Setup a Read-Only Unsecured Context
First, the ReadOnlyJNDIFactory is declared in invoker.sar/WEB-INF/web.xml. It will be mapped to /invoker/ReadOnlyJNDIFactory. ReadOnlyJNDIFactory A servlet that exposes the JBoss JNDI Naming service stub through http, but only for a single read-only context. The return content is serialized MarshalledValue containing the org.jnp.interfaces.Naming stub. org.jboss.invocation.http.servlet.NamingFactoryServlet namingProxyMBean jboss:service=invoker,type=http,target=Naming,readonly=true proxyAttribute Proxy 2 ReadOnlyJNDIFactory /ReadOnlyJNDIFactory/* The factory only provides a JNDI stub which needs to be connected to an invoker. Here the invoker is jboss:service=invoker,type=http,target=Naming,readonly=true. This invoker is declared in the http-invoker.sar/META-INF/jboss-service.xml file. jboss:service=Naming http:// :8080/invoker/readonly/JMXInvokerServlet true org.jnp.interfaces.Naming org.jboss.proxy.ClientMethodInterceptor org.jboss.proxy.SecurityInterceptor org.jboss.naming.interceptors.ExceptionInterceptor org.jboss.invocation.InvokerInterceptor The proxy on the client side needs to talk back to a specific invoker servlet on the server side. The configuration here has the actual invocations going to /invoker/readonly/JMXInvokerServlet. This is actually the standard JMXInvokerServlet with a read-only filter attached. ReadOnlyAccessFilter org.jboss.invocation.http.servlet.ReadOnlyAccessFilter readOnlyContext readonly The top level JNDI context the filter will enforce read-only access on. If specified only Context.lookup operations will be allowed on this context. Another other operations or lookups on any other context will fail. Do not associate this filter with the JMXInvokerServlets if you want unrestricted access. invokerName jboss:service=Naming The JMX ObjectName of the naming service mbean ReadOnlyAccessFilter /readonly/* JMXInvokerServlet /readonly/JMXInvokerServlet/* The readOnlyContext parameter is set to readonly which means that when you access JBoss through the ReadOnlyJNDIFactory, you will only be able to access data in the readonly context. Here is a code fragment that illustrates the usage: Properties env = new Properties(); env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory"); env.setProperty(Context.PROVIDER_URL, "http://localhost:8080/invoker/ReadOnlyJNDIFactory"); Context ctx2 = new InitialContext(env); Object data = ctx2.lookup("readonly/data"); Attempts to look up any objects outside of the readonly context will fail. Note that JBoss doesn't ship with any data in the readonly context, so the readonly context won't be bound usable unless you create it.