JBoss 6 limit JMX to localhost

I can not really find any conclusive documentation on th开发者_StackOverflow中文版e different avenues for JMX invokation on a JBoss 6.0.0.Final.

The jboss.org guide SecureTheJmxConsole only specifies how to set an authentication realm for the jmx-console.war web app and JMX-connector. I feel like there is probably other ways of accessing JMX. What about RMI, HttpInvoker?

Ideally, I would like to know the best way to limit all JMX access to localhost.

So, how to go about making sure all avenues of JMX are accessible from localhost only?

---

There's an official documentation repository for Red Hat products, which includes JBoss EAP (the Red Hat product based on JBoss AS). This documentation is for EAP 5.x, but should be similar to JBoss AS 6 (EAP 5.x is based on JBoss AS 5.1).

http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/5/html/Administration_Console_Quick_Start_Guide/ch04s02.html

In short, you'll have to change two files:

server/$PROFILE/conf/jboss-service.xml
server/$PROFILE/deploy/jmx-invoker-service.xml