Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security Question for JBoss at Work Authors

 
Michael Moser
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First, thanks for your work in the book. Practical guides are always worth a look. My question centers around application security. Security is central to a lot of the applications my team is writing. We currently use Oracle Application Server but it is a pain to configure and work with and so are looking at alternatives. How in depth does your book go with regard to security?
 
Tom Marrs
Author
Ranch Hand
Posts: 67
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It depends on what you're looking for. In chapter 9, we show how to add J2EE declarative security (FORM-based authentication) to the web site. Then, we show how to connect with JAAS (Java Authentication and Authorization Service) to authenticate/authorize the user. We use role-based security so that users in a particular role can only see certain pages. We show how to protect JSPs and Action URLs (so that only authorized users can execute your business logic).

We chose JAAS because:
1) JBoss security is based on JAAS.
2) You can swap out security realms (DBMS, Operating System, etc.) without changing your code.

We show how to configure JBoss to use a JAAS LoginModule that uses database tables for user authentication/authorization.

We also show how to propagate your security context (user/role) to the EJB tier from the web tier. But, if you don't use the Remote Interface for EJBs (or you don't use them at all), then the web-tier security is sufficient.

We also have an Appendix that covers JAAS in greater depth than the security chapter.
 
Michael Moser
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Excellent. I will have check out your book. Thanks for the response and good luck!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic