How do I block an external application from accessing my web application? Is there any way to block this?
How do I block an external application from accessing my web application? Is there any way to block this?
In jBoss older versions, you can pass the -b parameter X.X.X.X to only your machine can request Jboss.
Source: link
In the newer version of Jboss use the -Djboss.bind.address = X.X.X.X
Where, X.X.X.X is your ip.
See if you can help:
File: /usr/local/jboss-5.1.0.GA/server/default/deploy/ABCWebApp/WEB-INF/web.xml
<!– add a security-contraint to
a resource in your application that needs to be
restricted –>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Content</web-resource-name>
<url-pattern>/*</url-pattern>
<!– if you need any particular directory, you can have the pattern as /dir_name/* –>
</web-resource-collection>
<auth-constraint>
<role-name>ABCWebAppUser</role-name>
</auth-constraint>
</security-constraint>
<!– define the type of authentication mechanism to be used –>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ABCWebApp – Restricted Zone</realm-name>
</login-config>
<!– defie the role that are allowed to access the restricted zone –>
<security-role>
<description>The role required to access restricted content </description>
<role-name>ABCWebAppUser</role-name>
</security-role>
File: /usr/local/jboss-5.1.0.GA/server/default/deploy/ABCWebApp/WEB-INF/jboss-web.xml
<?xml version=”1.0″ encoding=”UTF-8″?>
<jboss-web>
<context-root />
java:/jaas/ABCWebApp_Policy
<!– This policy needs to be defined in the login-config.xml –>
</jboss-web>
File: /usr/local/jboss-5.1.0.GA/server/default/conf/login-config.xml
<!– A template configuration for the ABCWebApp web application. This
defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
–>
<application-policy name=”ABCWebApp_Policy”>
<authentication>
<login-module code=”org.jboss.security.auth.spi.UsersRolesLoginModule”
flag=”required”>
<!– define property file which has username / password –>
<module-option name=”usersProperties”>props/ABCWebApp_Policy-users.properties</module-option>
<!– define property file which has role for the above users –>
<module-option name=”rolesProperties”>props/ABCWebApp_Policy-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
File: /usr/local/jboss-5.1.0.GA/server/default/conf/props/ABCWebApp_Policy-users.properties
# A sample users.properties file for use with the UsersRolesLoginModule
ashish = pass1234
shukla = pass1234
ashishshukla = pass1234
ashishpshukla = pass1234
File: /usr/local/jboss-5.1.0.GA/server/default/conf/props/ABCWebApp_Policy-roles.properties
ashish = ABCWebAppUser
shukla = ABCWebAppUser
ashishshukla = ABCWebAppUser
ashishpshukla = ABCWebAppUser