JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle GlassFish Server 3.1 Security Guide
search filter icon
search icon

Document Information


1.  Administering System Security

2.  Administering User Security

3.  Administering Message Security

4.  Administering Security in Cluster Mode

5.  Managing Administrative Security

6.  Running in a Secure Environment

Determining Your Security Needs

Understand Your Environment

Hire Security Consultants or Use Diagnostic Software

Read Security Publications

Installing GlassFish Server in a Secure Environment

Enable the Secure Administration Feature

Remove Unused Components

Removing Installed Components

Procedure To Remove an Installed Component

Remove Services You Are Not Using

Run on the Web Profile if Possible

Securing the GlassFish Server Host

Securing GlassFish Server

Securing Applications

7.  Integrating Oracle Access Manager


Installing GlassFish Server in a Secure Environment

This section describes recommendations for installing GlassFish Server in a secure environment. The following topic is described:

Enable the Secure Administration Feature

The secure administration feature allows an administrator to secure all administrative communication between the domain administration server (DAS), any remote instances, and administration clients such as the asadmin utility, the administration console, and REST clients. In addition, secure administration helps to prevent DAS-to-DAS and instance-to-instance traffic, and carefully restricts administration-client-to-instance traffic.

When you install GlassFish Server or create a new domain, secure admin is disabled by default. GlassFish Server does not encrypt administrative communication among the system components and does not accept administrative connections from remote hosts. Imposing a heightened level of security is optional.

See Chapter 5, Managing Administrative Security for information on enabling the secure administration feature.