This is a very interesting and important difference between the Default settings of oracle and mysql isolation levels.
Default Isolation Level for Oracle = READ COMMITED
Defautl for MySQL = REPEATABLE READ
Wednesday, April 30, 2008
J2EE Container Security in Applications
Introduction
Using J2EE Container security is the first step towards designing a secure and portable J2EE application.
The integration of Container security with an application is easy but requires some amount of knowledge and research. The main reason for this is various J2EE application server providers gives us only a limited amount of login modules by default.
For example an Active Directory authentication is a standard requirement but not all J2EE Server vendors provide this.But many major vendors provide this login module . The bottomline is we may be required to write our own login modules for many standard services. Writing our own login module is not difficult .Writing a custom login module will not be covered in this post.This post is about integrating a DB login module to an application deployed in JBoss Server.
In this post i am only giving the steps without eloborating on each of the steps.
5 Steps
Using J2EE Container security is the first step towards designing a secure and portable J2EE application.
The integration of Container security with an application is easy but requires some amount of knowledge and research. The main reason for this is various J2EE application server providers gives us only a limited amount of login modules by default.
For example an Active Directory authentication is a standard requirement but not all J2EE Server vendors provide this.But many major vendors provide this login module . The bottomline is we may be required to write our own login modules for many standard services. Writing our own login module is not difficult .Writing a custom login module will not be covered in this post.This post is about integrating a DB login module to an application deployed in JBoss Server.
In this post i am only giving the steps without eloborating on each of the steps.
5 Steps
- Identify the EJB that you want to secure.
- Add the annotation @Securitydomain and give the name of the domain which will provide the security.
- Add @RolesAllowed annotation and define which roles can access the EJB methods
- In the jboss login-config xml add a security domain entry
- Configure the DatabaseServerLoginModule as the liogin module. This will allow us to use authenticate and authorise the user and roles from a database. This module is provided by JBoss , so only thing left is to tell this module the tables to be used.
Subscribe to:
Posts (Atom)
Posts
