• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Questions related ro Security ??

 
Mudunuri Raju
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Please advice me I am in right direction or not?. Please see the following security options.

Web Clients: Using SSL, form based authentication and container provided method level authorizarion at EJB layer.

Swing clients: Using LDAP for authentication and container provided method level authorizarion at EJB layer.

I assumed userId and Password are stored in LDAP. Do you see any loop holes in my security design ?. Do I miss something here ?? Please advice.

Appreciate your help and inputs.

Thanks
Srinivas
 
James Turner
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using the same method for security. I have a login module in the swing client and am using LDAP to authenticate the agent. The swing app then passes the subject when it calls the EJB's.

Any thoughts on this...

Regards,
James.
 
Samuel Pessorrusso
Ranch Hand
Posts: 164
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why are you using LDAP? Why don't you use some EJB to validate the user and than create the subject?


I would only use LDAP if the company already had all employees data stored using LDAP and my assignment doesn't mention anything about this.


Could you explain why you have choosen this approach?
 
James Turner
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
LDAP usage is a good practice as it provides a single place where employees of a company store their credentials, it allows any app developed in the company to access the same information, it provides a form of re-use.

Using other methods can also provide a form of re-use, but LDAP is a more standard way of doing it.
 
Samuel Pessorrusso
Ranch Hand
Posts: 164
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I Agree with you, but why complicate? I think it is not nice to use different loggin approaches for web/swing.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic