Working on the connection re-authentication and security propagation
problem one area already identified that we need is a central service
exposed over Remoting to co-ordinate this activity. As this is an
aspect of the overall solution that is fairly well understood I have
been starting to assemble this so that the remainder of the decisions
can have a little more context.
When I started work on Remoting JMX the first thing I did at the time
was to look into the EJB over Remoting implementation to see how various
problems were being solved, I believe when the JNDI over Remoting
project was implemented both the EJB implementation and the Remoting JMX
project were reviewed again before the problems were solved again for
To avoid continually solving this same problem again and again I have
been starting to split the common functionality out into a separate
framework project so that the authentication service can use this
without having to contain it's own implementation again: -
At this point I am looking for any opinions on where this should live.
(I also need to check some things internally as well but wanted to check
with other engineers first)
I am not at this point intending for this to be released as a developers
framework, at the moment it contains the capabilities I need for the
authentication service and if other services can make use of it the
capabilities can be expanded for those projects.
The current capabilities are: -
* Connection establishment.
* Channel Opening
- Welcome message exchange (To verify correct channel)
- Protocol version negotiation.
- Mechanism to obtain strongly typed proxy to the other side of the
- Message Handler based message processing.
- Support for conversations from short request/response
conversations to longer running multiple message conversations.
As a channel is opened there is a notion of which side is initiating the
channel opening, however this does not enforce a client/server notion
beyond that. Existing connections can be used so either side could have
already opened a connection. After a channel is opened both sides are
presented with a strongly typed representation of the other side of the
channel that can be used independently.