public final class ClientAuthentication extends Object implements InvocationConstraint, Serializable
Network authentication by a client (to a server) is scoped and controlled
by the client's
Subject. The client's subject
is the current subject associated with the thread making the remote call.
The subject for a thread normally is set using
Subject.doAs, and is retrieved
from a thread by calling
Subject.getSubject with the thread's current access control context (given
A client can only authenticate itself in a remote call as some subset of
the principals in its
Subject, and only if that subject
contains the necessary public and/or private credentials required for the
authentication mechanism used by the proxy and server implementations.
However, additional principals and credentials might be derived as a result
of authentication. A client generally must have permission (such as
AuthenticationPermission) to authenticate itself
in a remote call.
In the server, the result of authenticating the client typically is
represented by a subject containing the subset of authenticated client
principals plus any derived principals, and the public credentials used
during authentication plus any derived public credentials. This subject
typically is used by the server for authorization (access control)
decisions; in particular, it is used to decide if the client is permitted
to make the remote call. This subject normally does not contain any private
credentials, and so cannot be used for authentication in further remote
Delegation is used.
Serialization for this class is guaranteed to produce instances that are
|Modifier and Type||Field and Description|
Do not authenticate the client to the server, so that the client remains anonymous.
Authenticate the client to the server.
public static final ClientAuthentication YES
public static final ClientAuthentication NO
Copyright 2007-2013, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.