[
https://issues.apache.org/jira/browse/TOMEE-1974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15687455#comment-15687455
]
Romain Manni-Bucau commented on TOMEE-1974:
-------------------------------------------
if unclear: oauth is already supported and that is one of the reason i would
like to keep current code (+ backward compat)
> Allow TomEE ejbd HTTP Servlet to be protected by basic auth
> -----------------------------------------------------------
>
> Key: TOMEE-1974
> URL: https://issues.apache.org/jira/browse/TOMEE-1974
> Project: TomEE
> Issue Type: New Feature
> Components: TomEE Core Server
> Affects Versions: 1.7.5
> Reporter: Jonathan S Fisher
> Priority: Minor
>
> TomEE offers ejbd over http. This is great for a number of reasons, but it
> could go further by protecting the endpoint with http basic auth. This would
> harden the server, and it would have prevented the bug involving
> deserialization unknown classes, because authentication would have to happen
> before the underlying protocol was deserialized.
> Pull request here: https://github.com/apache/tomee/pull/52
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
