Just a quick question because I have done some search in the past and did not get anything relevant.
I'm thinking about the possibility of restricting the JBoss AS deployment (WAR/EAR/SAR) at the production servers. Basically, it sounds good to have JBoss verify the authenticity of WARs dropped in the auto-deploy directory prior to deploying anything inside. Otherwise, it is not deployed at all and I expect no code inside will be executed at all.
On first strike I thought of JSE SecurityManager, and I know JBoss As can be configured to run with a SecurityManager (I have read some of the Wiki entries related to this).
However, I'm not too much interested in exercising too much control in specific permissions for operations in the webapp. That is too dynamic in nature to control it properly. Therefore, what I would like to is simply have JBoss verify that a WAR is signed by a trusted signer whose certificate is stored in the JBoss keystore, and permit everything inside the WAR provided it passes this test.
First off, do you agree this is a good idea and helps raise security? And Is this possible, and if so how do I accomplish this?
One counter- case I can think of, is that provided an intruder has access to shell, then they can stop JBoss AS or basically modify anything, including disabling security manager. Then nothing practical will stop them.
Another question, is there a way to deploy a WAR/EAR/SAR etc. programmatically? I heard that auto-deploy is quite resource intensive and I would like to see if I can disable it altogether. I already have installed a distributed file synchronization mechanism to broadcast file changes periodically over a network of servers, so I can deploy updated WARs likewise onto the local filesystem of individual servers. The remaining is have JBoss verify the WAR and deploy it.
Thanks for any insights in advance.