I am running jboss2.4.4-Tomcat4.01 integrated. I am deploying an ear with the jsp/servlets/html inbedded within the ear. My question is I want to secure my static data at the jboss server level not at the deployed application level. So a user cannot browse the file system to view the html code. Is this possible? I do not want apache to service the html.