[jdf-users] New comment posted on JBoss Developer Framework
Disqus
notifications at disqus.net
Mon Jun 3 10:33:38 EDT 2013
Vineet Reynolds <vineet.reynolds at gmail.com> wrote, in response to TBorba:
Thanks for proposing the improvement. I've tracked it as yet another item in JDF-259 https://issues.jboss.org/browse/JDF-259
The deployed application on OpenShift, as well as a locally built version from the current HEAD on GitHub should not have the described issue involving cyclic references. They in fact do something similar to what you're proposed, in using the "@JsonIgnoreProperties" annotation.
As for security constraints to be applied on REST resources, Jason's reply would answer it. We hope to demonstrate something similar in TicketMonster, most probably through the use of PicketLink.
IP address: 209.132.188.34
Link to comment: http://redirect.disqus.com/url?url=http%3A%2F%2Fjboss.org%2Fjdf%2Fexamples%2Fticket-monster%2Ftutorial%2FBusinessLogic%2F%23comment-917645152%3A8jmAdsdwPNkFEusFdxLyo3tVg1c&impression=93e14846-cc5a-11e2-ba27-003048df93b0&type=notification.post.moderator&event=email&behavior=click
TBorba wrote:
Congratulations to the authors and contributors on the very detailed tutorial. Ticket-monster is really getting me started on JavaEE and JBoss.
I have a question and a proposed improvement about the Rest services mentioned here. I'll start with the question.
Question - Rest security:
I have successfully converted the persistence framework for my project necessities using PostgreSQL with jdbc drivers, and noticed a security issue. Ticket-monster appears to be the kind of application that does not require its data to be private in most scenarios, and the JSON result of the services is accessible to anything that can reach the ticket-monster/rest/servicepath. So anyone can see the contents of my database.
How would one restrict the services for scenarios where privacy is key and authentic...
-----
Options: You can moderate through email. Respond in the body with "Delete". Reply with "Like" to like this comment, or respond with anything else to approve this comment and post your message as a reply comment.
Or use the moderate panel: http://jdf.disqus.com/admin/moderate/#/pending
Stop receiving notifications when new comments are posted:
http://disqus.com/account/#notifications
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jdf-users/attachments/20130603/ad0201ee/attachment-0001.html
More information about the jdf-users
mailing list