2 Replies Latest reply on Apr 14, 2004 2:08 PM by Adrian Brock

    How to disable all web access features and use JBOSS primari

    r_rangana Newbie

      Hi there,

      We would like to disable all web access to JBOSS due some security reasons. I am not sure how to go about this. Please let me know the proper way of doing this.

      We are using JBOSS 3.2.3 on Solaris 8, with multiple instances running. We have multiple Swing clients that connect to EJB engine on the JBOSS server. The idea is to use only very limited J2EE services such as EJB, JNDI, JMX, SNMP, JMS and completely disable WEB access.

      I have tried the following steps, it seems to be working but would like to make sure that I didn't miss anything.

      1) Removed the jbossweb-tomcat41.sar directory from <SERVER_NAME>/deploy directory

      2) Removed the jbossweb-tomcat.sar elements from the server-bindings file.
      ----------------------- removed ----------
      name="jboss.web:service=WebServer"
      delegateClass="org.jboss.services.binding.XSLTConfigDelegate"

      .........
      ----------------------------removed --------------

      3) I'm not sure whether I should remove the "jboss:service=WebService mbean also. Because the EJBDeployer is dependent on the WebService There is an optional-attribute-name specified under service=EJBDeployer
      It is mentioned as optional, I don't know what would be the behavior of EJB if I remove the "WebService" dependency.

      My swing client talks to EJB classes and works ok atleast for now. I would appreciate your answers and clarifications.

      thanks,
      Ramesh