So am I securing the consoles wrong? If I add | <security-constraint> | <user-data-constraint> | <transport-guarantee>CONFIDENTIAL</transport-guarantee> | </user-data-constraint> | </security-constraint> | to the web.xml files in both /server/prod/deploy/jboss-web.deployer/ROOT.war/WEB-INF and /server/prod/deploy/jmx-console.war/WEB-INF it seems to have no affect. I can still connect to both unsecured on port 8080. https works fine, but I have to specify it, and 8080 is still allowed on both apps. Is there something else required? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4136041#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...