Using SecureRemoteInvocationFactory without a preestablished session

The current implementation of the SecureRemoteInvocationFactory type assumes a use case where there has already been a session established via some other means then RMI. This use case can been seen in the Swing Webstart / Spring example. This example application creates a session via Spring webflow and then passes the session id of the newly created session to the Java Webstart application as a property.

While this works fine for a Java Webstart environment it creates a problem for other uses cases where there is no preestablished session. For example a use case where you want your users to be able to login via a stand alone Swing application which uses Spring and RMI.