public final class ServerAuthentication extends Object implements InvocationConstraint, Serializable
Network authentication
by a server (to a client) is implementation-specific, but typically is also scoped and controlled
by a Subject. The server subject normally is contained in the Exporter used to export that remote object and is taken from the current thread
when the exporter is constructed. However, a server might use one subject to control its local
execution and a different subject to control its network authentication. A server generally must
have permission (such as AuthenticationPermission) to authenticate
itself to clients.
It is important to understand that specifying
ServerAuthentication.YES as a requirement does not ensure that a server is to
be trusted; it does ensure that the server authenticates itself as someone, but it does
not ensure that the server authenticates itself as anyone in particular. Without knowing who the
server authenticated itself as, there is no basis for actually trusting the server. The client
generally needs to specify a ServerMinPrincipal requirement in addition, or else verify
that the server has specified a satisfactory ServerMinPrincipal requirement for each
of the methods that the client cares about.
Serialization for this class is guaranteed to
produce instances that are comparable with ==.
ServerMinPrincipal,
AuthenticationPermission,
Serialized Form| Modifier and Type | Field and Description |
|---|---|
static ServerAuthentication |
NO
Do not authenticate the server to the client, so that the server remains anonymous.
|
static ServerAuthentication |
YES
Authenticate the server to the client.
|
public static final ServerAuthentication YES
public static final ServerAuthentication NO
Copyright © GigaSpaces.