In GlassFish Server, the default admin account is username "admin" with an empty password. Admin clients provide empty credentials or none at all, and all are authenticated and authorized as that default admin user. None of the participants (clients, DAS, or instances) encrypts network messages.
If this level of security is acceptable in your environment, no changes are needed and you do not need to enable secure administration. Imposing a heightened level of security is optional.
However, consider Table 5-2, which shows which operations are accepted and rejected when secure admin is disabled.
Note - When secure admin is disabled, GlassFish Server does allow remote monitoring (read-only) access via the REST interface.
Table 5-2 Accepted and Rejected Operations if Secure Admin is Disabled