Section 9.9. Integrating Web Tier and EJB Tier Security


9.9. Integrating Web Tier and EJB Tier Security

It's taken a while to get here, but now that we've secured the web tier, we have the core infrastructure in place to secure the rest of the JAW Motors application. Although we've protected access to the InventoryFacadeBean EJB through the Controller Servlet in the web application, the EJB is still vulnerable. Unauthenticated/unauthorized external applications could look up the InventoryFacadeBean and access its administrative methodssaveCars( ) and deleteCars( ). We must protect the EJB tier by securing the administrative methods on the InventoryFacadeBean, yet still allow non-secure access to the non-administrative methodslistAvailableCars( ), findCar( ), and buyCar( ). We'll show how the JBoss security manager, in keeping with the J2EE specification, propagates the user's credentials from the web tier to the EJB container. We now discuss EJB security in greater detail.



JBoss at Work. A Practical Guide
JBoss at Work: A Practical Guide
ISBN: 0596007345
EAN: 2147483647
Year: 2004
Pages: 197

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net