public final class ServerAuthentication extends Object implements InvocationConstraint, Serializable
by a server (to a client) is implementation-specific, but typically is also scoped and controlled
Subject. The server subject normally is contained in the
Exporter used to export that remote object and is taken from the current thread
when the exporter is constructed. However, a server might use one subject to control its local
execution and a different subject to control its network authentication. A server generally must
have permission (such as
AuthenticationPermission) to authenticate
itself to clients.
It is important to understand that specifying
ServerAuthentication.YES as a requirement does not ensure that a server is to
be trusted; it does ensure that the server authenticates itself as someone, but it does
not ensure that the server authenticates itself as anyone in particular. Without knowing who the
server authenticated itself as, there is no basis for actually trusting the server. The client
generally needs to specify a
ServerMinPrincipal requirement in addition, or else verify
that the server has specified a satisfactory
ServerMinPrincipal requirement for each
of the methods that the client cares about.
Serialization for this class is guaranteed to
produce instances that are comparable with
|Modifier and Type||Field and Description|
Do not authenticate the server to the client, so that the server remains anonymous.
Authenticate the server to the client.
public static final ServerAuthentication YES
public static final ServerAuthentication NO
Copyright © GigaSpaces.