I had a JRun -> JBoss question. I looked over the forums before asking these but do let me know if some post already exists.
Configuring host based JNDI security: JRun allows, at a global or deployment level, to limit JNDI access to specific hosts and/or subnet masks . This is done via:jrun_root/ lib/security.properties file that contains two properties, jrun.subnet.restriction and jrun.trusted.hosts
I was trying to find something similar in JBoss. I see one could probably restrict http access via Tomcat valves. But is there any underlying security policy /file where one can define a restrictive set of hostnames/ and or subnets?
Something close I found was the bind address property, but this is for services to bind to all IPs on the machine. And so, it seems to me the scope of this is to allow all IPs from the host machine, and not control which clients it will allow.