This content has been marked as final.
Show 2 replies
-
1. Re: Disabling or Securing the Tomcat Status page in the JMX-
peterj Aug 10, 2006 9:26 PM (in response to scottlance)You could edit the file server/xxx/deploy/jbossweb-tomcat55.sar/ROOT.war/index.html to remove the link. But someone could still access servlet if they know the URL. Another possibility is to edit the server/xxx/deploy/jbossweb-tomcat55.sar/ROOT.war/WEB-INF/web.xml file and remove the servlet and servlet-mapping entries.
The other possibility is to secure the /status context by adding a security-constraint entry to the above web.xml file. -
2. Re: Disabling or Securing the Tomcat Status page in the JMX-
pilhuhn Aug 11, 2006 4:01 AM (in response to scottlance)Just completely throw out ROOT.war.
Btw.: the web-console will - if not secured - also show you at least all mbeans with all attributes. This is hidden in the management/ folder.