File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JBoss/WildFly and the fly likes Security Question for JBoss at Work Authors Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Security Question for JBoss at Work Authors" Watch "Security Question for JBoss at Work Authors" New topic

Security Question for JBoss at Work Authors

Michael Moser

Joined: May 14, 2004
Posts: 28
First, thanks for your work in the book. Practical guides are always worth a look. My question centers around application security. Security is central to a lot of the applications my team is writing. We currently use Oracle Application Server but it is a pain to configure and work with and so are looking at alternatives. How in depth does your book go with regard to security?
Tom Marrs
Ranch Hand

Joined: Sep 20, 2000
Posts: 67
It depends on what you're looking for. In chapter 9, we show how to add J2EE declarative security (FORM-based authentication) to the web site. Then, we show how to connect with JAAS (Java Authentication and Authorization Service) to authenticate/authorize the user. We use role-based security so that users in a particular role can only see certain pages. We show how to protect JSPs and Action URLs (so that only authorized users can execute your business logic).

We chose JAAS because:
1) JBoss security is based on JAAS.
2) You can swap out security realms (DBMS, Operating System, etc.) without changing your code.

We show how to configure JBoss to use a JAAS LoginModule that uses database tables for user authentication/authorization.

We also show how to propagate your security context (user/role) to the EJB tier from the web tier. But, if you don't use the Remote Interface for EJBs (or you don't use them at all), then the web-tier security is sufficient.

We also have an Appendix that covers JAAS in greater depth than the security chapter.
Michael Moser

Joined: May 14, 2004
Posts: 28
Excellent. I will have check out your book. Thanks for the response and good luck!
I agree. Here's the link:
subject: Security Question for JBoss at Work Authors
It's not a secret anymore!