river-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From peter_firmst...@apache.org
Subject svn commit: r1023573 - /incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalInputStream.java
Date Sun, 17 Oct 2010 20:38:14 GMT
Author: peter_firmstone
Date: Sun Oct 17 20:38:13 2010
New Revision: 1023573

URL: http://svn.apache.org/viewvc?rev=1023573&view=rev
Log:
River-362 Denial of Service.

Modified:
    incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalInputStream.java

Modified: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalInputStream.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalInputStream.java?rev=1023573&r1=1023572&r2=1023573&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalInputStream.java
(original)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalInputStream.java
Sun Oct 17 20:38:13 2010
@@ -66,6 +66,14 @@ import org.apache.river.api.security.Rev
  * 
  * Authentication is only performed once for each codebase String.
  * 
+ * Note:  It is not required that the Authentication proxy be from the 
+ * originating service node, it will actually be from where the exported
+ * object was last marshalled.  Don't assume the Authentication Proxy will
+ * have the same Subject or Principal as the unmarshalled smart proxy, it needs
+ * independant ProxyVerification.  The intent of the Authentication proxy is to
+ * have someone vouch for the authenticity of the codebase string they've
+ * just sent you, and provide the Certificates the jar file must be signed with.
+ * 
  * @author Peter Firmstone
  */
 public class AuthMarshalInputStream extends MarshalInputStream {



Mime
View raw message