Anil Saldhana [http://community.jboss.org/people/anil.saldhana] created the document: "JBossAS7: Secure my Web App : How Do I?" To view the document, visit: http://community.jboss.org/docs/DOC-17297 -------------------------------------------------------------- This is an article for people seeking ways by which they can secure their Java EE Web Apps.   I am assuming that your web app contains servlets, jsps, html etc.  If you have a Seam based app, then Seam Security is what you should look for. h2. h2. Bare Minimum Security This is when you just want to secure your web app in the most minimalistic way.  Something like the default jmx-console that you want to ship with JBoss AS7. Step 1:  Add a security-constraint to your web.xml Step 2: Add a security-domain to your jboss-web.xml Step 3: Configure a security domain in standalone.xml Step 4:  Have users.properties and roles.properties files in WEB-INF/classes directory of your web application That is it.  How do you achieve these steps?  Look in the references below. h2. h2. References 1. http://java.dzone.com/articles/understanding-web-security http://java.dzone.com/articles/understanding-web-security 2. http://community.jboss.org/docs/DOC-16811 http://community.jboss.org/wiki/JBossAS7SecurityDomainModel -------------------------------------------------------------- Comment by going to Community [http://community.jboss.org/docs/DOC-17297] Create a new document in JBoss AS7 Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=102&am...]