11.10. Network Security
11.10.1. Secure the Management Interfaces
A common development scenario is to run JBoss EAP 6 with no security on the management interfaces to allow rapid configuration changes.
In production deployment, secure the management interfaces by at least the following methods:
Additionally, the default silent local authentication mode allows local clients (on the server machine) to connect to the Management CLI without requiring a username or password. This is a convenience for local users and Management CLI scripts. To disable this, refer to Section 11.8.6, “Remove Silent Authentication from the Default Security Realm”.