Hi, easiest is IMHO to create physically a tomee webapp (= folder) with the ServerServlet defined (http://tomee.apache.org/ejbd-transport.html) and define the webapp security you want in web.xml. It also needs to extend HttpConnectionFactory ( https://github.com/apache/tomee/blob/master/server/openejb-client/src/main/java/org/apache/openejb/client/HttpConnectionFactory.java) and register it on client side to add basic header support - opened https://issues.apache.org/jira/browse/TOMEE-1889 for that.
To just get security you can use JAAS support of ejbd: http://tomee.apache.org/ejb-over-ssl.html Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://blog-rmannibucau.rhcloud.com> | Old Wordpress Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber <http://www.tomitribe.com> | JavaEE Factory <https://javaeefactory-rmannibucau.rhcloud.com> 2016-07-27 17:03 GMT+02:00 ict <[email protected]>: > Hi to all! when deploy an application who have remote interfaces accesible > from remote ('http://localhost:8080/tomee/ejb'), the > access to a potential attacker is freely guaranteed. > > > How can I protect access even with a simple BASIC authentication? > > It is possible, how can I access the remote environment protected by BASIC > Authentication? > > tank! > > > > -- > View this message in context: > http://tomee-openejb.979440.n4.nabble.com/secure-the-tomee-ejb-path-tp4679509.html > Sent from the TomEE Users mailing list archive at Nabble.com. >
