Folks,
A couple of people and myself are evaluating JBoss as a production quality
app server.
We are new to J2EE, so apologies if these questions have obvious answers :-)
The initial proposed intended architecture is:
Client -- (SOAP) -- Servlet -- (RMI) -- EJB (SQLJ/JDBC) -- Oracle
I have got a basic round-trip working successfully, and happy so far.
However, the other team members are concentrating on the security aspects,
and are frustrated that that they cannot find a definitive "howto" on
security issues.
A couple of their questions are:
How do we ensure only authorised clients can access out SOAP servlet?
(Apache SOAP 2.2)
How do we ensure that no-one can call our EJB's directly via RMI?
(I know a firewall helps here, but is there a built-in mechanism?)
They are getting to the point where they feel that they could spend another
couple of weeks/months experimenting with Jboss security and not achieve
definitive answers on how it should be done. They are recommending looking
at WebLogic and WebSphere, mainly because (presumably) they come with a
manual that covers these issues.
So, my questions are:
Is there a HOWTO for security?
What options are available for authenticating clients from a SOAP servlet?
How does one prevent access to EJB's via RMI?
Any help gratefully received...
Adam Lipscombe
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user