Reputation: 15456
Securing JBoss admin console
Anyone know of any good documentation on securing a JBoss installation? What I'm mainly looking at is disabling the admin console to only localhost or (even better) requiring authentication to access it.
Upvotes: 2
Views: 4761
Answers (3)
Reputation: 15456
It looks like this is in the community wiki, not that I found it the first time I searched:
http://www.jboss.org/community/wiki/SecureTheJmxConsole
Upvotes: 0
Reputation: 3486
Also, JBOSS has been evaluated under common criteria (EAL2+ I believe). This evaluation produces documentation regarding hardening. If you're really interested, Red Hat may provide you with that hardening guide if you ask them. (In Common Criteria terms, it would be called the 'Evaluated Configuration Guide')
Upvotes: 1
Reputation: 4305
This book has everything you need and it's very practical. Now it covers JBoss 4 if I remember right: http://www.amazon.com/JBoss-Developers-Notebook/dp/0596100078/ref=sr_1_1?ie=UTF8&qid=1250081509&sr=8-1
Upvotes: 0
Related Questions
- EJBInvokerServlet / JMXInvokerServlet
- Change Administration Console Password in Jboss
- How to disable access to jboss admin console in Jboss-eap-5.1
- how to enable admin console in jboss
- I would make jBoss 5.1 to show the admin console
- Admin Console and Jboss Web Services Console
- Login to Jboss 7.1.1 Final admin console with Java
- JAAS web-security on jboss 5
- JBoss security issue
- Security in Java EE Application with JBoss