1. Administering System Security
2. Administering User Security
3. Administering Message Security
4. Administering Security in Cluster Mode
5. Managing Administrative Security
6. Running in a Secure Environment
Determining Your Security Needs
Hire Security Consultants or Use Diagnostic Software
Installing GlassFish Server in a Secure Environment
Enable the Secure Administration Feature
Run on the Web Profile if Possible
Securing the GlassFish Server Host
Minimize the GlassFish Server installation by removing components that you are not using and do not intend to use.
The Update Tool is a standalone graphical tool bundled withGlassFish Server that you can use to find, install, and remove updates and add-ons on a deployed server instance.
The pkg command is the command-line equivalent to Update Tool. Most of the tasks that can be performed with the graphical Update Tool can be performed from a command line using the pkg tool.
To update or remove installed add-on components, use one of the following commands:
install-dir/bin/updatetool, which starts the Update Tool graphical utility.
install-dir/bin/pkg, a command-line version of the Update Tool.
This section describes how to use the pkg utility to remove an installed component. You can also use the Update Tool to perform this task.
See To Stop a Domain in Oracle GlassFish Server 3.1 Administration Guide.
cd install-dir
install-dir/bin/pkg list
NAME (PUBLISHER) VERSION STATE UFIX felix 3.0.7-0 installed ---- glassfish-appclient 3.1-39 installed ---- glassfish-bundled-jdk (release.release.sun.com) 1.6.0.23-5.1 installed ---- glassfish-cluster 3.1-39 installed ---- glassfish-cmp 3.1-39 installed ---- glassfish-common 3.1-39 installed ---- glassfish-common-full 3.1-39 installed ---- glassfish-corba 3.1.0-23 installed ---- glassfish-corba-base 3.1.0-23 installed ---- glassfish-ejb 3.1-39 installed ---- glassfish-ejb-lite 3.1-39 installed ---- glassfish-full-incorporation 3.1-39 installed ---- glassfish-full-profile 3.1-39 installed ---- glassfish-grizzly 1.9.28-1 installed ---- glassfish-grizzly-full 1.9.28-1 installed ---- glassfish-gui 3.1-39 installed ---- glassfish-ha 3.1-39 installed ---- glassfish-hk2 3.1-39 installed ---- glassfish-javahelp 2.0.2-1 installed ---- glassfish-jca 3.1-39 installed ---- glassfish-jcdi 3.1-39 installed ---- glassfish-jdbc 3.1-39 installed ---- glassfish-jms 3.1-39 installed ---- glassfish-jpa 3.1-39 installed ---- glassfish-jsf 2.1.0-10 installed ---- glassfish-jta 3.1-39 installed ---- glassfish-jts 3.1-39 installed ---- glassfish-management 3.1-39 installed ---- glassfish-nucleus 3.1-39 installed ---- glassfish-registration 3.1-39 installed ---- glassfish-upgrade 3.1-39 installed ---- glassfish-web 3.1-39 installed ---- glassfish-web-incorporation 3.1-39 installed ---- glassfish-web-profile 3.1-39 installed ---- javadb-client 10.6.2.1-1 installed ---- javadb-common 10.6.2.1-1 installed ---- javadb-core 10.6.2.1-1 installed ---- javaee-firstcup-tutorial 2.0.2-6 installed ---- javaee-javadocs 3.1-39 installed ---- javaee-samples-build 1.0-4 installed ---- javaee-samples-full 1.0-4 installed ---- javaee-samples-web 1.0-4 installed ---- javaee-sdk-full-profile 3.1-39 installed ---- javaee-tutorial 6.0.1-10 installed u--- jersey 1.5-1.0 installed ---- metro 2.1-25 installed ---- mq-bin-exe 4.5-26.1 installed ---- mq-bin-sh 4.5-26.1 installed ---- mq-config-gf 4.5-26.1 installed ---- mq-core 4.5-26.1 installed ---- mq-locale 4.5-26.1 installed ---- mq-server 4.5-26.1 installed ---- pkg (dev.glassfish.org) 1.122.2-50.2809 installed ---- pkg-java 1.122-50.2809 installed ---- python2.4-minimal (dev.glassfish.org) 2.4.4.0-50.2809 installed ---- sdk-branding-full 3.1-39 installed ---- shoal 1.5.28-0 installed ---- updatetool (dev.glassfish.org) 2.3.3-50.2809 installed ---- wxpython2.8-minimal (dev.glassfish.org) 2.8.10.1-50.2809 installed ----
pkg uninstall package-name
For example:
pkg uninstall metro
See To Start a Domain in Oracle GlassFish Server 3.1 Administration Guide.
Consider removing services that you are not using. For example, if applications are not using messaging, then consider removing the JMS from the server. Also consider removing EJB Container, JCA, and so forth.
Note - There is always a potential of making mistakes when deleting components from the GlassFish Server installation. Therefore, Oracle recommends testing your changes in a secure development environment before implementing them in a production environment.
The Updatetool and the Administration Console both provide descriptions of each installed component. In addition, the Updatetool also describes dependencies. You can use this information to decide whether you need to keep these components installed.
Before you remove a component, use the asadmin list-<component>-resources subcommand or the Administration Console to make sure that resources of a given type, for example JMS, are not in use. For example, you might use the asadmin list-jms-resources subcommand to make sure that JMS resources are not currently in use:
D:\glassfish3\glassfish\bin>asadmin list-jms-resources
Nothing to list
Command list-jms-resources executed successfully.