[jboss-user] [Security & JAAS/JBoss] - EJB Security Best Practice???

Thursday, 6 September 2007

I have two questions.

My environment is Machine A runs JBoss/Tomcat only, hosting a protected servlet (i.e., it
requires authentication) and Machine B runs JBoss, hosting an EJB (which will be called by
the servlet).

Question #1:

What is best practice (or just plain old options) for securing the EJB?  The EJB does not
necessarily need the credentials of the user who authenticated with the servlet but it
wants to at least "trust" calls made from the servlet.

Question #2:

If the environment was a servlet to servlet call - where an HTTP request was going between
machines - I would require the request to be an HTTPS call.  What is the equivalent for a
servlet to EJB call across machines?

Thanks!
Kelly

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4081841#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Security & JAAS/JBoss] - EJB Security Best Practice???