> >Why not serializing the whole AccessControllContext?
> >JAAS isn't design for distribution. It is for intraVM authentication and
> >authorisation.
>
> There is nothing to preclude the JAAS Credentials from be serialilizable.
Actually there is. The Subject is serializable and that includes all
principals, but no credentials.
The specs clearly states that Principals should be made serializable
(Principal does not extend Serializable by default).
Credentials by definition (whether public or private) are
non-serializable.
Furthermore, some credentials may use a connection mechanism to be
refreshable and cannot be serialized outside of the existing VM.
arkin
>
> Thanks,
> Anthony Nadalin
> _______________________________
>
> mailto:[EMAIL PROTECTED]
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
--
----------------------------------------------------------------------
Assaf Arkin www.exoffice.com
CTO, Exoffice Technologies, Inc. www.exolab.org
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
