0 Replies Latest reply on Sep 10, 2007 6:09 AM by Deep Blue Li

    Security Issue of JNDI

    Deep Blue Li Newbie


      Is there any way to secure JNDI? I have been doing research on google, but couldn't find a way to secure JNDI. Basically, anyone can connect to JNDI via port 1099 and access to DataSource, JMS Queue, etc...

      I am porting the application from Weblogic to JBoss. Weblogic can use "java.naming.security.principal" and "java.naming.security.credentials" to do a simple authentication to access JNDI, but I couldn't find a way to do in JBoss to make the authentication mandatory. Btw, there are clients from outside need to connect to JNDI to access EJB, so I cannot block port 1099 also.

      Any suggestion on this matter? Thanks!

      Deep Blue