Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Part 2 : Security between Web Server and Application Server

 
Benoît de Chateauvieux
Ranch Hand
Posts: 183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I'm working on my Part 2 assignment and I choose a distributed architecture.
I have a Web Server located in a DMZ and an Application Server located in the company's intranet.

I have the following questions:
1/ Do I need to secure the RMI communications between the Web Server and the Application Server ? or can I assume that the firewall will do the job ?
2/ Do I need to establish a "trust domain" between my two servers ? How can I do it ?
3/ Do I need to secure my EJB ? Do I need to login in the application server ?

Thanks a lot for your help.

Benoît
 
J Gupta
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1. Usually in a real world enviornment you do not need to, your webserver is in DMZ and app server is in inner firewall. I believe it is fair to assume that whoever is in your company network is not trying to break in
2. In my opinion declarative J2EE roles based security is practical, since your app server is in inner firewall you do not worry about requests coming from internet directly to your app server
3. Security context can be propagated to you app server from web server
 
vikram kumar
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi Benoît,

Do you plan to mention all the above in your assemptions section or in deployment archicture?

Regards,
Kumar
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic