-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification
21.3. HTTP Invokers
The
http-invoker.sar
found in the deploy
directory is a service that provides RMI/HTTP access for EJBs and the JNDI Naming
service. This includes a servlet that processes posts of marshaled org.jboss.invocation.Invocation
objects that represent invocations that should be dispatched onto the MBeanServer
. Effectively this allows access to MBeans that support the detached invoker operation via HTTP POST requests. Securing this access point involves securing the JMXInvokerServlet
servlet found in the http-invoker.sar/invoker.war/WEB-INF/web.xml
descriptor. There is a secure mapping defined for the /restricted/JMXInvokerServlet
path by default. Remove the other paths and configure the http-invoker
security domain setup in the http-invoker.sar/invoker.war/WEB-INF/jboss-web.xml
deployment descriptor.
Note
See the Admin Console Quick Start Guide for in-depth information on securing the HTTP invoker.