JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle GlassFish Server 3.1 Security Guide
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Administering System Security

About System Security in GlassFish Server

Authentication

Authentication Types

JSR 196 Server Authentication Modules

Passwords

Master Password and Keystores

Understanding Master Password Synchronization

Using the Default Master Password

Saving the Master Password to a File

Using the Master Password When Creating a Domain

Administration Password

Encoded Passwords

Web Browsers and Password Storage

Password Aliases

Single Sign-on

Authorization

Roles

Java Authorization Contract for Containers

Working With the server.policy Policy File

Contents of server.policy

Changing the Default Permissions

Auditing

Firewalls

Certificates and SSL

Certificates

Certificate Chains

Certificate Files

Secure Sockets Layer

Ciphers

Name-based Virtual Hosts

Custom Authentication of Client Certificate in SSL Mutual Authentication

Understanding the AppservCertificateLoginModule Class

Example AppservCertificateLoginModule Code

Setting the JAAS Context

Tools for Managing System Security

Administering Passwords

To Change the Master Password

Additional Considerations for the start-instance and start-cluster Subcommands

Using start-instance and start-cluster With a Password File

To Change an Administration Password

To Set a Password From a File

Administering Password Aliases

To Create a Password Alias

To List Password Aliases

To Delete a Password Alias

To Update a Password Alias

Administering Audit Modules

To Create an Audit Module

To List Audit Modules

To Delete an Audit Module

Administering JSSE Certificates

To Generate a Certificate by Using keytool

To Sign a Certificate by Using keytool

To Delete a Certificate by Using keytool

Administering JACC Providers

Administering JACC Providers From the Administration Console

Administering JACC Providers from the Command Line

2.  Administering User Security

3.  Administering Message Security

4.  Administering Security in Cluster Mode

5.  Managing Administrative Security

6.  Running in a Secure Environment

7.  Integrating Oracle Access Manager

Index

Administering JACC Providers

The Java Authorization Contract for Containers (JACC) is part of the J2EE 1.4 specification that defines an interface for pluggable authorization providers. This enables the administrator to set up third-party plug-in modules to perform authorization.

GlassFish Server includes Administration Console support and subcommands to support JACC providers, as follows:

The default GlassFish Server installation includes two JACC providers, named default and simple. You should not delete these default providers. Any JACC providers you create with the create-jacc-provider subcommand are in addition to these two default providers.

The GlassFish Server creates a JSR-115-compliant JACC provider that you can use with third-party authorization modules for applications running in GlassFish Server. The JACC provider is created as a jacc-provider element within the security-service element in the domain's domain.xml file.

Administering JACC Providers From the Administration Console

To use the Administration Console to administer JACC providers, perform the following steps:

  1. Select Configurations and expand the entry.
  2. Select the server configuration for which you want to administer JACC providers and expand the entry.
  3. Select Security and expand the entry.
  4. Select JACC Providers. The JACC Providers page is displayed. The existing JACC providers are shown on this page.
    image:This screen shot shows the default JACC providers.
  5. To create a new provider, click New.

    Enter the Name, Policy Configuration (the class that implements the policy configuration factory) and the Policy Provider (the class that implements the policy factory) for the new JACC provider. You can also enter optional properties (name/value) for the provider.

  6. To delete an existing JACC provider, select that provider and click Delete.

Administering JACC Providers from the Command Line

To use the command line to administer JACC providers, perform the following steps:

  1. To create a JACC provider, use the create-jacc-provider subcommand. The following example shows how to create a JACC provider named testJACC on the default server target.
    asadmin> create-jacc-provider
       --policyproviderclass com.sun.enterprise.security.provider.PolicyWrapper
       --policyconfigfactoryclass com.sun.enterprise.security.provider.PolicyCon
figurationFactoryImpl
       testJACC
  2. To delete a JACC provider, use the create-jacc-provider subcommand. The following example shows how to delete a JACC provider named testJACC from the default domain:
    asadmin> delete-jacc-provider testJACC
  3. To list the available providers, use the list-jacc-providers subcommand. The following example shows how to list JACC providers for the default domain:
    asadmin> list-jacc-providers
default
simple
Command list-jacc-providers executed successfully.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next