>From the Subject JavaDoc:
"This Subject class implements Serializable. While the Principals
associated with the Subject are serialized, the credentials associated
with the Subject are not. Note that the java.security.Principal class
does not implement Serializable. Therefore all concrete Principal
implementations associated with Subjects must implement Serializable."
So by definition credentials are never serialized.
Furthermore, the last thing I would like to see is my priate credentials
floating around for everybody to pick up and read.
arkin
> Only the Credential needs to be serializable (as the name can get had from
> the credential and the Principal and Subject can be rebuilt form that).
> There are cases where the Credential is or will not be serializable, but
> when you need to send it across the wire you can (as there is nothing that
> we put into the specification that says that Credentials are or are not
> serializable).
>
> Thanks,
> Anthony Nadalin
> _______________________________
>
> mailto:[EMAIL PROTECTED]
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
--
----------------------------------------------------------------------
Assaf Arkin www.exoffice.com
CTO, Exoffice Technologies, Inc. www.exolab.org
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
