Just read the SpiderMonkey docs, and noticed one important thing missing from them: security.
If I’m reading the docs correctly (and I may very well not be!), pretty much any jME3 client can connect to a server if it uses SpiderMonkey and connects to the correct port.
I’m wondering if there is a way to enable or implement two important security constructs on top of the default SpiderMonkey implementation:
- TLS; that is, SSL over TCP (I assume SpiderMonkey “speaks” a plaintext/binary/unencrypted TCP serialization protocol) and I’d like to see if TLS can be baked in somehow; and
- A custom authentication (identity management) and authorization (access management) model. Here, in the simplest case:
- Perhaps the jME3 user provides a username + password when connecting to the server
- On the server, before even allowing the connection, the username + password are authenticated and the user is assigned a set of roles/permisions (RBAC model)
Is this possible, and if so, what classes would need to be extended/implemented in order to provide these capabilities?