A subscriber to the “better, faster, ligher” java development approach places his business logic in the webcontainer. It’s different but a much lighter way approach than the traditional 3-tier EJB container approach. The most obvious flaw in this approach is that if you place that web container out into the internet it could fall victim to unscrupulous attacks. This can have devastating effect if the attackers gain access to your business logic.
Therefore it’s best practice never to put your webcontainer into the internet wild. The correct strategy is to place a reverse proxy server that servers as a restricted conduit to your web container. By my own luck, I stumbled upon this article “Reverse Proxy Patterns“. Finally, someone has put into words patterns that are so prevalent in web development practice.
The question I’ve got for everyone is this: “What guidelines are there for developing reverse proxy friendly web apps in Java?” If you don’t know the answer up front to this question then you could possibly be rewriting your code come deployment time!