[jboss-dev-forums] [Design of Management Features on JBoss] - Re: security domain used for securing remote access to Profi

Tuesday, 7 July 2009

Related to JBPAPP-2229, there is a request to not have the ProfileService proxy bindings
available globally in jndi. It was further discussed to not use ejbs to provide the secure
facade for the ProfileService. Rather, the currently unsecured remoting proxies for the
ProfileService should be secured by default in the EAP, and the ejbs removed.

The org.jboss.profileservice.remoting.ProxyFactory bean deployed in the
deploy/profileservice-jboss-beans.xml that creates the proxies and jndi bindings. These
proxies do have typical client side interceptors, but the server side component is not
being secured via a security aspect. That is what should be added to the following
profileservice-jboss-beans.xml beans:

ManagementView 
DeploymentManager

as well as the ProfileService bean from the bootstrap/conf/profile.xml deployment.

View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4242312#...

Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-dev-forums] [Design of Management Features on JBoss] - Re: security domain used for securing remote access to Profi