Dain wrote:
There is no reason you have to separate the web container from the EJB container. The only reason this ever came up in J2EE is the other vendors charge so much for a CPU license you wanted to maximize the CMP utilization of the EJB boxes.Just out of curiosity, why would it be less secure to use a reverse-proxy? You ought to be able to put the reverse-proxy in the DMZ, and the J2EE container (with web + EJB components) behind the internal firewall. Now there is no application code of any kind in the DMZ (so there is nothing to lose if this machine is compromised), and you only have to open the single HTTP port to the backend machine.
The only good reasons I have heard is security. For security I don't believe that you can get the same benefit by using a proxy process in front.
(I realize I am asking you to explain a position you don't believe, but I am curious what you have heard :-)
-- Randy-dainOn Wednesday, November 20, 2002, at 12:09 PM, Pavel Kolesnikov wrote:Hello, I've configured my security realm on my JBoss 3.0.2 server. Everything works fine, but now I'd like to separate web container and EJB container to different machines. Is there any way how to configure it to make a web container to authenticate users against realm configured on different machine and above all to propagate the security context to EJBs running on different machine? I tried to find the answer in forums, but I found just unanswered questions :) Thanks a lot Pavel,
_________________________________________________________________
Randy Shoup
Tumbleweed Communications Corporation
-------------------------------------------------------
This sf.net email is sponsored by: Battle your brains against the best in the Thawte Crypto Challenge. Be the first to crack the code - register now: http://www.gothawte.com/rd521.html
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
