geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bordet, Simone" <>
Subject RE: Hot deployment
Date Tue, 20 Apr 2004 14:22:20 GMT

> The advantages I was thinking of were security etc. around the JMX 
> invocation. If 160 handles all of this for us, then cool; I was just 
> concerned that JMX over RMI/JRMP or whatever integrated with 
> the rest of 
> security etc. so users don't end up having to define separate 
> credentials.
> Seems to me that if we layer 160 on top of your stack, 
> clients get the 
> standard API and we get low-level integration - does that make sense?

Especially for security, some level of generalization about authentication may be achieved
with SASL and user input, but I see that quite complex.

If you hard code in the client that authentication uses a password, then if you have a communication
protocol that supports also certificates you may not be able to use certificates.
OTOH, if you hard code the certificate as credential, simpler protocols may not support that
kind of authentication.

JSR 160 authentication with RMI is pluggable (via a JMXAuthenticator).

I may be wrong (still my knowledge of Geronimo is very low) but a suitable JMXAuthenticator
may fit the need of having a single point where credentials are defined.



View raw message