• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Trust between containers

 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all!

I'm developing a web application with a Glassfish server, where a Servlet uses some EJBs. When reading in the JEE tutorial how the Servlet caller's authenticated identity propagates to the EJB container, you see things like:

There is no way for the target container to authenticate the propagated security identity [...] the target must trust that the calling container has propagated an authenticated security identity. By default, the GlassFish Server is configured to trust identities that are propagated from different containers. Therefore, you do not need to take any special steps to set up a trust relationship.

I feel fine with this in my case, given that the servlet will propagate the identity of the caller to the EJB and so I don't have to do anything special for securing the EJB methods, only specify the roles allowed and that's all, but I wonder what happens when containers are different, for example 2 Glassfish servers on different physical servers, in particular:

- "The GF Server is configured to trust identities that are propagated from different containers" ??? How is it? Isn't it a security hole? Does it mean if a container receives a call to an EJB method with a Principal "John" and role "Admin" from any container it'll trust it??

- How do you configure GF Server to trust/don't trust another container(s)?

reply
    Bookmark Topic Watch Topic
  • New Topic