| Exit Print View | |
Sun GlassFish Enterprise Server v3 Administration Guide |
|
|
|
1. Overview of Enterprise Server Administration
Default Settings and Locations
Instructions for Administering Enterprise Server
4. Administering the Virtual Machine for the Java Platform
6. Administering Web Applications
7. Administering the Logging Service
8. Administering the Monitoring Service
9. Administering Life Cycle Modules
10. Extending Enterprise Server
Part II Security Administration
11. Administering System Security
12. Administering User Security
Administering Authentication Realms
To Create an Authentication Realm
To Update an Authentication Realm
To Delete an Authentication Realm
To Configure a JDBC or Digest Authentication Realm
13. Administering Message Security
Part III Resources and Services Administration
14. Administering Database Connectivity
15. Administering EIS Connectivity
16. Administering Internet Connectivity
17. Administering the Object Request Broker (ORB)
18. Administering the JavaMail Service
19. Administering the Java Message Service (JMS)
20. Administering the Java Naming and Directory Interface (JNDI) Service
21. Administering Transactions
A user is an individual (or application program) identity that is defined in Enterprise Server. A user who has been authenticated is sometimes called a principal.
As the administrator, you are responsible for integrating users into the Enterprise Server environment so that their credentials are securely established and they are provided with access to the applications and services that they are entitled to use.
The following tasks are used to manage users:
Use the create-file-user subcommand in remote mode to create a new user by adding a new entry to the keyfile. The entry includes the user name, password, and any groups for the user. Multiple groups can be specified by separating the groups with colons (:).
Creating a new file realm user is a dynamic event and does not require server restart.
Ensure that the server is running.
Remote subcommands require a running server.
If the user will belong to a particular group, see the current groups
by using the 
list-file-groups(1) subcommand.
Create a file user by using the create-file-user(1) subcommand.
This example create user Jennifer on the default realm file (no groups are specified).
asadmin> create-file-user --user admin --passwordfile=c:\tmp\asadminpassword.txt Jennifer Command create-file-user executed successfully.
You can also view the full syntax and options of the subcommand by typing asadmin help create-file-user at the command line.
Use the list-file-users subcommand in remote mode to list the users that are in the keyfile.
Ensure that the server is running.
Remote subcommands require a running server.
List users by using the list-file-users(1) subcommand.
This example lists file users on the default file realm file.
asadmin> list-file-users Jennifer Command list-file-users executed successfully.
You can also view the full syntax and options of the subcommand by typing asadmin help list-file-users at the command line.
A group is a category of users classified by common traits, such as job title or customer profile. For example, users of an e-commerce application might belong to the customer group, and the big spenders might also belong to the preferred group. Categorizing users into groups makes it easier to control the access of large numbers of users. A group is defined for an entire server and realm. A user can be associated with multiple groups of users.
A group is different from a role in that a role defines a function in an application, while a group is a set of users who are related in some way. For example, in the personnel application there might be groups such as full-time, part-time, and on-leave. Users in these groups are all employees (the employee role). In addition, each user has its own designation that defines an additional level of employment.
Use the list-file-groups subcommand in remote mode to list groups for a file user, or all file groups if the --name option is not specified.
Ensure that the server is running.
Remote subcommands require a running server.
List file groups by using the list-file-groups(1) subcommand.
This example lists the groups for user joesmith.
asadmin> list-file-groups --name joesmith staff manager Command list-file-groups executed successfully
Use the update-file-user subcommand in remote mode to modify the information in the keyfile for a specified user.
Ensure that the server is running.
Remote subcommands require a running server.
Update the user information by using the update-file-user(1) subcommand.
To apply your changes, restart Enterprise Server.
See To Restart a Domain.
The following subcommand updates the groups for user Jennifer.
asadmin> update-file-user --passwordfile c:\tmp\asadminpassword.txt --groups staff:manager:engineer Jennifer Command update-file-user executed successfully.
You can also view the full syntax and options of the subcommand by typing asadmin help update-file-user at the command line.
Use the delete-file-user subcommand in remote mode to remove a user entry from the keyfile by specifying the user name. You cannot delete yourself, that is, the user you are logged in as cannot be deleted during your session.
Ensure that the server is running.
Remote subcommands require a running server.
List users by using the list-file-users(1) subcommand.
Delete the user by using the delete-file-user(1) subcommand.
This example deletes user Jennifer from the default file realm.
asadmin> delete-file-user Jennifer Command delete-file-user executed successfully.
You can also view the full syntax and options of the subcommand by typing asadmin help delete-file-user at the command line.
|
|