Hi, I have developed an EJB 3.1 bean that I exposed as a service and as an alternative with a servlet. I have to secure this EJB/Service behind a firewall and clients will be able to consume it via SSL(Port 443). I need advice and a best practice example of doing this either using JBoss(Open Source) or Glassfish(Open Source). I don't know if I must secure the application server and the EJB Service or just the Service etc.
I have to take into account speed, must I use 1 or 2 application servers and rather use a servlet with the bean or use JAX-WS or JAX-RS. The service/servlet will be consumed by mobile clients.
The service is a simple prototype and is working, I just need help/advice with the security.