Jonathan S Fisher created TOMEE-1974:
----------------------------------------
Summary: Allow TomEE ejbd HTTP Servlet to be protected by basic
auth
Key: TOMEE-1974
URL: https://issues.apache.org/jira/browse/TOMEE-1974
Project: TomEE
Issue Type: New Feature
Components: TomEE Core Server
Affects Versions: 1.7.5
Reporter: Jonathan S Fisher
Priority: Minor
TomEE offers ejbd over http. This is great for a number of reasons, but it
could go further by protecting the endpoint with http basic auth. This would
harden the server, and it would have prevented the bug involving
deserialization unknown classes, because authentication would have to happen
before the underlying protocol was deserialized.
Pull request here: https://github.com/apache/tomee/pull/52
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
