• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Bear Bibeault
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • salvin francis
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Frits Walraven
Bartenders:
  • Jj Roberts
  • Carey Brown
  • Scott Selikoff

Trust between containers

 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all!

I'm developing a web application with a Glassfish server, where a Servlet uses some EJBs. When reading in the JEE tutorial how the Servlet caller's authenticated identity propagates to the EJB container, you see things like:

There is no way for the target container to authenticate the propagated security identity [...] the target must trust that the calling container has propagated an authenticated security identity. By default, the GlassFish Server is configured to trust identities that are propagated from different containers. Therefore, you do not need to take any special steps to set up a trust relationship.

I feel fine with this in my case, given that the servlet will propagate the identity of the caller to the EJB and so I don't have to do anything special for securing the EJB methods, only specify the roles allowed and that's all, but I wonder what happens when containers are different, for example 2 Glassfish servers on different physical servers, in particular:

- "The GF Server is configured to trust identities that are propagated from different containers" ??? How is it? Isn't it a security hole? Does it mean if a container receives a call to an EJB method with a Principal "John" and role "Admin" from any container it'll trust it??

- How do you configure GF Server to trust/don't trust another container(s)?

 
This tiny ad will self destruct in five seconds.
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic