[Cosmo-dev] JSON-RPC considered harmful

[Randy Letness]

Brian Moseley wrote:
>
> this doesn't work becase the ticket processing junk would have had to
> have found a ticket in the headers or query string and authenticated
> it before the rpc servlet ever got invoked. and that takes us back to
> the original problem.

Can't the ticket processing junk just verify that the ticket is valid 
and stick it in the security context?  Then the rpcservice does the 
authorization based on the method called?

-Randy