How to block external requests in Jboss?

1

How do I block an external application from accessing my web application? Is there any way to block this?

    
asked by anonymous 25.09.2015 / 19:31

2 answers

0

In jBoss older versions, you can pass the -b parameter X.X.X.X to only your machine can request Jboss.

Source: link

In the newer version of Jboss use the -Djboss.bind.address = X.X.X.X

Where, X.X.X.X is your ip.

    
25.09.2015 / 21:59
-1

See if you can help:

link

  • Identify the web application that needs to be restricted access (Lets call this as ABCWebApp). Update the web.xml file, you will probably need to add the following lines:
  • File: /usr/local/jboss-5.1.0.GA/server/default/deploy/ABCWebApp/WEB-INF/web.xml

    <!– add a security-contraint to
    
    a resource in your application that needs to be
    
    restricted –>
    
    <security-constraint>
    
    <web-resource-collection>
    
    <web-resource-name>Secure Content</web-resource-name>
    
    <url-pattern>/*</url-pattern>
    
    <!– if you need any particular directory, you can have the pattern as /dir_name/* –>
    
    </web-resource-collection>
    
    <auth-constraint>
    
    <role-name>ABCWebAppUser</role-name>
    
    </auth-constraint>
    
    </security-constraint>
    
    <!– define the type of authentication mechanism to be used –>
    
    <login-config>
    
    <auth-method>BASIC</auth-method>
    
    <realm-name>ABCWebApp – Restricted Zone</realm-name>
    
    </login-config>
    
    <!– defie the role that are allowed to access the restricted zone –>
    
    <security-role>
    
    <description>The role required to access restricted content </description>
    
    <role-name>ABCWebAppUser</role-name>
    
    </security-role>
    
  • Add or update the existing jboss-web.xml file under your web application to use the security policy
  • File: /usr/local/jboss-5.1.0.GA/server/default/deploy/ABCWebApp/WEB-INF/jboss-web.xml

    <?xml version=”1.0″ encoding=”UTF-8″?>
    
    <jboss-web>
    
    <context-root />
    
    java:/jaas/ABCWebApp_Policy
    
    <!– This policy needs to be defined in the login-config.xml –>
    
    </jboss-web>
    
  • Define the policy in step 2 in login-config.xml. Add following lines
  • File: /usr/local/jboss-5.1.0.GA/server/default/conf/login-config.xml

    <!– A template configuration for the ABCWebApp web application. This
    
    defaults to the UsersRolesLoginModule the same as other and should be
    
    changed to a stronger authentication mechanism as required.
    
    –>
    
    <application-policy name=”ABCWebApp_Policy”>
    
    <authentication>
    
    <login-module code=”org.jboss.security.auth.spi.UsersRolesLoginModule”
    
    flag=”required”>
    
    <!– define property file which has username / password –>
    
    <module-option name=”usersProperties”>props/ABCWebApp_Policy-users.properties</module-option>
    
    <!– define property file which has role for the above users –>
    
    <module-option name=”rolesProperties”>props/ABCWebApp_Policy-roles.properties</module-option>
    
    </login-module>
    
    </authentication>
    
    </application-policy>
    
  • Create the property file for the user credentials (defied in step 3)
  • File: /usr/local/jboss-5.1.0.GA/server/default/conf/props/ABCWebApp_Policy-users.properties

    # A sample users.properties file for use with the UsersRolesLoginModule
    
    ashish = pass1234
    
    shukla = pass1234
    
    ashishshukla = pass1234
    
    ashishpshukla = pass1234
    
  • Create the property file for the user roles (defied in step 3), Note the roles should be defined in step 1
  • File: /usr/local/jboss-5.1.0.GA/server/default/conf/props/ABCWebApp_Policy-roles.properties

    ashish = ABCWebAppUser
    
    shukla = ABCWebAppUser
    
    ashishshukla = ABCWebAppUser
    
    ashishpshukla = ABCWebAppUser
    
        
    25.09.2015 / 19:42