Port 9990: Unassigned — The JBoss Management Port That Needs No Permission

Port 9990 sits in the registered ports range (1024-49151) without an official IANA assignment. It belongs to no protocol, answers to no RFC, and carries no formally recognized service.

And yet, if you manage enterprise Java applications, you know it instantly.

What Runs on Port 9990

Port 9990 is the default HTTP management interface for JBoss Enterprise Application Platform (EAP) and WildFly application servers.¹² When you access http://localhost:9990/console, you reach the HAL management console—a web interface for controlling the application server.

Through this port, administrators can:

• Deploy and undeploy applications
• Configure server resources (datasources, messaging queues, security domains)
• Monitor runtime performance and statistics
• Manage server lifecycle (start, stop, restart)
• View logs and troubleshoot issues

The same port serves both the web-based admin console and the HTTP-based management API used by command-line tools.³

The Registered Ports Range

Port 9990 falls in the registered ports range (1024-49151). These ports are registered with IANA for specific services, but the registration process is less strict than for well-known ports (0-1023). Organizations can request port assignments, but many ports in this range remain unassigned or see unofficial use.

Port 9990 appears to be unassigned in the official IANA registry, yet it has become the de facto standard for JBoss management interfaces.

Why This Port Was Chosen

Red Hat chose port 9990 for JBoss EAP 7 and WildFly as part of a consolidation of management interfaces. Earlier versions used separate ports for different management protocols. WildFly unified these into a single HTTP-based interface on 9990, with HTTPS available on 9993.⁴

The choice was pragmatic: high enough to avoid conflicts with common services, not officially claimed, and easy to remember. It's documented in configuration files as ${jboss.management.http.port:9990}, making it customizable while establishing 9990 as the default.

No RFC was written. No formal assignment was made. Red Hat documented it, shipped it as the default, and the Java application server community adopted it.

How Convention Becomes Infrastructure

Port 9990 is a reminder that the Internet's infrastructure is built as much by convention as by central authority. Thousands of organizations run JBoss or WildFly servers with management interfaces on 9990. Monitoring tools expect it. Documentation references it. Firewall rules permit it.

The port works not because IANA blessed it, but because it's consistently used and widely understood. Sometimes that's enough.

Security Considerations

The management interface on port 9990 provides complete control over the application server. WildFly ships with security enabled by default, requiring HTTP Digest authentication.⁵ But the interface itself is powerful:

• Full access to deploy or remove applications
• Ability to modify server configuration
• Access to sensitive runtime information
• Control over server lifecycle

In production environments, port 9990 should never be exposed to the public Internet. Common security practices include:

• Binding the management interface only to localhost or internal networks
• Using firewall rules to restrict access to authorized administrators
• Enabling HTTPS (port 9993) instead of HTTP
• Implementing strong authentication policies
• Monitoring access logs for unusual activity

Checking What's Listening

To see if something is listening on port 9990:

# On Linux/Mac
sudo lsof -i :9990
sudo netstat -tlnp | grep 9990

# On Windows
netstat -ano | findstr :9990

# Using nmap
nmap -p 9990 localhost

If you see a JBoss or WildFly process, you're looking at a management interface. If you see something else, investigate—unassigned ports can be claimed by any application.

Related Ports

• Port 9993: HTTPS management interface for WildFly (the encrypted version of 9990)
• Port 8080: Default HTTP application port for JBoss/WildFly (where deployed applications run)
• Port 8443: Default HTTPS application port for JBoss/WildFly
• Port 9999: Used in older JBoss versions for native management protocol⁶

Why Unassigned Ports Matter

The registered ports range (1024-49151) contains thousands of unassigned ports. They serve as a commons—available for applications to claim without formal process. This flexibility allows software developers to choose ports that suit their needs without waiting for IANA approval.

But it also means collision risk. Two applications might independently choose the same unassigned port. Documentation and community adoption become the mechanisms that establish which application "owns" a port in practice.

Port 9990 is one of the success stories: an unofficial choice that became widely recognized through consistent use.