|
Hi,
Propagation of security context (& transaction
context) is transparent from both the bean
developer & the client point of view. If you are
using IIOP (ie. RMI/IIOP) ServiceContext
could
be used for propagating the context.
Harish
Prabandham
Java Enterprise Technologies,
Sun Microsystems Inc.
I am new to the list so excuse me if this
question has been posed before.
RMI currently has no security story. There is no
standard way for a client to associate the credentials of the principal with
an RMI method call. There is no standard way to propagate security credentials
to the server as part of an RMI call. How does an EJB server perform role
mapping in the absence of this information? The EJB spec seems to punt on this
one. Presumably until the RMI security extensions are adopted there is
always going to be some EJB server vendor-specific solution to this which is
going to tie the client in to that particular server. Does RMI/IIOP address
this problem? Does anyone have any ideas?
Simon
Horrell.
|
