You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Daniel Dias (Jira)" <ji...@apache.org> on 2020/06/24 20:36:00 UTC

[jira] [Resolved] (TOMEE-1974) Allow TomEE ejbd HTTP Servlet to be protected by basic auth

     [ https://issues.apache.org/jira/browse/TOMEE-1974?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Dias resolved TOMEE-1974.
--------------------------------
    Resolution: Fixed

merged.

> Allow TomEE ejbd HTTP Servlet to be protected by basic auth
> -----------------------------------------------------------
>
>                 Key: TOMEE-1974
>                 URL: https://issues.apache.org/jira/browse/TOMEE-1974
>             Project: TomEE
>          Issue Type: New Feature
>          Components: TomEE Core Server
>    Affects Versions: 1.7.5
>            Reporter: Jonathan S Fisher
>            Priority: Minor
>
> TomEE offers ejbd over http. This is great for a number of reasons, but it could go further by protecting the endpoint with http basic auth. This would harden the server, and it would have prevented the bug involving deserialization unknown classes, because authentication would have to happen before the underlying protocol was deserialized.
> Pull request here: https://github.com/apache/tomee/pull/52



--
This message was sent by Atlassian Jira
(v8.3.4#803005)