So you are asking about securing a web application. Well since this is a more general "how web apps work" type of question so I'll move you over to a more appropriate forum, see if that generates some discussion.
Originally posted by Darya Akbari: I think most of the security task here is vendor dependent. The only non vendor dependent part I can see is in the web.xml deployment descriptor, see the code snippet below:
Here I want plug my own security domain and use my own security role my:jmxconsole
[ July 27, 2007: Message edited by: Darya Akbari ]
I agree. I'm going to move this again. This time to our JBoss forum where you find help in setting up SSL on that server.