How to disable all web access features and use JBOSS primari

r_rangana Apr 13, 2004 2:41 PM

Hi there,

We would like to disable all web access to JBOSS due some security reasons. I am not sure how to go about this. Please let me know the proper way of doing this.

We are using JBOSS 3.2.3 on Solaris 8, with multiple instances running. We have multiple Swing clients that connect to EJB engine on the JBOSS server. The idea is to use only very limited J2EE services such as EJB, JNDI, JMX, SNMP, JMS and completely disable WEB access.

I have tried the following steps, it seems to be working but would like to make sure that I didn't miss anything.

1) Removed the jbossweb-tomcat41.sar directory from <SERVER_NAME>/deploy directory

2) Removed the jbossweb-tomcat.sar elements from the server-bindings file.
----------------------- removed ----------
name="jboss.web:service=WebServer"
delegateClass="org.jboss.services.binding.XSLTConfigDelegate"

.........
----------------------------removed --------------

3) I'm not sure whether I should remove the "jboss:service=WebService mbean also. Because the EJBDeployer is dependent on the WebService There is an optional-attribute-name specified under service=EJBDeployer
It is mentioned as optional, I don't know what would be the behavior of EJB if I remove the "WebService" dependency.

My swing client talks to EJB classes and works ok atleast for now. I would appreciate your answers and clarifications.

thanks,
Ramesh

1. How to disable all web access features and just use as EJBse

r_rangana Apr 14, 2004 11:31 AM (in response to r_rangana)

One more step, I had to remove the following directory deploy/http-invoker.sar as well.
Actions
2. Re: How to disable all web access features and use JBOSS pri

adrian.brock Apr 14, 2004 2:08 PM (in response to r_rangana)

Why not just change the references to jboss.bind.address to be 127.0.0.1
in jbossweb-tomcatXXX.sar/server.xml meaning it is only available locally?

Regards,
Adrian
Actions

Go to original post