This is a common feature found in online banking, where the user wants to download the transaction history. It allows the importing data into another financial tool for analysis, auditing, or double bookkeeping.
For our case study, we will export using PyroServiceExporter
. However, we only want to expose the logs and none of the other functions. You may recall that PyroServiceExporter
exposes all the methods its target object. In order to do this, we need a separate service that can delegate to our controller, and instead expose it.
class SpringBankPublic(object): def __init__(self, controller): self.controller = controller def history(self, id): return self.controller.history(id)
This class is pretty simple. The constructor call requires a copy of controller. It has only one method, the one intended for public exposure.
@Object def public_service(self): return SpringBankPublic(self.controller()) @Object def spring_bank_exporter(self): exporter = PyroServiceExporter() exporter.service_name = "springbank" exporter.service = self.public_service() return exporter from springpython.remoting.pyro import *
In order to run this code, the following import statement must be added:
from springpython.remoting.pyro import *
from springpython.config import * from springpython.remoting.pyro import * class RemoteClient(PythonConfig): def __init__(self): PythonConfig.__init__(self) @Object def client(self): service = PyroProxyFactory() service.service_url = "PYROLOC://localhost:7766/springbank" return service if __name__ == "__main__": from springpython.context import ApplicationContext ctx = ApplicationContext(RemoteClient()) service = ctx.get_object("client") for row in service.history(1): print row
This client script connects through Pyro module. It requests the history of Account 1, and then prints it out in raw form on the screen.
This easily fetches the raw data we requested. It is a perfect example of how to pipe raw data to other machines.
This form of raw data access has no security restrictions and would be ill advised for exposure to an untrusted network. This type of data would also be more secure if Pyro was configured with SSL. However, at this point in time, Spring Python does not support configuring Pyro with SSL.
@cherrypy.expose def raw_history(self, id): return str(self.controller.history(id))
This basically takes the results of the history
call, converts them to a string, and returns it for display with no extra HTML formatting.
raw_history
with the same protections as history
.@Object def filter_security_interceptor(self): filter = FilterSecurityInterceptor() filter.auth_manager = self.auth_manager() filter.access_decision_mgr = self.access_decision_mgr() filter.sessionStrategy = self.session_strategy() filter.obj_def_source = [ ("/raw_history.*", ["OWNER"]), ("/history.*", ["OWNER"]), ("/.*", ["ROLE_CUSTOMER", "ROLE_MGR", "ROLE_SUPERVISOR"]) ] return filter
Now it's possible to write a web-based script that would get redirected to the login page. It must supply login credentials. After that, it can issue the URL necessary to retrieve Python's literal array of dictionaries. It could then convert it to a Python data structure, and harvest the data.