I've written some socket implementation (i call it GSSSocket) which allows for using JGSS (method = Kerberos) to set up secure connections while looking pretty
much like a simple java.net.Socket. For those who don't already know -- JGSS is a Framework which can be e.g. used to securely
(data confidentiality, authentication, etc.) transfer data from one site to another (pretty much like a stream encoder/decoder).
On top of my GSSSocket I need to run RMI, i.e. I want RMI to use my GSSSocket as a transport. I've already accomplished that by
implementing RMIClientSocketFactory and RMIServerSocketFactory so that my GSSSocket is used instead of a plain java.net.Socket.
(J)GSS provides methods (e.g. GSSContext.getSrcName()) to each peer which can be used to retrieve authentication information like
usernames (or kerberos principal names) of the respectively other peer. I.e. for example the server can retrieve the username which
was used on the client machine to establish the connection. (My GSSSocket therefore got additional methods like 'GSSSocket.getInitiatorPrincipal()')
I've got to implement a server side authorization mechanism which bases on the client principal name and therefore I'm facing the following problem:
Let's assume that the server carries out a (remotely invoked) call to method 'getServiceProxy() : ServiceProxyIF'.
getServiceProxy() should return either null or an instance of ServiceProxyImpl (implements ServiceProxyIF) depending on whether the 'calling principal'
is authorized to obtain and use such a ServiceProxyImpl object.
I cannot retrieve that 'calling principal name' though, since for that I'd need a reference to the GSSSocket instance (e.g. for using 'getSrcName()') which was used to receive the
Is there a way to obtain a reference to the underlying socket within a remotely invoked method?
Thanks in advance!
PS: I'm searching the web for days now but I couldn't find anything related to this except for the 'UnicastRemoteObject.getClientHost()'
method which at least shows that there must exist some sort of (internal) call source mapping feature.