1 Reply Latest reply on May 12, 2010 11:07 AM by Daniel Lechner

    How to secure an EJB application

    Daniel Lechner Novice


      I'm trying to find a solution on how to secure an EJB application. The EAR containing the application is deployed on a JBoss AS 4.2.2.GA.
      For the webapplication we're using Seam 2.1.2.

      The Seam security framework seems to work fine for the webapplication. Even instance-based security should be possible without huge effort. But when restricting access to EJBs using the Seam approach, clients accessing the EJBs via the remote interface do not have to authenticate themselves and have full access regardless of Seam restrictions.
      Using JBossSX as security framework, access from external clients can be limited. But then, we cannot benefit from the features of the Seam Framework, like the easy handling inside the webapplication.

      Are there any recommendations on how to secure this kind of applications? Does anyone of you use other frameworks like Apache Shiro?

      Many Thanks!