views:

173

answers:

1

Hi! There is good tutorial Basic Authentication with JAX-WS

But it describe deployment description for web based application (war). Is it passable describe in ejb jar deployment description ?

For web.xml

<security-constraint>
        <display-name>SecurityConstraint</display-name>
        <web-resource-collection>
             <web-resource-name>WRCollection</web-resource-name>
            <url-pattern>/hello</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>TutorialUser</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    <login-config>
        <auth-constraint>BASIC</auth-constraint>
        <realm-name>file</realm-name>
    </login-config>
        <security-role>
            <role-name>TutorialUser</role-name>
        </security-role>

I found out description of security rules by annotation -

Security Annotations and Authorization in GlassFish and the Java EE 5 SDK

But is this is enough ?

Than you!

A: 

Annotation and sun-ejb.xml is enough, but using Basic Authentication is a not a best way.

kislo_metal
What is wrong with using basic?
Justin
maybe because it is not secure enough.. I desisted to use hands made authentication.
kislo_metal