Java Answers

Question Asked By: Hayrah Burki on Oct 30 In Java Category.

Web Applications Security and Enterprise Java

Question Answered By: Nixie Schmidt on Oct 30

I agree with u that u should have ssl over the http for a secure
communication between client and server, and u can do it relative
easy in jboss.
I try to find the part you reffer to: "Do not mix up EJB Security
with web Application Security".
I only find: "Web application security is not covered by the EJB
specification but rather J2EE platform specification".
If u read the section "Invoking enterprise Bean Business Methods" in
the spec. you found "The association is implemented as two related
security contexts, one in the web server and one in the EJB
container. The EJB container is responsible for enforcing access
control on the enterprise bean method".
Exactly what i descripe in my earlyer reply, end exactly how Jboss
works, the Ejb container force u to have security rolls on your EJB
Methods, if you dont whant it you most explecity say that you dont
whant it.

This Question has 7 more answer(s). View Complete Question Thread

Didn't find what you were looking for? Find more on Web Applications Security and Enterprise Java Or get search suggestion and latest updates.

RSS Feeds:	Articles \| Forum \| New Users \| Activities \| Interview FAQ \| Poll \| Hotlinks
Social Networking:	Hall of Fame \| Facebook \| Twitter \| LinkedIn
Terms:	Terms of Use \| Privacy Policy \| Contact us