0 Replies Latest reply on Dec 9, 2013 9:58 AM by tiputini

    JNDI remote alter protection using NamingServerGuard in JBoss 6.1.0

    tiputini
    tiputini Dec 9, 2013 9:58 AM

      Hello,

       

      We are using JBoss 6.1.0-final to remotely invoke EJBs. Using both the RMI invocation and also the HTTP invoker setup.

      We use the JNDI service for lookups, but it seems to not only allow remote lookups of beans, but also operations that alter the JNDI.

       

      For the HTTP invoker, it seems to be possible to restrict the remote access to solely lookup actions by using the ReadOnlyAccessFilter in the http invoker. But for the normal JNDI lookups there seems to be no way to do this. In other versions of JBoss i do see a NamingServerGuard that seems to implement exactly my requirement.

       

      Now my question is; does JBoss 6.1.0 have a similar (or replacement) functionality?

       

      Thank you!

       

      Regards,

       

      Maarten

       

      _____

      edit: moved to group JNDI and Naming as that might be more accurate