Ulf Dittmer wrote:Not using JDBC in the applet, but instead using some kind of API to access a servlet container -which in turn accesses the DB- is a good first step.
If you don't want arbitrary clients executing arbitrary API calls, then you need some kind of authentication. I can't tell from your post whether you're thinking of requiring a login, or ruling that out, but some kind of authentication is needed.
Regards, Sujeeth Pakala
SCJP, SCWCD, SCBCD, ICAD, XML Master Basic, Certified SOA Professional
Sujeeth Pakala wrote:2 options struck in my mind :
1. Write a EJB and expose as RESTful webservice on server. Then use write Dispatch client to invoke the service from applet. You can secure the communication between EJB and Dispatch client easily using anotations. Use JSON data format which eases parsing data.
2. Write a EJB and expose as SOAP webservice on server. Then use write Dispatch client to invoke the service from applet. You can secure the communication between EJB and Dispatch, maintain client session, impose transactions. Pay attention, SOAP protocol has more advantages in terms of security, transactions etc.
Hope this helps.
Regards, Sujeeth Pakala
SCJP, SCWCD, SCBCD, ICAD, XML Master Basic, Certified SOA Professional
thinking in steps to secure my API using authentication by adding @PostConstruct method to match if the Request is authorised or no
Regards, Sujeeth Pakala
SCJP, SCWCD, SCBCD, ICAD, XML Master Basic, Certified SOA Professional
Sujeeth Pakala wrote:Jason,
Taking advantage of RestTemplate of Spring is good idea and can using spring security is way to secure your Resource.
thinking in steps to secure my API using authentication by adding @PostConstruct method to match if the Request is authorised or no
That is not preferred way. EJB 3.0 API has predefined annotations which secures EJB session beans.
Take a look at .this if you decided to use EJBs.
Hope this helps.
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime. |