[
https://issues.apache.org/jira/browse/TOMEE-1974?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Romain Manni-Bucau updated TOMEE-1974:
--------------------------------------
Comment: was deleted
(was: well https://issues.apache.org/jira/browse/TOMEE-1975 solves it so this
is no more a concern and you still need a way to handle what we do today ie
oauth2 and token based servers.)
> Allow TomEE ejbd HTTP Servlet to be protected by basic auth
> -----------------------------------------------------------
>
> Key: TOMEE-1974
> URL: https://issues.apache.org/jira/browse/TOMEE-1974
> Project: TomEE
> Issue Type: New Feature
> Components: TomEE Core Server
> Affects Versions: 1.7.5
> Reporter: Jonathan S Fisher
> Priority: Minor
>
> TomEE offers ejbd over http. This is great for a number of reasons, but it
> could go further by protecting the endpoint with http basic auth. This would
> harden the server, and it would have prevented the bug involving
> deserialization unknown classes, because authentication would have to happen
> before the underlying protocol was deserialized.
> Pull request here: https://github.com/apache/tomee/pull/52
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
