Hi All,
I am wondering if JBoss can be set up to only deploy
.WAR or .JAR files that are signed with a jarsigner cert?
Or, alternatively, is there an easy place to hook the
deployment phase so that a JAR with an invalid signature
can be rejected.
Basically I'm trying to ensure that the software on a JBoss
server isn't being tampered with, and I thought this might
be an interesting way to approach a solution.
-N