[jboss-user] [Security & JAAS/JBoss] - Security of JNDI

deepblueli do-not-reply at jboss.com
Thu Sep 13 23:42:15 EDT 2007


Is there any way to secure JNDI? I have been doing research on google, but couldn't find a way to secure JNDI. Basically, anyone can connect to JNDI via port 1099 and access to DataSource, JMS Queue, etc... 

I am porting the application from Weblogic to JBoss. Weblogic can use "java.naming.security.principal" and "java.naming.security.credentials" to do a simple authentication to access JNDI, but I couldn't find a way to do in JBoss to make the authentication mandatory. Btw, there are clients from outside need to connect to JNDI to access EJB, so I cannot block port 1099 also. 

Any suggestion on this matter? Thanks! 

Deep Blue 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4084288#4084288

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4084288

More information about the jboss-user mailing list