Hi,

Is there any way to secure JNDI? I have been doing research on google, but couldn't find a way to secure JNDI. Basically, anyone can connect to JNDI via port 1099 and access to DataSource, JMS Queue, etc...

I am porting the application from Weblogic to JBoss. Weblogic can use "java.naming.security.principal" and "java.naming.security.credentials" to do a simple authentication to access JNDI, but I couldn't find a way to do in JBoss to make the authentication mandatory. Btw, there are clients from outside need to connect to JNDI to access EJB, so I cannot block port 1099 also.

Any suggestion on this matter? Thanks!

Cheers,
Deep Blue