> > I would vote for establishing an identity interceptor as > the first in > > the message flow. He is marking the call with the identity of the > > caller. So one is able, even in threadlocal, to identifying > who is in. > > > > absolutely wrong?? > > > > If I understand you correctly, I think that is what we are > doing, except > we don't use an actual ThreadLocal, we associate the Subject with the > thread's AccessControlContext. > > The question is where this should happen and how do we ensure > it is done > for all invocations including callbacks. >
Yes, this is what i am asking for since the beginning of struggling with the java language namespace nightmare: there should be a _concept_ of having a clearly defined, independend identity system of java class instances. We already have one for the jar's: singed jars. The instance per JVM have one too, so we have to have it extended for remote usage, added the identity of the surroundig whatever-you-call-it-maybe-container. Here comes signatures in view: the ID could be the SHA-1 of the signature+JVMClassInstanceId. Handled similar to URLStreamHandlerFactory: once-per-jvm. just an idea ... <I know, i couldn't express myself as well as it should be! Lack of english etc.etc.> bax
