* Issue:

  Using authenticated subjects and subject delegation in the current JMX
  connector server implementations require the server´s creator - the
  codebase/entity calling JMXConnectorServer.start() - to have granted
  all the permissions required by the remote clients to perform its
  remote operations.

  By implementing security in this way we need to grant to the server´s
  codebase more permissions that it really needs. This could be avoided.

* Solution:

  Suppose a security context (subject and/or codebase and/or signers),
  say "creator", makes a JMXConnectorServer and supplies a JMXAuthenticator.

  Later, a connection arrives, and the JMXAuthenticator returns a Subject for
  it containing the Principal "remote". Today, basically both "remote" and
  "creator" must have all needed permissions for the reason I detailed above.

  However, suppose we say that an MBean operation that needs FilePermission is
  allowed if EITHER:

  (1) both "remote" and "creator" have FilePermission (the current
      requirement, i.e. backwards compatibility is kept); OR
  (2) "remote" has FilePermission and "creator" has
      SubjectDelegationPermission("remote").

  By supporting (2) we no longer need to grant FilePermission to the
  "creator" codebase.

###@###.### 2005-05-20 16:32:52 GMT