Whenever a ServerEndpoint <-> Endpoint connection exists between two nodes, a DgcServer service instance is provided, to allow the DgcClient to make dirty and clean calls to tell the server when an object is no longer referenced at the client.
When secure JERI Endpoints are used, such as TLS/SSL, the thread that calls these methods, must be run with a client Subject, and the server thread, with a Server subject. Since JERI multiplexes up to 256 sessions over a single connection, many of the threads making method calls on services over a connection may utilise different Subject's. The DgcServer service doesn't require any special permissions other than the ability to authenticate over a connection.
Threads calling DgcServer methods need to be called by a thread with a Subject which successfully authenticates.
The class BasicObjectEndpoint.DgcBatchContext implements ObjectInputValidation which, during deserialization, registers the ObjectEndpoint and its underlying Endpoint with the DgcClient, the AccessControlContext for calling DgcServer methods should be captured from the DgcClient::registerRefs(Endpoint, Collection) method and remain associated with that Endpoint too allow the DbcClient to connect to the DgcServer using the Endpoint. There is a many to one relationship from ObjectEndpoint -> Endpoint.
If a DgcClient is successfully authenticated, over a secure connection, using the calling Thread's Subject, only then should the AccessControlContext be captured, otherwise an AccessControlContext captured from a previous ObjectEndpoint registration that successfully authenticated will be overwritten by one who's Subject is not authorized to connect, possibly causing a denial of service, by garbage collection of an active service.
The Subject used to authenticate the DgcClient, will always be the most recent thread deserializing the BasicObjectEndpoint and successfully authenticating when registering. This allows for example in a long running process, for Subject's that are no longer in use to be discarded and only Subject's that are in use to be utilised.
Whenever a ServerEndpoint <-> Endpoint connection exists between two nodes, a DgcServer service instance is provided, to allow the DgcClient to make dirty and clean calls to tell the server when an object is no longer referenced at the client.
When secure JERI Endpoints are used, such as TLS/SSL, the thread that calls these methods, must be run with a client Subject, and the server thread, with a Server subject. Since JERI multiplexes up to 256 sessions over a single connection, many of the threads making method calls on services over a connection may utilise different Subject's. The DgcServer service doesn't require any special permissions other than the ability to authenticate over a connection.
Threads calling DgcServer methods need to be called by a thread with a Subject which successfully authenticates.
The class BasicObjectEndpoint.DgcBatchContext implements ObjectInputValidation which, during deserialization, registers the ObjectEndpoint and its underlying Endpoint with the DgcClient, the AccessControlContext for calling DgcServer methods should be captured from the DgcClient::registerRefs(Endpoint, Collection) method and remain associated with that Endpoint too allow the DbcClient to connect to the DgcServer using the Endpoint. There is a many to one relationship from ObjectEndpoint -> Endpoint.
If a DgcClient is successfully authenticated, over a secure connection, using the calling Thread's Subject, only then should the AccessControlContext be captured, otherwise an AccessControlContext captured from a previous ObjectEndpoint registration that successfully authenticated will be overwritten by one who's Subject is not authorized to connect, possibly causing a denial of service, by garbage collection of an active service.
The Subject used to authenticate the DgcClient, will always be the most recent thread deserializing the BasicObjectEndpoint and successfully authenticating when registering. This allows for example in a long running process, for Subject's that are no longer in use to be discarded and only Subject's that are in use to be utilised.