[jdf-users] New comment posted on JBoss Developer Framework
Disqus
notifications at disqus.net
Fri May 31 16:10:25 EDT 2013
Jason Porter <lightguard.jp at gmail.com> wrote, in response to TBorba:
What I've typically seen being done is a token that's sent via a custom HTTP Header. Those are first obtained via a login / auth function. You could also require a username with that auth token. If you're using CDI you could create a security interceptor to check those and deny / allow that way.
User's website: http://lightguard-jp.blogspot.com
IP address: 63.248.81.177
Link to comment: http://redirect.disqus.com/url?url=http%3A%2F%2Fjboss.org%2Fjdf%2Fexamples%2Fticket-monster%2Ftutorial%2FBusinessLogic%2F%23comment-915367092%3AqeHbwFsFkfXgSoRv9sfAR0YOXpM&impression=214d190a-ca2e-11e2-9e68-003048de3832&type=notification.post.moderator&event=email&behavior=click
TBorba wrote:
Congratulations to the authors and contributors on the very detailed tutorial. Ticket-monster is really getting me started on JavaEE and JBoss.
I have a question and a proposed improvement about the Rest services mentioned here. I'll start with the question.
Question - Rest security:
I have successfully converted the persistence framework for my project necessities using PostgreSQL with jdbc drivers, and noticed a security issue. Ticket-monster appears to be the kind of application that does not require its data to be private in most scenarios, and the JSON result of the services is accessible to anything that can reach the ticket-monster/rest/servicepath. So anyone can see the contents of my database.
How would one restrict the services for scenarios where privacy is key and authentic...
-----
Options: You can moderate through email. Respond in the body with "Delete". Reply with "Like" to like this comment, or respond with anything else to approve this comment and post your message as a reply comment.
Or use the moderate panel: http://jdf.disqus.com/admin/moderate/#/pending
Stop receiving notifications when new comments are posted:
http://disqus.com/account/#notifications
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jdf-users/attachments/20130531/7c585fa5/attachment.html
More information about the jdf-users
mailing list