rmi over ssl/tls, any way to securely identify the caller?

is there any way to securely get the method invoker while running the called method (server-side)?

i know there's a client string reachable through the server properties, but isn't it too "weak"? any way to get e.g. the client certificate owner?

please give me a couple of hints, WILL RTFD right afterwards ;)

thanks in advance

Solution

I haven't thought this through too thoroughly, but off-hand, I'd suggest a plugging in a custom TrustManager that, after authenticating the caller, associates the client certificate with the caller's thread. This could be done simply with a ThreadLocal, or using the JAAS architecture.

NullPointerException in Java JDK code while performing parallelStream.forEach(..)
Locating code that is filling PermGen with dead Groovy code
Cannot find test class in project - "The input type of the launch configuration does not exist"
Passing the values to the fraction class in java
How to use different authentication methods for different paths using Spring Security
how to fetch and validate csv header in open csv?
4-Sum algorithm failing with duplicate values in Java
Error getting month while using Calendar object
java Calendar Timezones strange stuff
java.util.Date class with different approach for same date gives different output
Finding out the type of invoked method in JDT
How to get the size of a file in MB (Megabytes)?
Exception in thread "main" java.lang.IllegalStateException: Attempted to load Config resource 'class path resource [application.yml]'
Why does Google Calendar.Events.Watch say my request is not HTTPS
Java - Class.forName, how to get a Field from Class
Use of verify() method with and without times(1) parameter
JDBC connection without database definition
Running my testNG project from a jar using Maven
Do subclasses inherit interfaces?
Spring Security - how can I ask invoke access control methods directly?
most accurate time type in java?
How to get the currently selected application from Windows in Java
validate the credit card expiry date using java?
Finding the square root of a number by using binary search
log4j : current time in milliseconds
Why Joda DateTime gives different result than Java Date?
Tomcat - maxThreads vs. maxConnections
Android notification importance cannot be changed
How to enable all endpoints in actuator (Spring Boot 2.0.0 RC1)
Map rainbow colors to RGB