Last week, we had the author of TDD for a Shopping Website LiveProject. Friday at 11am Ranch time, Steven Solomon will be hosting a live TDD session just for us. See for the agenda and registration link
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

Questions related ro Security ??

 
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Please advice me I am in right direction or not?. Please see the following security options.

Web Clients: Using SSL, form based authentication and container provided method level authorizarion at EJB layer.

Swing clients: Using LDAP for authentication and container provided method level authorizarion at EJB layer.

I assumed userId and Password are stored in LDAP. Do you see any loop holes in my security design ?. Do I miss something here ?? Please advice.

Appreciate your help and inputs.

Thanks
Srinivas
 
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am using the same method for security. I have a login module in the swing client and am using LDAP to authenticate the agent. The swing app then passes the subject when it calls the EJB's.

Any thoughts on this...

Regards,
James.
 
Ranch Hand
Posts: 164
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why are you using LDAP? Why don't you use some EJB to validate the user and than create the subject?


I would only use LDAP if the company already had all employees data stored using LDAP and my assignment doesn't mention anything about this.


Could you explain why you have choosen this approach?
 
James Turner
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
LDAP usage is a good practice as it provides a single place where employees of a company store their credentials, it allows any app developed in the company to access the same information, it provides a form of re-use.

Using other methods can also provide a form of re-use, but LDAP is a more standard way of doing it.
 
Samuel Pessorrusso
Ranch Hand
Posts: 164
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I Agree with you, but why complicate? I think it is not nice to use different loggin approaches for web/swing.
 
No holds barred. And no bars holed. Except this tiny ad:
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic