[Cosmo-dev] JSON-RPC considered harmful
bcm at osafoundation.org
Tue Dec 5 22:59:32 PST 2006
On 12/5/06, Randy Letness <randy at osafoundation.org> wrote:
> Right but by using the CosmoSecurityManager, you can leave the RPC
> method signatures alone (don't have to create new methods that require a
> ticket as an argument).
this doesn't work becase the ticket processing junk would have had to
have found a ticket in the headers or query string and authenticated
it before the rpc servlet ever got invoked. and that takes us back to
the original problem.
More information about the cosmo-dev