|
Simon,
An earlier thread in this list discussed how contextual
information could be passed between server and client. Look for Context
Propagation in the archives. The propagation of security (as well as
transactional) information is invisible to the bean implementation and the
clients, so it will not be a "proprietary problem" as long as the EJB
server implementators implements the spec.
Hope this helps
/Tommy
I am new to the list so excuse me if this
question has been posed before.
RMI currently has no security story. There is
no standard way for a client to associate the credentials of the principal
with an RMI method call. There is no standard way to propagate security
credentials to the server as part of an RMI call. How does an EJB
server perform role mapping in the absence of this information? The EJB spec
seems to punt on this one. Presumably until the RMI security extensions
are adopted there is always going to be some EJB server vendor-specific
solution to this which is going to tie the client in to that particular
server. Does RMI/IIOP address this problem? Does anyone have any
ideas?
Simon
Horrell.
|
