geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alan Cabrera <Alan.Cabr...@reuters.com>
Subject RE: Hot deployment
Date Tue, 20 Apr 2004 15:32:15 GMT
Simone,

I was thinking of using the Generic Connector.  This would allow for the
automatic injection of the Subject into the communication circuit from
the Geronimo security environment.  We could also benefit from many of
the other features provided by the Geronimo network stack.

Regards,
Alan

-----Original Message-----
From: Bordet, Simone [mailto:simone.bordet@hp.com] 
Sent: Tuesday, April 20, 2004 10:22 AM
To: geronimo-dev@incubator.apache.org
Subject: RE: Hot deployment

Hi,

> The advantages I was thinking of were security etc. around the JMX 
> invocation. If 160 handles all of this for us, then cool; I was just 
> concerned that JMX over RMI/JRMP or whatever integrated with 
> the rest of 
> security etc. so users don't end up having to define separate 
> credentials.
> 
> Seems to me that if we layer 160 on top of your stack, 
> clients get the 
> standard API and we get low-level integration - does that make sense?

Especially for security, some level of generalization about
authentication may be achieved with SASL and user input, but I see that
quite complex.

If you hard code in the client that authentication uses a password, then
if you have a communication protocol that supports also certificates you
may not be able to use certificates.
OTOH, if you hard code the certificate as credential, simpler protocols
may not support that kind of authentication.

JSR 160 authentication with RMI is pluggable (via a JMXAuthenticator).

I may be wrong (still my knowledge of Geronimo is very low) but a
suitable JMXAuthenticator may fit the need of having a single point
where credentials are defined.

Thanks,

Simon


-----------------------------------------------------------------
        Visit our Internet site at http://www.reuters.com

Get closer to the financial markets with Reuters Messaging - for more
information and to register, visit http://www.reuters.com/messaging

Any views expressed in this message are those of  the  individual
sender,  except  where  the sender specifically states them to be
the views of Reuters Ltd.


Mime
View raw message