Has anyone tried out the 'Obfuscated Transfer object' and 'Secure Session Object' pattern examples from the core security patterns book ?
I have trouble creating the Java SealedObject with in a Stateless EJB using Weblogic 8.1.
I would like to look at your java.security file located in your JRE environment that executes Weblogic.
I would like to know which strategy you are using for building TO "Masked List Strategy", or "Encryption Strategy". Also I would like to see the exceptions your are getting while executing the Obfuscate TO code.