I'm trying to lock down our 2.4 portal server by removing all unneeded JBoss services and interfaces (RMI invokers, JMS stuff, tomcat AJP listeners, etc). Has anyone done this before? Is it documented anywhere what the minimal set of services JBP needs? If not, can someone identify which (if any) of the following standard JBoss services are needed by JBP?
RMI/JRMP/HTTP invokers (port 4444)
WebService access for remote classloading (8083)
remote JNDI access (1098,1099)
Does clustering have any additional service requirements?