You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Romain Manni-Bucau (JIRA)" <ji...@apache.org> on 2016/11/22 18:04:58 UTC

[jira] [Issue Comment Deleted] (TOMEE-1974) Allow TomEE ejbd HTTP Servlet to be protected by basic auth

     [ https://issues.apache.org/jira/browse/TOMEE-1974?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Romain Manni-Bucau updated TOMEE-1974:
--------------------------------------
    Comment: was deleted

(was: well https://issues.apache.org/jira/browse/TOMEE-1975 solves it so this is no more a concern and you still need a way to handle what we do today ie oauth2 and token based servers.)

> Allow TomEE ejbd HTTP Servlet to be protected by basic auth
> -----------------------------------------------------------
>
>                 Key: TOMEE-1974
>                 URL: https://issues.apache.org/jira/browse/TOMEE-1974
>             Project: TomEE
>          Issue Type: New Feature
>          Components: TomEE Core Server
>    Affects Versions: 1.7.5
>            Reporter: Jonathan S Fisher
>            Priority: Minor
>
> TomEE offers ejbd over http. This is great for a number of reasons, but it could go further by protecting the endpoint with http basic auth. This would harden the server, and it would have prevented the bug involving deserialization unknown classes, because authentication would have to happen before the underlying protocol was deserialized.
> Pull request here: https://github.com/apache/tomee/pull/52



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)