Hey Shane, I have one more question regarding the security layer you are currently building:
As far as i can see you are concentrating on the backend part (calls on Beanmethods). What are your plans regarding frontend security (access to web pages / URLs)? I would like to see the possibility to enforce HTTP or HTTPS access to certain URLs (the security hole arising by changing from HTTPS to HTTP could be prevented by creating a 2nd session identifier cookie that is _only_ transmitted by HTTPS requests - and verified that it isn't transfered by HTTP requests). Further i would like to see some certificate authentication - i.e. access to example.com/admin is allowed only to people having a certain certificate (all employees) and the rest of the world gets a 404 not found. So how are your plans regarding such matters? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3986177#3986177 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3986177 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user