authenticationjbossjboss-portal

Secure authentication in jboss portal


I am developing a Portal application and using jboss portal for this purpose. My current application authenticates the user from jboss DB, using the j_security_check servlet with username and password as POST parameters.

Now, if I use firebug or any HTTP monitor, then I can see the username and password, which is a security issue.

What is the better and secure way of authentication in jboss?


Solution

  • Securing web applications is a vast subject. It entirely depends on your needs.

    From your post, what you want (to start with) is a secure communication. You can use SSL with JBoss to ensure a secure channel. I recommend you to take a look at the JBoss security documentation. I am sure you will have more concrete doubts / concerns when you start working with it - then we will try to help :)

    I found a very good source of JBoss information JBoss in Action. It refers to JBoss 5 so many areas might be outdated, but other would still apply. I am using JBoss 6 and has been of great help.