Group Discounts available for 3+ students and Corporate Clients

Security in JBoss

Security in JBoss

Securing Applications

Filtering clients by source IP addresses

Requiring authentication and authorization

Data transport integrity and confidentiality (SSL)

We will explore each one of these in turn

Filtering Clients by Source

Limit access to web applications by client IP or hostname

Configured through Tomcat Valves

Different levels: <Engine> (global), <Host> (per virtual host), <Context> (per web application)

<Valve className=”org.apache.catalina.valves.RemoteAddrValve” allow=”192.168.*,127.*” />

<Valve className=”org.apache.catalina.valves.RemoteHostValve” deny=”” />

Configured through a Servlet Filter

Simple implementation is provided by JBoss but servlet filters are Java EE AS-independent

To limit client access through Tomcat, add a desired <Valve> in <Engine> or <Host> elements within ${jboss.server.home.url}/deploy/jbossweb.sar/server.xml file

Limiting per web application can be still done through Tomcat by creating a <Context> file ${jboss.server.home.url}/deploy/<app>.war/WEB-INF/context.xml:


<Valve className=”org.apache.catalina.valves.RemoteAddrValve” allow=”192.168.*.*” />


Inclined to build a profession as JBOSS Developer?
Then here is the blog post on JBOSS Training Program

To limit client access in a application-server-neutral way, configure a servlet filter in WEB-INF/web.xml file as follows:

  • <web-app …>
  • <filter>
  • <filter-name>RemoteHostFilter</filter-name>
  • <filter-class>org.jboss.remotehostfilter.RemoteHostFilter</filter-class>
  • <init-param>
  • <param-name>allow</param-name>
  • <param-value>192.168.*,127.*</param-value>
  • </init-param>
  • </filter>
  • <filter-mapping>
  • <filter-name>RemoteHostFilter</filter-name>
  • <url-pattern>/*</url-pattern>
  • </filter-mapping>


A simple implementation of this filter can be found at

For indepth understanding on JBoss click on:

“At TekSlate, we are trying to create high quality tutorials and articles, if you think any information is incorrect or want to add anything to the article, please feel free to get in touch with us at, we will update the article in 24 hours.”

0 Responses on Security in JBoss"

Leave a Message

Your email address will not be published. Required fields are marked *


Please Enter Your Details and Query.
Three + 6