> > > No, it doesn't. But shouldn't it?
> > > JAAS deals with propagating sec. attrs. within an application. I
believe
> > > that for JAAS to be semantically complete (even within J2SE, which
includes
> > > RMI), it needs to be able to propagate sec. attrs. through RMI. Else,
the
> > > semantics of an RMI-method call is inconsistent. When calling an
RMI-method
> > > residing on the same VM the context is propagated, else it is not.
> >
> > For same-VM you can simply carry the AccessControlContext around (same
> > Subject).
> >
> > For remote methods, you can serialize the Subject send it along and
have
> > it reauthenticated on the server side.
> >
>Why not serializing the whole AccessControllContext?
>JAAS isn't design for distribution. It is for intraVM authentication and
>authorisation.
There is nothing to preclude the JAAS Credentials from be serialilizable.
Thanks,
Anthony Nadalin
_______________________________
mailto:[EMAIL PROTECTED]
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
