https://doc.sibvisions.com/ 2026-04-21T10:38:16+00:00 https://doc.sibvisions.com/ https://doc.sibvisions.com/lib/tpl/material/images/favicon.ico text/html 2020-06-15T11:33:34+00:00 https://doc.sibvisions.com/jvx/server/security/config_encrypt?rev=1592220814&do=diff The configuration of an application is usually separated from the source code and stored in the configuration file config.xml. The file is a standard XML file. If the database access data/credentials are set in clear text, both username and password can be read out. Although this has the advantage that a change of the file is possible at any time, it also has the disadvantage of the data being easily readable. text/html 2020-06-15T11:34:04+00:00 https://doc.sibvisions.com/jvx/server/security/config_password_algorithmn?rev=1592220844&do=diff The DB Security Manager supports password encryption. The password algorithm can be defined in the application configuration. Simply add the passwordalgorithm setting to your existing configration: <application> <securitymanager> ... <passwordalgorithm>SHA</passwordalgorithm> </securitymanager> ... </application> text/html 2024-11-18T10:33:16+00:00 https://doc.sibvisions.com/jvx/server/security/db_jndi?rev=1731925996&do=diff If you use the DBSecurityManager for authentication, or if you use a database in your application, the configuration is in your applications config.xml. The configuration is plain xml, and it's possible to use encryption. It's also possible to read the configuration via JNDI. Another option is to use JNDI to create a database connection. In this case, you should set the JDBC text/html 2020-06-25T10:48:26+00:00 https://doc.sibvisions.com/jvx/server/security/dbsecman?rev=1593082106&do=diff User authentication is a common requirement for business applications. Although it is a fairly simple task, implementation is often anything but easy. The more an application has to be integrated into an existing infrastructure, the more complex the implementation can be, e.g., single sign on. text/html 2024-11-18T10:41:38+00:00 https://doc.sibvisions.com/jvx/server/security/manager?rev=1731926498&do=diff The security manager is used when the client or a user has to be authenticated. In this case, the login data will be transmitted by the client to the server for verification. The server will always delegate the verification of login data to a defined security manager. text/html 2026-02-28T00:54:02+00:00 https://doc.sibvisions.com/jvx/server/security/mfa?rev=1772240042&do=diff A modern authentication system offers more than one check for user verification. A simple mechanism is username/password check. But the problem is often that it's not secure enough because if someone knows your username/password combination, doors are open. So an additional check is necessary to get better security. There are different techniques like: text/html 2020-06-25T10:52:55+00:00 https://doc.sibvisions.com/jvx/server/security/object_method_access?rev=1593082375&do=diff If you use a SecurityManager, you can restrict the access to life cycle objects. But sometimes you need restrictions for custom objects or methods of a life cycle object. We are not big fans of “configuration til death” because config files are nothing more than config files. Nobody should fill config files with application logic. Keep your logic in your source code. text/html 2020-06-25T10:54:26+00:00 https://doc.sibvisions.com/jvx/server/security/password_policy?rev=1593082466&do=diff Applications, especially web applications, require secure passwords. However, users tend to select passwords that are easy to remember. Therefore, the responsibility for choosing a secure password cannot be left to the user. The application has to provide certain policies. text/html 2020-06-15T11:14:03+00:00 https://doc.sibvisions.com/jvx/server/security/rest_cors?rev=1592219643&do=diff Details about CORS. JVx' REST services support CORS since RESTlet update to 2.3.2. This version has the class CorsFilter which handles CORS automatically. CORS support is disabled by default. If you want to call your REST service from “another domain”, simply enable CORS via web.xml: text/html 2022-11-18T09:10:44+00:00 https://doc.sibvisions.com/jvx/server/security/rest_services_disable?rev=1668762644&do=diff JVx REST services offer access to application functionality out of the box. It also contains some administrative services that are not included in your application. If you won't use these services, or won't use specific services, it's possible disable all or specific services. text/html 2020-06-25T10:47:07+00:00 https://doc.sibvisions.com/jvx/server/security/server_jndi?rev=1593082027&do=diff The server for JVx clients is instantiated either at the current JVM or at the application server (e.g., Tomcat, JBoss). In the current VM, the call Server server = new Server(); is sufficient to create a server instance. However, this creates that risk that multiple server instances are created (which may well be desirable). The following method is available to treat the server as a singleton: text/html 2020-06-26T12:57:37+00:00 https://doc.sibvisions.com/jvx/server/security/sessman_objprovider?rev=1593176257&do=diff The standard JVx server implementation uses the classes DefaultObjectProvider and DefaultSessionManager for the object and session administration. To change the default settings, the server configuration can be modified via config.xml. User-defined classes can be integrated using the following: text/html 2020-06-25T10:49:52+00:00 https://doc.sibvisions.com/jvx/server/security/xmlsecman?rev=1593082192&do=diff If you're using a DBSecurityManager, you know that it authenticates users against a database. In some cases, you don't have a database, and you must authenticate with a XML file or a third-party product. If you want to authenticate with an XML file, it's quite simple because JVx has a standard implementation for this case. It's very easy to configure a XmlSecurityManager: