Assaf Arkin wrote:
> > No, it doesn't. But shouldn't it?
> > JAAS deals with propagating sec. attrs. within an application. I believe
> > that for JAAS to be semantically complete (even within J2SE, which includes
> > RMI), it needs to be able to propagate sec. attrs. through RMI. Else, the
> > semantics of an RMI-method call is inconsistent. When calling an RMI-method
> > residing on the same VM the context is propagated, else it is not.
>
> For same-VM you can simply carry the AccessControlContext around (same
> Subject).
>
> For remote methods, you can serialize the Subject send it along and have
> it reauthenticated on the server side.
>
Why not serializing the whole AccessControllContext?
JAAS isn't design for distribution. It is for intraVM authentication and
authorisation.
--
Francis Pouatcha
MATHEMA Software GmbH
http://www.mathema.de
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
