324
Security for Web Service Interactions
...
Code Example 7.12
Enterprise Bean Unchecked
method permission
In addition to defining authorization policy in the
method permission
ele
ments, you may also add method specifications to the
exclude list
. Doing so
denies access to these methods independent of caller identity and whether the
methods are the subject of a
method permission
element. Code Example 7.13
demonstrates the use of the
exclude list
.
SpecialOrder
*
...
Code Example 7.13
Enterprise Bean Excluded
method permission
7.3.5 JAX RPC Security Guidelines
In addition to the guidelines noted previously, the following general guidelines sum
up the JAX RPC authentication and authorization considerations.
E
Apply the same access control rules to all access paths of a component. In ad
dition, partition an application as necessary to enforce this guideline, unless
there is some specific need to architect an application in a different fashion.
When designing the access control rules for protected resources, take care to
ensure that the authorization policy is consistently enforced across all the paths
by which the resource may be accessed. Be particularly careful that a less
protected access method does not undermine the policy enforced by a more rig
orously protected method.
E
Declarative security is preferable to programmatic security. Try to use declar
ative access control mechanisms since these mechanisms keep the business
footer
Our web partners:
Inexpensive
Web Hosting
Java Web Hosting
personal webspace
webspace php
linux webhost
html web templates
DreamweaverQuality Web Templates
PSD Web Templates
cheap webhost
j2ee web Hosting
buy webspace
ftp webspace
adult webspace
frontpage WebHosting
webspace hosting
cheap webhost
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved
aol web hosting