tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Romain Manni-Bucau (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TOMEE-1974) Allow TomEE ejbd HTTP Servlet to be protected by basic auth
Date Tue, 22 Nov 2016 18:10:58 GMT

    [ https://issues.apache.org/jira/browse/TOMEE-1974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15687455#comment-15687455
] 

Romain Manni-Bucau commented on TOMEE-1974:
-------------------------------------------

if unclear: oauth is already supported and that is one of the reason i would like to keep
current code (+ backward compat)

> Allow TomEE ejbd HTTP Servlet to be protected by basic auth
> -----------------------------------------------------------
>
>                 Key: TOMEE-1974
>                 URL: https://issues.apache.org/jira/browse/TOMEE-1974
>             Project: TomEE
>          Issue Type: New Feature
>          Components: TomEE Core Server
>    Affects Versions: 1.7.5
>            Reporter: Jonathan S Fisher
>            Priority: Minor
>
> TomEE offers ejbd over http. This is great for a number of reasons, but it could go further
by protecting the endpoint with http basic auth. This would harden the server, and it would
have prevented the bug involving deserialization unknown classes, because authentication would
have to happen before the underlying protocol was deserialized.
> Pull request here: https://github.com/apache/tomee/pull/52



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message