[jboss-user] [JBoss Seam] - Re: seam-security example

dietice do-not-reply at jboss.com
Wed Nov 15 10:57:39 EST 2006

Hey Shane,

I have one more question regarding the security layer you are currently building:

As far as i can see you are concentrating on the backend part (calls on Beanmethods).

What are your plans regarding frontend security (access to web pages / URLs)?

I would like to see the possibility to enforce HTTP or HTTPS access to certain URLs (the security hole arising by changing from HTTPS to HTTP could be prevented by creating a 2nd session identifier cookie that is _only_ transmitted by HTTPS requests - and verified that it isn't transfered by HTTP requests).

Further i would like to see some certificate authentication - i.e. access to example.com/admin is allowed only to people having a certain certificate (all employees) and the rest of the world gets a 404 not found.

So how are your plans regarding such matters?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3986177#3986177

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3986177

More information about the jboss-user mailing list