The product I'm working on, is using OC4J 18.104.22.168.0. We need to disable dmsoc4j so that no one can access urls like http://<agent host>:<port>/dmsoc4j/Spy. It seems this is protected from OC4J 10.x and not in 9.x. So we are thinking of disabling url somehow. Is it possible to disable dmsoc4j in 9.x? Or is there any better way to restrict access to such urls apart from upgrading OC4J to 10.x?