1. Administering System Security
About System Security in GlassFish Server
JSR 196 Server Authentication Modules
Understanding Master Password Synchronization
Using the Default Master Password
Saving the Master Password to a File
Using the Master Password When Creating a Domain
Web Browsers and Password Storage
Java Authorization Contract for Containers
Working With the server.policy Policy File
Changing the Default Permissions
Custom Authentication of Client Certificate in SSL Mutual Authentication
Understanding the AppservCertificateLoginModule Class
Example AppservCertificateLoginModule Code
Tools for Managing System Security
Additional Considerations for the start-instance and start-cluster Subcommands
Using start-instance and start-cluster With a Password File
To Change an Administration Password
Administering Password Aliases
Administering JSSE Certificates
To Generate a Certificate by Using keytool
To Sign a Certificate by Using keytool
To Delete a Certificate by Using keytool
2. Administering User Security
3. Administering Message Security
4. Administering Security in Cluster Mode
5. Managing Administrative Security
6. Running in a Secure Environment
The Java Authorization Contract for Containers (JACC) is part of the J2EE 1.4 specification that defines an interface for pluggable authorization providers. This enables the administrator to set up third-party plug-in modules to perform authorization.
GlassFish Server includes Administration Console support and subcommands to support JACC providers, as follows:
create create-jacc-provider
delete delete-jacc-provider
list list-jacc-providers
The default GlassFish Server installation includes two JACC providers, named default and simple. You should not delete these default providers. Any JACC providers you create with the create-jacc-provider subcommand are in addition to these two default providers.
The GlassFish Server creates a JSR-115-compliant JACC provider that you can use with third-party authorization modules for applications running in GlassFish Server. The JACC provider is created as a jacc-provider element within the security-service element in the domain's domain.xml file.
To use the Administration Console to administer JACC providers, perform the following steps:
Enter the Name, Policy Configuration (the class that implements the policy configuration factory) and the Policy Provider (the class that implements the policy factory) for the new JACC provider. You can also enter optional properties (name/value) for the provider.
To use the command line to administer JACC providers, perform the following steps:
asadmin> create-jacc-provider --policyproviderclass com.sun.enterprise.security.provider.PolicyWrapper --policyconfigfactoryclass com.sun.enterprise.security.provider.PolicyCon figurationFactoryImpl testJACC
asadmin> delete-jacc-provider testJACC
asadmin> list-jacc-providers default simple Command list-jacc-providers executed successfully.