Sun Java System Application Server Platform Edition 8.2 Administration Guide

Admin Console Tasks for Security

ProcedureTo configure security settings

The Security page in the Admin Console enables you to set a variety of system-wide security settings.

  1. In the Admin Console tree component, expand the Configuration node.

  2. Select the Security node.

    The Security page displays.

  3. Modify the values as necessary.

    The general security options are discussed in the following table.



    Audit Logging 

    Select to enable audit logging. If enabled, the server will load and run all the audit modules specified in the Audit Modules setting. If disabled, the server does not access audit modules. Disabled by default. 

    Default Realm 

    The active (default) realm the server uses for authentication. Applications use this realm unless they specify a different realm in their deployment descriptor. All configured realms appear in the list. The initial default realm is the file realm.

    Anonymous Role 

    The name for the default or anonymous role. The anonymous role is assigned to all users. Applications can use this role in their deployment descriptors to grant authorization to anyone. 

    Default Principal 

    Specifies the default user name. The server uses this when no principal is provided. If you enter a value in this field, enter a corresponding value in the Default Principal Password field. 

    This attribute is not required for normal server operation. 

    Default Principal Password 

    Password of the default principal specified in the Default Principal field. 

    This attribute is not required for normal server operation. 


    Class name of a configured JACC provider. See To create a JACC provider

    Audit Modules 

    List of audit module provider classes, delimited by commas. A module listed here must already be configured. If Audit Logging is enabled, this setting must list audit modules. By default, the server uses an audit module named default. For information on creating new audit modules, see To create an audit module.

  4. Enter additional properties to pass to the Java Virtual Machine (JVM) in the Additional Properties section.

    Valid properties are dependent upon the type of realm selected in the Default Realm field. Valid properties are discussed in the following sections:

  5. Select Save to save the changes or Load Defaults to restore the default values.

ProcedureTo grant access to administration tools

Only users in the asadmin group are able to access Admin Console and the asadmin command line utility.

To give a user access to these administration tools, add them to the asadmin group in the admin-realm.

  1. In the Admin Console tree component, expand the Configuration node.

  2. Expand the Security node.

  3. Expand the Realms node.

  4. Select the admin-realm node.

  5. Click the Manage Users button from the Edit Realm page.

    Initially after installation, the administrator user name and password entered during installation are listed in a file named admin-keyfile. By default, this user belongs to the group asadmin, which gives rights to modify the Application Server. Assign users to this group only if you want to grant them administrator privileges for the Application Server.

    If you add users to the admin-realm realm, but assign the user to a group other than asadmin, the user information will still be written to the file named admin-keyfile, but the user will have no access to administrative tools or to applications in the file realm.

  6. Click New to add a new user to the admin-realm realm.

  7. Enter the correct information into the User ID, Password, and Group List fields.

    To authorize a user to make modifications to the Application Server, include the asadmin group in the Group List.

  8. Click OK to add this user to the admin-realm realm or click Cancel to quit without saving.