You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Jonathan S Fisher (JIRA)" <ji...@apache.org> on 2016/11/22 17:38:58 UTC

[jira] [Created] (TOMEE-1974) Allow TomEE ejbd HTTP Servlet to be protected by basic auth

Jonathan S Fisher created TOMEE-1974:
----------------------------------------

             Summary: Allow TomEE ejbd HTTP Servlet to be protected by basic auth
                 Key: TOMEE-1974
                 URL: https://issues.apache.org/jira/browse/TOMEE-1974
             Project: TomEE
          Issue Type: New Feature
          Components: TomEE Core Server
    Affects Versions: 1.7.5
            Reporter: Jonathan S Fisher
            Priority: Minor


TomEE offers ejbd over http. This is great for a number of reasons, but it could go further by protecting the endpoint with http basic auth. This would harden the server, and it would have prevented the bug involving deserialization unknown classes, because authentication would have to happen before the underlying protocol was deserialized.

Pull request here: https://github.com/apache/tomee/pull/52



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)