Folks,


A couple of people and myself are evaluating JBoss as a production quality
app server.
We are new to J2EE, so apologies if these questions have obvious answers :-)

The initial proposed intended architecture is:
Client -- (SOAP) -- Servlet -- (RMI) -- EJB (SQLJ/JDBC) -- Oracle

I have got a basic round-trip working successfully, and happy so far.


However, the other team members are concentrating on the security aspects,
and are frustrated that that they cannot find a definitive "howto" on
security issues.

A couple of their questions are:

How do we ensure only authorised clients can access out SOAP servlet?
(Apache SOAP 2.2)

How do we ensure that no-one can call our EJB's directly via RMI?
(I know a firewall helps here, but is there a built-in mechanism?)


They are getting to the point where they feel that they could spend another
couple of weeks/months experimenting with Jboss security and not achieve
definitive answers on how it should be done. They are recommending looking
at WebLogic and WebSphere, mainly because (presumably) they come with a
manual that covers these issues.


So, my questions are:

Is there a HOWTO for security?
What options are available for authenticating clients from a SOAP servlet?
How does one prevent access to EJB's via RMI?



Any help gratefully received...


Adam Lipscombe





_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to