Java Answers

Question Asked By: Hayrah Burki on Oct 30 In Java Category.

Web Applications Security and Enterprise Java

Question Answered By: Isabelle Brown on Oct 30

This is correct, I only talk from RI point of view. I don't know the specifics about vendor implementations. As you mentioning, the concept of EJB security and method privilages is separate from web App security. As we had one posting, you can "usually" have it within deployment descriptor (application assembly), but for Web App security it goes far beyond that, and it is with in administrators reponsibilities.

I might have been confused by the original question as "if implementation of AA is enough for end-to-end secure application" or "was it sepecific to AA (authentication and authorization)".

My understanding was that Mahan is asking if AA is enough for secure web app which the answer is NO. But specific patterns to implement AA in JBOSS I take your word for it.

Also the sentence "Do not mix up EJB Security
with Web application Security" was my own :) you can't find it in the book.

This Question has 7 more answer(s). View Complete Question Thread

Didn't find what you were looking for? Find more on Web Applications Security and Enterprise Java Or get search suggestion and latest updates.

RSS Feeds:	Articles \| Forum \| New Users \| Activities \| Interview FAQ \| Poll \| Hotlinks
Social Networking:	Hall of Fame \| Facebook \| Twitter \| LinkedIn
Terms:	Terms of Use \| Privacy Policy \| Contact us