When moving applications that use Java EE security to the cloud, consider how the application uses the user registry, Trust Association Interceptors (TAI), and JAAS custom login modules, as well as your on-premises security server.
This rule flags the following elements related to Java EE security:
The following Java annotations and method calls indicate use of Java EE security:
javax.servlet.annotation.ServletSecurityjavax.servlet.http.HttpServletRequest.getRemoteUserjavax.servlet.http.HttpServletRequest.getUserPrincipaljavax.servlet.http.HttpServletRequest.isUserInRoleThe following deployment descriptor elements also indicate use of Java EE security in the web container:
<security-constraint> in the WEB-INF/web.xml file.Applications that authenticate users specify a standard authentication method (BASIC, FORM, CLIENT-CERT) on the
<login-config> element and its <auth-method> sub-element in the WEB-INF/web.xml file.
The following Java annotations and method calls indicate use of Java EE security in the EJB container:
javax.annotation.security.RolesAllowedjavax.annotation.security.PermitAlljavax.annotation.security.DenyAlljavax.ejb.EJBContext.getCallerPrincipaljavax.ejb.EJBContext.isCallerInRoleThe following deployment descriptor elements also indicate use of Java EE security:
<method-permission> in the ejb-jar.xml file.This rule is flagged once per Eclipse project or Java archive.
If your application is able to directly access the security provider, no further action is required.
Otherwise, you can use a VPN tunnel, such as the IBM Secure Gateway for IBM Cloud, to create a secure connection to your existing on-premises security provider. For more information about configuring a secure connection, see Configuring a VPN. After configuring your gateway, connect your application to the new destination by using the cloud host and port number that is provided when you created the destination. The following URLs are examples of Lightweight Directory Access Protocol (LDAP) URLs: