If oyu look at the souce:
You will notice that this proxy pulls principal and credential out of SecurityAssotiation
( look in the invokeContainer() method )
Right, and there would be no question if both client and server were running the same java machine. In my case they are not.
So I can rephrase my question: how remote client SecurityAssociation class shares its static data with SecurityAssociation class on the server side ?
If yo look in the same file:
protected MarshalledObject createMarshalledObject(final Object id,
final Method method,
final Object args)
throws SystemException, IOException
RemoteMethodInvocation rmi =
new RemoteMethodInvocation(id, method, args);
// Set the transaction propagation context
// Set the security stuff
// MF fixme this will need to use "thread local" and therefore same construct as above
// rmi.setPrincipal(sm != null? sm.getPrincipal() : null);
// rmi.setCredential(sm != null? sm.getCredential() : null);
// is the credential thread local? (don't think so... but...)
return new MarshalledObject(rmi);
Your questions would suddently dissapear. I assume
principal & credential are serialized and transported to server.
Thank you very much.