Anyone know of any good documentation on securing a JBoss installation? What I'm mainly looking at is disabling the admin console to only localhost or (even better) requiring authentication to access it.
A:
This book has everything you need and it's very practical. Now it covers JBoss 4 if I remember right: http://www.amazon.com/JBoss-Developers-Notebook/dp/0596100078/ref=sr_1_1?ie=UTF8&qid=1250081509&sr=8-1
Sebastien
2009-08-12 12:53:42
+1
A:
Also, JBOSS has been evaluated under common criteria (EAL2+ I believe). This evaluation produces documentation regarding hardening. If you're really interested, Red Hat may provide you with that hardening guide if you ask them. (In Common Criteria terms, it would be called the 'Evaluated Configuration Guide')
Jeremy Powell
2009-08-12 13:28:17
Yup, they have it on their docs site it looks like: http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/
dragonmantank
2009-08-13 02:27:29
A:
It looks like this is in the community wiki, not that I found it the first time I searched:
dragonmantank
2009-08-13 02:28:31