Network authentication by a server (to a client) is implementation-specific, but typically is also scoped and controlled by a Subject. The server subject normally is contained in the {@link net.jini.export.Exporter} used to export that remoteobject and is taken from the current thread when the exporter is constructed. However, a server might use one subject to control its local execution and a different subject to control its network authentication. A server generally must have permission (such as {@link net.jini.security.AuthenticationPermission}) to authenticate itself to clients.
It is important to understand that specifying ServerAuthentication.YES as a requirement does not ensure that a server is to be trusted; it does ensure that the server authenticates itself as someone, but it does not ensure that the server authenticates itself as anyone in particular. Without knowing who the server authenticated itself as, there is no basis for actually trusting the server. The client generally needs to specify a {@link ServerMinPrincipal} requirement in addition, or else verifythat the server has specified a satisfactory ServerMinPrincipal requirement for each of the methods that the client cares about.
Serialization for this class is guaranteed to produce instances that are comparable with ==.
@author Sun Microsystems, Inc.
@see ServerMinPrincipal
@see net.jini.security.AuthenticationPermission
@since 2.0
| |