[jboss-user] [Management, JMX/JBoss] - Re: Disabling or Securing the Tomcat Status page in the JMX-

PeterJ do-not-reply at jboss.com
Thu Aug 10 21:26:48 EDT 2006


You could edit the file server/xxx/deploy/jbossweb-tomcat55.sar/ROOT.war/index.html to remove the link.  But someone could still access servlet if they know the URL.  Another possibility is to edit the  server/xxx/deploy/jbossweb-tomcat55.sar/ROOT.war/WEB-INF/web.xml file and remove the servlet and servlet-mapping entries.

The other possibility is to secure the /status context by adding a security-constraint entry to the above web.xml file.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3964515#3964515

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3964515



More information about the jboss-user mailing list