Hi!
Dan OConnor wrote:
> I think I might see where we're missing each other. Our application
> server is stateless. In other words, it doesn't remember anything
> about the clients that are "out there." Even a stateful session bean
> is accessed by a "stateless" client that uses a private key. So any
> information you want to be associated with a call (such as principal
> and credential) needs to be propagated on the remote call.
Note that this (=knowing who the caller is) could be solved by using a
custom socket factory that associates each socket connection with a
specific user. This could either be used for applications that have
application clients, or cases where a webserver is client so whatever
principal it sends with the call is correct and does not need to be
authenticated.
This requires socket factories to be pluggable in the JRMP
ContainerInvoker which is not currently the case.
R U following?
/Rickard
--
Rickard �berg
Email: [EMAIL PROTECTED]
http://www.telkel.com
http://www.jboss.org
http://www.dreambean.com
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
