8.4 JBoss and SSL

If you want to restrict access to SSL on JBoss, you need to either disable the HTTP port in JBoss and enable only the SSL port or configure SSL in the web.xml file. It is not enough to select the Require SSL on the Protected Web Resource page. In the Administration Console, click Access Manager, J2EE Agents > Edit > Manage authorization policies > [Name of Web Module] > [Name of Protected Resource].