The other option is to protect Tuscany services using a framework like oAuth 2.0. Tuscany allows you to expose services to HTTP, such as json-rpc or REST to become web apis. Adding a security layer in front of the web apis should help.
Thanks, Raymond On Aug 9, 2012, at 8:32 PM, Luciano Resende wrote: > > > On Thu, Aug 9, 2012 at 8:19 PM, binhnt22 <[email protected]> wrote: > Thank you very much, Lresende > > > > One more question about security, if you don’t mind. > > > > As I said before, the legacy systems communicate through a central database > with encrypted hibernate.cfg.xml and a good network policy. > > > > But pairing with Tuscany, most of the communication points will be exposed > through web service (intranet). And I think that’s a problem. > > > > Can you share some knowledge? How those systems talk to each other in a > well-defense environment? Prevent anyone without the authorization from > accessing those web services. > > > > Best regards > > Binh, Nguyen Thanh > > Cell phone: (+84)982260622 > > > > > > > It seems that what you want is to provide some control on who can access the > Tuscany services. You could handled that in few different ways, simply > configuring authorization in the web application server for the service > endpoint or more towards a SCA solution, you could create a Security Policy > which would be attached to your services and prevent access of unauthorized > users but that would require you to do some development on the infrastructure > side. > > -- > Luciano Resende > http://people.apache.org/~lresende > http://twitter.com/lresende1975 > http://lresende.blogspot.com/
