9.10 JBoss and SSL

If you want to restrict access to SSL on JBoss, you need to either disable the HTTP port in JBoss and enable only the SSL port or configure SSL in the web.xml file. It is not enough to select Require SSL on the Protected Web Resource page. In the Administration Console, click Devices > > J2EE Agents > Edit > Manage authorization policies > [Name of Web Module] > [Name of Protected Resource].