Ok, I hit the submit instead of the preview button. Dang. No way to erase or modify a
message I have just posted. Double dang.
To continue.
The default configuration has a whole bunch of stuff in the deploy directory. Which bits
depend on which other bits? Is it even possible to know, or is it all buried inside the
code of the various components? Where is the documentation describing how to find this
out?
I have been reading the JBoss admin and development guide, but it's only for version
3.6.3. Is there a version for 4.0.4?
How do I secure the app? The 3.6.3 admin guide has a section on dong it, but it's
dreadful and it mentions jmx-invoker-adaptor-server.sar which is not in the 4.0.4 deploy
direcory.
Then there's the issue of users and groups. Is it simply the case that you write a
jaas login module and drop it on the path ... somewhere? Does jboss even have some sort of
standard files or ldap based security module? Where is it?
Then, of course, there's the portal. It has one security group named
"Authentiated: or something. Beats me how it works that out.
I have to tell you - glassfish makes a great deal more sense at this point. The deploy
directory is not cluttered with a whole bunch of internal bumf (it's amazing that the
spot where you put your webapps is the same as the spot where the http invoker module goes
- JBoss was clearly not built with the applications programmer in mind), and all the admin
gear runs on a separate port that can be blocked at the router.
At this point, the only way I'd expose the jboss port to the net is if I was running
an http proxy that checked authentication - I don't know what jboss is exposing, on
what urls.
Basically - it's all awful.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4087598#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...