>Actually there is. The Subject is serializable and that includes all
>principals, but no credentials.
>The specs clearly states that Principals should be made serializable
>(Principal does not extend Serializable by default).
>Credentials by definition (whether public or private) are
>non-serializable.
>Furthermore, some credentials may use a connection mechanism to be
>refreshable and cannot be serialized outside of the existing VM.
Only the Credential needs to be serializable (as the name can get had from
the credential and the Principal and Subject can be rebuilt form that).
There are cases where the Credential is or will not be serializable, but
when you need to send it across the wire you can (as there is nothing that
we put into the specification that says that Credentials are or are not
serializable).
Thanks,
Anthony Nadalin
_______________________________
mailto:[EMAIL PROTECTED]
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
