|
I am new to the list so excuse me if this question
has been posed before.
RMI currently has no security story. There is no
standard way for a client to associate the credentials of the principal with an
RMI method call. There is no standard way to propagate security credentials to
the server as part of an RMI call. How does an EJB server perform role
mapping in the absence of this information? The EJB spec seems to punt on this
one. Presumably until the RMI security extensions are adopted there is
always going to be some EJB server vendor-specific solution to this which is
going to tie the client in to that particular server. Does RMI/IIOP address this
problem? Does anyone have any ideas?
Simon
Horrell. |
- Re: EJB and security Simon Horrell
- Re: EJB and security Harish Prabandham
- Re: EJB and security Tommy Hellstr�m
