I want to block the user's access to root url i.e http://localhost:8080 .
Can I do it and how?
Yes, two possible options:
1) Remove the war directory that house the root application (4.0.5: server/default/deploy/jbossweb-tomcat55.sar/ROOT.war, 4.2: server/default/deploy/jboss-web.deployer/ROOT.war)
2) Secure the root application. Steps are similar to securing the consoles: http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole