public final class ServerAuthentication extends Object implements InvocationConstraint, Serializable
Network authentication by a server (to a client) is implementation-specific,
but typically is also scoped and controlled by a
server subject normally is contained in the
Exporter used to export that remote
object and is taken from the current thread when the exporter is
constructed. However, a server might use one subject to control its local
execution and a different subject to control its network authentication.
A server generally must have permission (such as
AuthenticationPermission) to authenticate itself
It is important to understand that specifying
ServerAuthentication.YES as a requirement does not
ensure that a server is to be trusted; it does ensure that the
server authenticates itself as someone, but it does not ensure that the
server authenticates itself as anyone in particular. Without knowing who
the server authenticated itself as, there is no basis for actually
trusting the server. The client generally needs to specify a
ServerMinPrincipal requirement in addition, or else verify
that the server has specified a satisfactory
ServerMinPrincipal requirement for each of the methods that
the client cares about.
Serialization for this class is guaranteed to produce instances that are
|Modifier and Type||Field and Description|
Do not authenticate the server to the client, so that the server remains anonymous.
Authenticate the server to the client.
public static final ServerAuthentication YES
public static final ServerAuthentication NO
Copyright 2007-2013, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.