[jboss-user] [EJB 3.0] - Re: Limit IP access to a session beans (EAR)
I don't know J2EE deep enough to be sure... but I don't think you can, I'm affraid. Web applications have concepts like HttpRequest with which you can get things like IP addresses... but AFAIK there is no such concept in EJB. Anyway, I think the point in J2EE applications is to grant or deny access through the concepts of authentication, authoritation, users, roles... I don't know of a specific security mechanism in which IP addresses is in mind... View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=4240287#4240287 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=4240287 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [EJB 3.0] - Re: Limit IP access to a session beans (EAR)
Well, JEE does not specify this, I was thinking something JBoss specific. Like Tomcat has http://www.jboss.org/community/wiki/LimitAccessToCertainClients View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=4240290#4240290 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=4240290 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [EJB 3.0] - Re: Limit IP access to a session beans (EAR)
I see... I'm sorry I can't help you further. I don't know much abuout JBoss specific configuration. However, I'll keep an eye on this thread as your question is very interesting :-) Good luck, xmedeko!! View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=4240295#4240295 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=4240295 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [EJB 3.0] - Re: Limit IP access to a session beans (EAR)
Hi, I think XACML could help (I don't know it, just stumbled across this article): http://server.dzone.com/articles/security-features-jboss-510-1 Best regards Wolfgang View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=4240296#4240296 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=4240296 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [EJB 3.0] - Re: Limit IP access to a session beans (EAR)
An AOP interceptor can access the client address: https://jira.jboss.org/jira/browse/JBREM-758. It's not yet available through an EJB API yet: https://jira.jboss.org/jira/browse/EJBTHREE-902. So you can write an AOP interceptor, put it into ejb3-interceptors-aop.xml and push the client address somewhere where you can pick it up in the bean. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=4240347#4240347 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=4240347 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [EJB 3.0] - Re: Limit IP access to a session beans (EAR)
Well, the client address is accessible from thread name :-). So, I can write the Around Invoke Interceptor Method to check this IP. I was just asking if there is some nice JBoss solution for this. You know, some config with IP addresses like 10.1.1.128/20 :-) BTW. about accessing IP from session beans: I think BEA or Oracle AS put client IP somewhere into the session context. Or I was thinking that some ThreadLocal variable could do the trick. But it is solution for the JEE session beans, that would not work for the JBoss service bean, I guess. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=4240350#4240350 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=4240350 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
