|2. the SecurityAssociation
|... on the client side works global (static) to follow the idea of jaas
|it should work thread based, so the principal/credential should be
|ThreadLocal on the client side too.
yes, I am not sure I understand why it is separated "server" vs "local"
|Furthermore would I suggest to take the principal/credential information
|somehow from the Subject that is currently executing the thread and not
|to put it into a static place from within the LoginModule.
Yes but you need to be able to retrieve it when you do a call in the proxies
so you need a static pointer to a thread local variable
|I dont know
|yet how Tomcat works with that but I will have a look at it right now..
|
|3. JRMP over SSL?
yes
marc
|
|\Daniel
|
|
