public final class ServerAuthentication extends Object implements InvocationConstraint, Serializable
Network authentication by a server (to a client) is implementation-specific,
but typically is also scoped and controlled by a Subject
. The
server subject normally is contained in the
Exporter
used to export that remote
object and is taken from the current thread when the exporter is
constructed. However, a server might use one subject to control its local
execution and a different subject to control its network authentication.
A server generally must have permission (such as
AuthenticationPermission
) to authenticate itself
to clients.
It is important to understand that specifying
ServerAuthentication.YES
as a requirement does not
ensure that a server is to be trusted; it does ensure that the
server authenticates itself as someone, but it does not ensure that the
server authenticates itself as anyone in particular. Without knowing who
the server authenticated itself as, there is no basis for actually
trusting the server. The client generally needs to specify a
ServerMinPrincipal
requirement in addition, or else verify
that the server has specified a satisfactory
ServerMinPrincipal
requirement for each of the methods that
the client cares about.
Serialization for this class is guaranteed to produce instances that are
comparable with ==
.
ServerMinPrincipal
,
AuthenticationPermission
,
Serialized FormModifier and Type | Field and Description |
---|---|
static ServerAuthentication |
NO
Do not authenticate the server to the client, so that the server
remains anonymous.
|
static ServerAuthentication |
YES
Authenticate the server to the client.
|
public static final ServerAuthentication YES
public static final ServerAuthentication NO