[Cosmo-dev] JSON-RPC considered harmful

[Brian Moseley]

On 12/5/06, Randy Letness <randy at osafoundation.org> wrote:

> Right but by using the CosmoSecurityManager, you can leave the RPC
> method signatures alone (don't have to create new methods that require a
> ticket as an argument).

this doesn't work becase the ticket processing junk would have had to
have found a ticket in the headers or query string and authenticated
it before the rpc servlet ever got invoked. and that takes us back to
the original problem.