permaculture playing cards*
The moose likes JBoss/WildFly and the fly likes Security Question for JBoss at Work Authors Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Security Question for JBoss at Work Authors" Watch "Security Question for JBoss at Work Authors" New topic
Author

Security Question for JBoss at Work Authors

Michael Moser
Greenhorn

Joined: May 14, 2004
Posts: 28
First, thanks for your work in the book. Practical guides are always worth a look. My question centers around application security. Security is central to a lot of the applications my team is writing. We currently use Oracle Application Server but it is a pain to configure and work with and so are looking at alternatives. How in depth does your book go with regard to security?
Tom Marrs
Author
Ranch Hand

Joined: Sep 20, 2000
Posts: 67
It depends on what you're looking for. In chapter 9, we show how to add J2EE declarative security (FORM-based authentication) to the web site. Then, we show how to connect with JAAS (Java Authentication and Authorization Service) to authenticate/authorize the user. We use role-based security so that users in a particular role can only see certain pages. We show how to protect JSPs and Action URLs (so that only authorized users can execute your business logic).

We chose JAAS because:
1) JBoss security is based on JAAS.
2) You can swap out security realms (DBMS, Operating System, etc.) without changing your code.

We show how to configure JBoss to use a JAAS LoginModule that uses database tables for user authentication/authorization.

We also show how to propagate your security context (user/role) to the EJB tier from the web tier. But, if you don't use the Remote Interface for EJBs (or you don't use them at all), then the web-tier security is sufficient.

We also have an Appendix that covers JAAS in greater depth than the security chapter.
Michael Moser
Greenhorn

Joined: May 14, 2004
Posts: 28
Excellent. I will have check out your book. Thanks for the response and good luck!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security Question for JBoss at Work Authors
 
Similar Threads
Spring 3 security?
xhtml files and spring-security.
A Question for JBoss at Work Authors
Getting started
Wicket in Action - Wicket VS GWT