How to block external requests in Jboss?

Question

How to block external requests in Jboss?

Asked 9 years, 1 month ago

Viewed 288 times

1

How to block an external application from accessing my web application? Are there any way to block this?

2 answers

Browser other questions tagged java jboss

You are not signed in. Login or sign up in order to post.

by abv2014 • **129** points · Answer 1 · 2015-09-25T19:59:22+00:00

In jboss older versions, you can pass the parameter -b X.X.X.X so that only your machine can request Jboss.

Source: https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Web_Platform/5/html/Getting_Started_Guide/Starting_and_Stopping_the_Server.html

In the newest version of Jboss use the parameter -Djboss.bind.address=X.X.X.X

Where, X.X.X.X is your ip.

by Emir Marques • **3,586** points · Answer 2 · 2015-09-25T17:42:01+00:00

See if it helps you:

https://ashishpshukla.wordpress.com/2010/02/25/how-to-restrict-access-to-your-web-application-on-the-jboss-5-0-application-server/

Identify the web application that needs to be Restricted access to (Lets call this as Abcwebapp). Update the web.xml file, you will probably need to add the following:

file: /usr/local/jboss-5.1.0.GA/server/default/deploy/Abcwebapp/WEB-INF/web.xml

<!– add a security-contraint to

a resource in your application that needs to be

restricted –>

<security-constraint>

<web-resource-collection>

<web-resource-name>Secure Content</web-resource-name>

<url-pattern>/*</url-pattern>

<!– if you need any particular directory, you can have the pattern as /dir_name/* –>

</web-resource-collection>

<auth-constraint>

<role-name>ABCWebAppUser</role-name>

</auth-constraint>

</security-constraint>

<!– define the type of authentication mechanism to be used –>

<login-config>

<auth-method>BASIC</auth-method>

<realm-name>ABCWebApp – Restricted Zone</realm-name>

</login-config>

<!– defie the role that are allowed to access the restricted zone –>

<security-role>

<description>The role required to access restricted content </description>

<role-name>ABCWebAppUser</role-name>

</security-role>

Add or update the existing jboss-web.xml file under your web application to use the security policy

File: /usr/local/jboss-5.1.0.GA/server/default/deploy/Abcwebapp/WEB-INF/jboss-web.xml

<?xml version=”1.0″ encoding=”UTF-8″?>

<jboss-web>

<context-root />

java:/jaas/ABCWebApp_Policy

<!– This policy needs to be defined in the login-config.xml –>

</jboss-web>

Define the policy in step 2 in login-config.xml. Add following Lines

File: /usr/local/jboss-5.1.0.GA/server/default/conf/login-config.xml

<!– A template configuration for the ABCWebApp web application. This

defaults to the UsersRolesLoginModule the same as other and should be

changed to a stronger authentication mechanism as required.

–>

<application-policy name=”ABCWebApp_Policy”>

<authentication>

<login-module code=”org.jboss.security.auth.spi.UsersRolesLoginModule”

flag=”required”>

<!– define property file which has username / password –>

<module-option name=”usersProperties”>props/ABCWebApp_Policy-users.properties</module-option>

<!– define property file which has role for the above users –>

<module-option name=”rolesProperties”>props/ABCWebApp_Policy-roles.properties</module-option>

</login-module>

</authentication>

</application-policy>

Create the Property file for the user credentials (defied in step 3)

File: /usr/local/jboss-5.1.0.GA/server/default/conf/props/Abcwebapp_policy-users.properties

# A sample users.properties file for use with the UsersRolesLoginModule

ashish = pass1234

shukla = pass1234

ashishshukla = pass1234

ashishpshukla = pass1234

Create the Property file for the user roles (defied in step 3), Note the roles should be as defined in step 1

File: /usr/local/jboss-5.1.0.GA/server/default/conf/props/Abcwebapp_policy-roles.properties

ashish = ABCWebAppUser

shukla = ABCWebAppUser

ashishshukla = ABCWebAppUser

ashishpshukla = ABCWebAppUser