After 3 weeks with jBoss, I think you could spend months before evaluating jBoss. It's not a bad product, but not finished. > -----Message d'origine----- > De: Adam Lipscombe [SMTP:[EMAIL PROTECTED]] > Date: vendredi 1 juin 2001 11:45 > À: [EMAIL PROTECTED] > Objet: [JBoss-user] Security in JBoss Howto? > > Folks, > > > A couple of people and myself are evaluating JBoss as a production quality > app server. > We are new to J2EE, so apologies if these questions have obvious answers > :-) > > The initial proposed intended architecture is: > Client -- (SOAP) -- Servlet -- (RMI) -- EJB (SQLJ/JDBC) -- Oracle > > I have got a basic round-trip working successfully, and happy so far. > > > However, the other team members are concentrating on the security aspects, > and are frustrated that that they cannot find a definitive "howto" on > security issues. > > A couple of their questions are: > > How do we ensure only authorised clients can access out SOAP servlet? > (Apache SOAP 2.2) > > How do we ensure that no-one can call our EJB's directly via RMI? > (I know a firewall helps here, but is there a built-in mechanism?) > > > They are getting to the point where they feel that they could spend > another > couple of weeks/months experimenting with Jboss security and not achieve > definitive answers on how it should be done. They are recommending looking > at WebLogic and WebSphere, mainly because (presumably) they come with a > manual that covers these issues. > > > So, my questions are: > > Is there a HOWTO for security? > What options are available for authenticating clients from a SOAP servlet? > How does one prevent access to EJB's via RMI? > > > > Any help gratefully received... > > > Adam Lipscombe > > > > > > _______________________________________________ > JBoss-user mailing list > [EMAIL PROTECTED] > http://lists.sourceforge.net/lists/listinfo/jboss-user _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user