> However, the other team members are concentrating on the security aspects,
> and are frustrated that that they cannot find a definitive "howto" on
> security issues.
>
> A couple of their questions are:
>
> How do we ensure only authorised clients can access out SOAP servlet?
> (Apache SOAP 2.2)
>
This is a basic how to I secure a servlet question and can be handled with the
2.2 Servlet spec declarative security model.
> How do we ensure that no-one can call our EJB's directly via RMI?
> (I know a firewall helps here, but is there a built-in mechanism?)
>
In JBoss anyone can lookup the EJB home interface. Invocation of any
method on the home or remote interface can be secured using the EJB 1.1
spec declarative security model.
Both of these are described in the online JAAS howto which can be found
here: http://www.jboss.org/documentation/HTML/ch11s83.html
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
