You might be able to go about it a different way as well -> after installing or upgrading openfire, go into openfire/src/plugins/admin/webapp/WEB-INF, edit web.xml. and delete:
That’ll make the web interface for adding new plugins go away… forcing folk to have to have local access to the server to install new plugins (while retaining the ability to update existing plugins)
I will warn you that in 3.4.0 I added the ability to upload plugins through the web interface via a simple form. (plugins that aren’t on the available plugins page) But it’s not quite as trivial as hitting the available plugins page and outright seeing what’s all available.
You may even want to delete:
to remove the plugin interface altogether. (I mean the link will still be there, but it won’t function) Then you can limit to only server access people being able to do -anything- with plugins.