|I am really interested in find out how JAAS does what it
|does. I can understand get an instance to a LoginContext
|and calling a login method but how can all subsequent calls
|be sent out by that user without being wrapped in some other
|interface. etc. Seems like there would have to be a security
|server on the client side?
simple thread association. The thread you use to do your work is associated
to the security principal you negociated.
This is how we do it for transactions as well. Ineficient if you ask me,
which is why we carry solid association in the MethodInvocation (as opposed
to doing a map lookup everytime with the thread)... The "message" is what
carries all the contextual information.
marc
