Section 9.9. Integrating Web Tier and EJB Tier Security
9.9. Integrating Web Tier and EJB Tier SecurityIt's taken a while to get here, but now that we've secured the web tier, we have the core infrastructure in place to secure the rest of the JAW Motors application. Although we've protected access to the InventoryFacadeBean EJB through the Controller Servlet in the web application, the EJB is still vulnerable. Unauthenticated/unauthorized external applications could look up the InventoryFacadeBean and access its administrative methodssaveCars( ) and deleteCars( ). We must protect the EJB tier by securing the administrative methods on the InventoryFacadeBean, yet still allow non-secure access to the non-administrative methodslistAvailableCars( ), findCar( ), and buyCar( ). We'll show how the JBoss security manager, in keeping with the J2EE specification, propagates the user's credentials from the web tier to the EJB container. We now discuss EJB security in greater detail. |
EAN: 2147483647
Pages: 197
- An Emerging Strategy for E-Business IT Governance
- Linking the IT Balanced Scorecard to the Business Objectives at a Major Canadian Financial Group
- A View on Knowledge Management: Utilizing a Balanced Scorecard Methodology for Analyzing Knowledge Metrics
- Technical Issues Related to IT Governance Tactics: Product Metrics, Measurements and Process Control
- Managing IT Functions