> Yes, but there is no standard way for the application-client-container to
> propagate the sec. attr. to the ejb-container. More on that later.
IIOP, Kerberos, IPSEC, HTTP, security context over RMI, etc.
> No, it doesn't. But shouldn't it?
> JAAS deals with propagating sec. attrs. within an application. I believe
> that for JAAS to be semantically complete (even within J2SE, which includes
> RMI), it needs to be able to propagate sec. attrs. through RMI. Else, the
> semantics of an RMI-method call is inconsistent. When calling an RMI-method
> residing on the same VM the context is propagated, else it is not.
For same-VM you can simply carry the AccessControlContext around (same
Subject).
For remote methods, you can serialize the Subject send it along and have
it reauthenticated on the server side.
arkin
> Of course, the J2EE needs to standardize on context propagation to get
> container-container integration. Since the container-container integration
> is done through RMI/IIOP the context propagation of J2EE should use the
> standards of the CORBA-world.
>
> > In summary, let's say JAAS can be used for authentication when
> > implemeting J2EE Java-Clients.
>
> I believe that the most important feature JAAS has that J2EE doesn't is
> flexibility of authentication. I don't believe that it is always up to the
> container to decide.
>
> > So if you see any other integration point between EJB(J2EE) and JAAS, or
> > someting wrong in that countered above, let me know your opinion.
> >
> > Thanks.
> > --
> > Francis Pouatcha
> >
> > MATHEMA Software GmbH
> > http://www.mathema.de
> >
> > ==================================================================
> > =========
> > To unsubscribe, send email to [EMAIL PROTECTED] and include
> > in the body
> > of the message "signoff EJB-INTEREST". For general help, send email to
> > [EMAIL PROTECTED] and include in the body of the message "help".
> >
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
--
----------------------------------------------------------------------
Assaf Arkin www.exoffice.com
CTO, Exoffice Technologies, Inc. www.exolab.org
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
