[jboss-user] [Security & JAAS/JBoss] - EJB Security Best Practice???

kdolan do-not-reply at jboss.com
Thu Sep 6 16:12:32 EDT 2007

I have two questions.

My environment is Machine A runs JBoss/Tomcat only, hosting a protected servlet (i.e., it requires authentication) and Machine B runs JBoss, hosting an EJB (which will be called by the servlet).

Question #1:

What is best practice (or just plain old options) for securing the EJB?  The EJB does not necessarily need the credentials of the user who authenticated with the servlet but it wants to at least "trust" calls made from the servlet.

Question #2:

If the environment was a servlet to servlet call - where an HTTP request was going between machines - I would require the request to be an HTTPS call.  What is the equivalent for a servlet to EJB call across machines?


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4081841#4081841

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4081841

More information about the jboss-user mailing list