5.3. Developer Advice for User Credentials in Remote Method Invocation
In Remote Method Invocation (RMI), credentials are transmitted from client to server. These credentials populate the security context in the method invocation object. This is implemented using the
setPrincipal
and setCredential
methods.
Example 5.1. Setting Principal and Credential
MethodInvocation mi = new MethodInvocation(); mi.setPrincipal(new SimplePrincipal("myusername")); mi.setCredential("mypassword");
These additional payloads can be retrieved at the server side using similar methods on the invocation object.
Example 5.2. Retrieving Principal and Credential
Principal p = mi.getPrincipal(); Object cred = mi.getCredential(); // Now do authentication (and then authorization)