JBossAS7: Secure my Web App : How Do I?

    This is an article for people seeking ways by which they can secure their Java EE Web Apps.   I am assuming that your web app contains servlets, jsps, html etc.  If you have a Seam based app, then Seam Security is what you should look for.

    Bare Minimum Security

    This is when you just want to secure your web app in the most minimalistic way.  Something like the default jmx-console that you want to ship with JBoss AS7.

     

    Step 1:  Add a security-constraint to your web.xml

    Step 2: Add a security-domain to your jboss-web.xml

    Step 3: Configure a security domain in standalone.xml

    Step 4:  Have users.properties and roles.properties files in WEB-INF/classes directory of your web application

     

    That is it.  How do you achieve these steps?  Look in the references below.

    References

    1. http://java.dzone.com/articles/understanding-web-security
    2. http://community.jboss.org/wiki/JBossAS7SecurityDomainModel