public final class ClientAuthentication extends Object implements InvocationConstraint, Serializable
Network authentication by a client (to a server) is scoped and controlled
by the client's Subject
. The client's subject
is the current subject associated with the thread making the remote call.
The subject for a thread normally is set using
Subject.doAs
, and is retrieved
from a thread by calling Subject.getSubject
with the thread's current access control context (given
by calling AccessController.getContext
).
A client can only authenticate itself in a remote call as some subset of
the principals in its Subject
, and only if that subject
contains the necessary public and/or private credentials required for the
authentication mechanism used by the proxy and server implementations.
However, additional principals and credentials might be derived as a result
of authentication. A client generally must have permission (such as
AuthenticationPermission
) to authenticate itself
in a remote call.
In the server, the result of authenticating the client typically is
represented by a subject containing the subset of authenticated client
principals plus any derived principals, and the public credentials used
during authentication plus any derived public credentials. This subject
typically is used by the server for authorization (access control)
decisions; in particular, it is used to decide if the client is permitted
to make the remote call. This subject normally does not contain any private
credentials, and so cannot be used for authentication in further remote
calls, unless Delegation
is used.
Serialization for this class is guaranteed to produce instances that are
comparable with ==
.
ClientMaxPrincipal
,
ClientMaxPrincipalType
,
ClientMinPrincipal
,
ClientMinPrincipalType
,
Delegation
,
AuthenticationPermission
,
Serialized FormModifier and Type | Field and Description |
---|---|
static ClientAuthentication |
NO
Do not authenticate the client to the server, so that the client
remains anonymous.
|
static ClientAuthentication |
YES
Authenticate the client to the server.
|
public static final ClientAuthentication YES
public static final ClientAuthentication NO