[jboss-user] [Security & JAAS/JBoss] - EJB Security Best Practice???
kdolan
do-not-reply at jboss.com
Thu Sep 6 16:12:32 EDT 2007
I have two questions.
My environment is Machine A runs JBoss/Tomcat only, hosting a protected servlet (i.e., it requires authentication) and Machine B runs JBoss, hosting an EJB (which will be called by the servlet).
Question #1:
What is best practice (or just plain old options) for securing the EJB? The EJB does not necessarily need the credentials of the user who authenticated with the servlet but it wants to at least "trust" calls made from the servlet.
Question #2:
If the environment was a servlet to servlet call - where an HTTP request was going between machines - I would require the request to be an HTTPS call. What is the equivalent for a servlet to EJB call across machines?
Thanks!
Kelly
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4081841#4081841
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4081841
More information about the jboss-user
mailing list