From: Chris Jobson <jobson@sy...> - 2002-09-26 13:20:42
Is there any way that an mbena method can extract 'client' context
to allow it to authorise the client to execute the method?
Fo rexample, a client might have opened an RMI connection to an MBean server
and is invoking a method remotely on a target mbean. Is there any way that
the target mbean can verify that the user is allowed to do this?
This kind of thing is handled in EJBs via the isCallerInRole() method
callable on a context object associated with the client invocation.
I suspect that no such 'context' object exists in JMX - meaning that it
would be difficult to determine what the actual client to the call is (from
within an mbean).
Presumably the connector layer could handle this, but that puts the onus
on authoriation at that level, rather than in the mbean - and if there
connectors accessing the same mbean, this is duplicated in various places,
or else in some centralised authorisation layer called (hopefully) by each
connector. But even so, this would mean all authorisation details across
all mbeans would need to be handled by this layer, rather than delegating
it to each mbean in turn.
I guess some sort of 'thread context' object could be exploited here -
connector could place user/client context objects there, and they could be
extracted in the actual mbean. Does MX4J provide such a facility? Or
with roughly similar functionality?
Thoughts or comments?
Maybe I have missed something and this is possible ...
Get latest updates about Open Source Projects, Conferences and News.