File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JBoss/WildFly and the fly likes understand SecureJBoss issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "understand SecureJBoss issue" Watch "understand SecureJBoss issue" New topic

understand SecureJBoss issue

chen young
Ranch Hand

Joined: Sep 09, 2005
Posts: 197
Hi All,

I just start to work with jobs so I am not familiar with all security problems.
After finish the installation I notice that there are few security issues (that I am still trying to understand):

Can someone please enlighten me on this subject furthermore ?
Is it a critical issue ?

Peter Johnson

Joined: May 14, 2008
Posts: 5852

When you get JBoss AS and run it, by default it lets you do anything without requiring any credentials (well, not quite, the admin-console in 5.1.0 required login). This state is great for development work because you can do what you need without having to worry about logging in.

However, when you set up a public JBoss AS web site you should secure it as much as possible. If you don't, anyone can go to the the jmx-console and shut the app server down, or interrogate and call your web services, or write clients that connect to your messaging queues, or do any number of other things to steal your data or compromise your system.

Note that by default JBoss AS (starting with 4.2.0) binds to localhost only, so in a development environment where you don't use the "-b" option to bind elsewhere, the above security concerns are not an issue.

JBoss In Action
I agree. Here's the link:
subject: understand SecureJBoss issue
jQuery in Action, 3rd edition