[jboss-user] [JBoss Seam] - Re: seam-security example
do-not-reply at jboss.com
Wed Nov 15 10:57:39 EST 2006
I have one more question regarding the security layer you are currently building:
As far as i can see you are concentrating on the backend part (calls on Beanmethods).
What are your plans regarding frontend security (access to web pages / URLs)?
I would like to see the possibility to enforce HTTP or HTTPS access to certain URLs (the security hole arising by changing from HTTPS to HTTP could be prevented by creating a 2nd session identifier cookie that is _only_ transmitted by HTTPS requests - and verified that it isn't transfered by HTTP requests).
Further i would like to see some certificate authentication - i.e. access to example.com/admin is allowed only to people having a certain certificate (all employees) and the rest of the world gets a 404 not found.
So how are your plans regarding such matters?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3986177#3986177
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3986177
More information about the jboss-user