ANIL SALDHANA [http://community.jboss.org/people/anil.saldhana%40jboss.com] created the discussion "JSR-160 connectors security" To view the discussion, visit: http://community.jboss.org/message/535651#535651 -------------------------------------------------------------- This is a design thread that Scott Marlow (SMarlow) and I will be using to discuss the JSR-160 integration that Scott is working on. There are some security aspects to be considered in this integration based on the JSR-160 specification. Studying the JSR-160 specification, in the section III on JMX Remote Connector API: * Section 13.12 Connector Security On the server side, when the connectors are created, they are instantiated with JMXAuthenticator.  ( http://java.sun.com/j2se/1.5.0/docs/api/javax/management/remote/JMXAuthen... JMXAuthenticator Javadoc) If you look at the API for JMXAuthenticator, you will see that there is just one method namely: "+*Subject  authenticate( Object credential )*+".  As you can see, we pass in a credential and then get back an authenticated subject. The credential can be open ended.  Ok, what about the username?  Read below: * Section 14.4 Basic Security TBD. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/535651#535651] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]