Secure Wildfly (jmx console)

titmael Nov 28, 2013 3:24 AM

Hi,

when I used JBoss 4.2.2 we had a hacker using our jmx console, I don't know how I didn't configured Jboss then. Today I've to install a Wildfly and I need to get the maximum security that is possible to have : disable anything not needed like jmx console that we don't use.

I read the doc on this part and nothing is explained about doing it, just : it's enabled by default in standalone and disabled in domain. Ok but how do I disable it in standalone ?

Thanks for your help

1. Re: Secure Wildfly (jmx console)

wdfink Nov 28, 2013 4:04 AM (in response to titmael)

WildFly starts with all interfaces bound against localhost.
The management listen on port 9990(http) and 9999(native) these ports can be separate bound to a different interface as other public needed ports like 8080.
Also the management ports are secured with user/passwd by default if you not using the same machine as client.
You will see a hint how to add the credentials if you access localhost:9990 via browser.
Actions
2. Re: Secure Wildfly (jmx console)

ctomc Nov 28, 2013 8:25 AM (in response to titmael)

And on top of what Wolf said, there is no jmx-console in AS7+ anymore.
Only admin console and it is secured.
1 of 1 people found this helpful
Actions

Go to original post