I want my security in such a way that my ejbs will always be accessed from web client not from java class I am using websphere 4.0 server.
It is urgent.
If you've your application server ports open, that is already a security hole. What else do you want me to consider?
did not get u pl. explain in detail.