JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle GlassFish Server 3.1 Security Guide
search filter icon
search icon

Document Information


1.  Administering System Security

2.  Administering User Security

3.  Administering Message Security

4.  Administering Security in Cluster Mode

5.  Managing Administrative Security

Secure Administration Overview

How Secure Admin Works: The Big Picture

Functions Performed by Secure Admin

Which Administration Account is Used?

What Authentication Methods Are Used for Secure Administration?

Understanding How Certificate Authentication is Performed

What Certificates Are Used?

Self-Signed Certificates and Trust

Using Your Own Certificates

An Alternate Approach: Using Distinguished Names to Specify Certificates

Guarding Against Unwanted Connections

Considerations When Running GlassFish Server With Default Security

Running Secure Admin

Prerequisites for Running Secure Admin

An Alternate Approach: Using A User Name and Password for Internal Authentication and Authorization

Example of Running enable-secure-admin

Additional Considerations When Creating Local Instances

Secure Admin Use Case

Upgrading an SSL-Enabled Secure GlassFish Installation to Secure Admin

6.  Running in a Secure Environment

7.  Integrating Oracle Access Manager


Secure Administration Overview

The secure administration feature allows an administrator to secure all administrative communication between the domain administration server (DAS), any remote instances, and administration clients such as the asadmin utility, the administration console, and REST clients.

In addition, secure administration helps to prevent DAS-to-DAS and instance-to-instance traffic, and carefully restricts administration-client-to-instance traffic.

The secure administration feature, which is henceforth referred to as secure admin, provides a secure environment, in which you can be confident that rogue users or processes cannot intercept or corrupt administration traffic or impersonate legitimate GlassFish Server components.

When you install GlassFish Server or create a new domain, secure admin is disabled by default. When secure admin is disabled, GlassFish Server does not encrypt administrative communication among the system components and does not accept administrative connections from remote hosts.

The following subcommands enable and disable secure admin:

This section describes how to use these commands to run secure admin, and the implications of doing so.