-
1. Re: Please help with ZEN of Jboss for dedicated newbie/stude
starksm64 Dec 18, 2004 10:12 AM (in response to wiley173)Remove the jbossweb-tomcat50.sar/ROOT.war or secure it.
-
2. Re: Please help with ZEN of Jboss for dedicated newbie/stude
wiley173 Dec 19, 2004 5:40 PM (in response to wiley173)I can't remove the .sar because I'm using tomcat. How do I secure it? Where do I begin to find information on securing this..... I've been on google for hours "secure status servlet" "status secure jboss"??? Do I have to secure it myself from scratch? Or is there something already there to help like in the case of the jmx-console and web-console?
How about a clue? -
3. Re: Please help with ZEN of Jboss for dedicated newbie/stude
starksm64 Dec 19, 2004 6:26 PM (in response to wiley173)Wake up and reread my last post and you will see that removal of the sar was not suggested. Removal of the ROOT.war in the jbossweb-tomcat50.sar was.
-
4. Re: Please help with ZEN of Jboss for dedicated newbie/stude
wiley173 Dec 19, 2004 6:53 PM (in response to wiley173)Why don't you wake up and read my last post.
"Where do I begin to find information on securing this..... I've been on google for hours "secure status servlet" "status secure jboss"??? Do I have to secure it myself from scratch? Or is there something already there to help like in the case of the jmx-console and web-console?"
I can't remove the ROOT.war in my situation. I'm so sorry to disturb you oh mighty one -
5. Re: Please help with ZEN of Jboss for dedicated newbie/stude
blackers Dec 19, 2004 8:31 PM (in response to wiley173)Read the sticky post in the security forum on how to use JAAS to secure web applications.
And lose the attitude!! -
6. Re: Please help with ZEN of Jboss for dedicated newbie/stude
wiley173 Dec 19, 2004 9:19 PM (in response to wiley173)Yeah, I read that.
Merry Christmas and thanks so much for the help -
7. securing the tomcat status servlet
wiley173 Dec 20, 2004 4:06 PM (in response to wiley173)Just in case any other newbie wants to know. I commented out tomcat status in the html of the default page and renamed the status servlet in the web.xml of the ROOT.war to something only I know. I couldn't delete the ROOT.war becuase I want to use it and I couldn't secure it because I basically wanted to do things like http://localhost/myjsp.jsp . If that makes sense.
Happy New Year , I feel very Zen now