tags:

views:

173

answers:

1
+1  Q: 

Deployment secription of Basic Authentication with JAX-WS for EJB 3.1

Hi! There is good tutorial Basic Authentication with JAX-WS

But it describe deployment description for web based application (war). Is it passable describe in ejb jar deployment description ?

For web.xml 

<security-constraint>
        <display-name>SecurityConstraint</display-name>
        <web-resource-collection>
             <web-resource-name>WRCollection</web-resource-name>
            <url-pattern>/hello</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>TutorialUser</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    <login-config>
        <auth-constraint>BASIC</auth-constraint>
        <realm-name>file</realm-name>
    </login-config>
        <security-role>
            <role-name>TutorialUser</role-name>
        </security-role>

I found out description of security rules by annotation -

Security Annotations and Authorization in GlassFish and the Java EE 5 SDK

But is this is enough ?

Than you!

A: 

Annotation and sun-ejb.xml is enough, but using Basic Authentication is a not a best way.

kislo_metal  2010-05-06 14:28:24
What is wrong with using basic?
Justin  2010-05-17 11:45:58
maybe because it is not secure enough.. I desisted to use hands made authentication.
kislo_metal  2010-05-17 13:37:02

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security