Folks
I am glad to report that my colleagues are now making progress with the help
of the JAAS howto.
Thanks very much for the help - Adam
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Scott M
Stark
Sent: Friday, June 01, 2001 5:13 PM
To: [EMAIL PROTECTED]
Subject: Re: [JBoss-user] Security in JBoss Howto?
> However, the other team members are concentrating on the security aspects,
> and are frustrated that that they cannot find a definitive "howto" on
> security issues.
>
> A couple of their questions are:
>
> How do we ensure only authorised clients can access out SOAP servlet?
> (Apache SOAP 2.2)
>
This is a basic how to I secure a servlet question and can be handled with
the
2.2 Servlet spec declarative security model.
> How do we ensure that no-one can call our EJB's directly via RMI?
> (I know a firewall helps here, but is there a built-in mechanism?)
>
In JBoss anyone can lookup the EJB home interface. Invocation of any
method on the home or remote interface can be secured using the EJB 1.1
spec declarative security model.
Both of these are described in the online JAAS howto which can be found
here: http://www.jboss.org/documentation/HTML/ch11s83.html
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
