Could anyone share any idea about how to secure FBN? We have 2 approaches here: the web application used by customers and the swing application used by travel agents. The specification says that all interactions must be under SSL. Do I have to define a "user-login" component? I planned to adopt declarative security, where the container takes care of everything. But how can I do this in the travel agent app? Would JAAS be the best choice? I also read about a kind of authorization filter, performed by a servlet.
Please, let me know your thoughts.
<i>SCJP 1.2, SCWCD, IBM 141, IBM 483, SCJP 1.4, IBM 484, IBM 287, SCBCD, SCEA, SCJP 5.0, SCJP 6.0, SCWCD 5</i>