RMI and Access Control
Can we use JAAS for user authentication and access control of operations in conjunction with RMI? How can we do what we did in the JAAS Enabled Sample Application section of Chapter 5, Access Control, to add user authentication and action authorization capability to the RMI-based sample application?
This is possible but non-trivial. The base RMI architecture was developed before JAAS came into existence and hasn't been upgraded to honor JAAS. It is still possible to write RMI client and server programs so that the user credentials (username and password) are collected at the client and passed to the server for authentication. The server goes through the authentication process using JAAS and initializes the Subject instance ...
Get J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.