #753039 is a reply to message #730684] Wed, 26 October 2011 16:04 Go to previous message
Claudio Guglielmo is currently offline Claudio GuglielmoFriend
Messages: 165
Registered: March 2010
Senior Member
Hi Ivan

Thank you very much for this explanation!

I updated the wiki accordingly:


[Updated on: Tue, 01 November 2011 19:40]

Report message to a moderator

Previous Topic:Delete
Next Topic:Security with JAAS
Goto Forum:

Current Time: Sat Apr 21 08:01:40 GMT 2018

Powered by FUDForum. Page generated in 0.02189 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software