1. Administering System Security
About System Security in GlassFish Server
JSR 196 Server Authentication Modules
Understanding Master Password Synchronization
Using the Default Master Password
Saving the Master Password to a File
Using the Master Password When Creating a Domain
Web Browsers and Password Storage
Java Authorization Contract for Containers
Working With the server.policy Policy File
Changing the Default Permissions
Custom Authentication of Client Certificate in SSL Mutual Authentication
Understanding the AppservCertificateLoginModule Class
Example AppservCertificateLoginModule Code
Tools for Managing System Security
Additional Considerations for the start-instance and start-cluster Subcommands
Using start-instance and start-cluster With a Password File
To Change an Administration Password
Administering JSSE Certificates
To Generate a Certificate by Using keytool
To Sign a Certificate by Using keytool
To Delete a Certificate by Using keytool
Administering JACC Providers From the Administration Console
Administering JACC Providers from the Command Line
2. Administering User Security
3. Administering Message Security
4. Administering Security in Cluster Mode
5. Managing Administrative Security
6. Running in a Secure Environment
There are multiple ways to administer passwords. You can rely on administrators to keep passwords secret and change the passwords regularly. You can set up files for storing passwords so that asadmin subcommands can access these files rather than having users type the commands. You can encrypt passwords by setting up aliases so that sensitive passwords are not visible in the domain.xml file.
The following topics are addressed here:
The master password gives access to the keystore used with the domain. This password is not tied to a UNIX user. You should treat this overall shared password as sensitive data. GlassFish Server never uses it for authentication and never transmits it over the network.
You can choose to type the password manually when required, or to obscure the password in a password file. If there is no password file, you are prompted for the master password. If there is a password file, but you want to change access to require prompting, remove the file. The default master password is changeit.
When changing the master password, it has to be changed on all nodes as well as on the DAS. The master password on nodes is only stored once in the node, for all instances that are on that node.
Use the change-master-password subcommand in local mode to modify the master password.
Note - If you change the master password and are not using a master password file, the start-instance and start-cluster subcommands are not able to determine the master password. In this case, you must start those instances locally by using start-local-instance.
When the master password is saved, it is saved in the master-password file.
Before You Begin
This subcommand will not work unless the domain is stopped.
See To Stop a Domain in Oracle GlassFish Server 3.1 Administration Guide.
You are prompted for the old and new passwords. All dependent items are re-encrypted.
See To Start a Domain in Oracle GlassFish Server 3.1 Administration Guide.
Example 1-2 Changing the Master Password
The change-master-password subcommand is interactive in that you are prompted for the old master password as well as the new master password. This example changes the master password for domain44ps:
asadmin> change-master-password domain44ps
If you have already logged into the domain using the login login(1) subcommand, you are prompted for the new master password:
Please enter the new master password> Please enter the new master password again>
If you are not logged into the domain, you are prompted for both the old and the new master passwords:
Please enter the master password> Please enter the new master password> Please enter the new master password again>
Information similar to the following is displayed:
Master password changed for domain44ps
See Also
You can also view the full syntax and options of the subcommand by typing asadmin --help change-master-password at the command line.
If you change the master password for DAS, the start-domain and start-local-instance subcommands allow you to provide it during domain or instance startup in one of three ways:
Via the master-password file
By entering it interactively
Via the asadmin passwordfile
The start-instance and start-cluster subcommands are more problematic. If you create a domain with a master password other than the default, an associated remote instance or cluster must have access to the master password in order to start. However, for security reasons GlassFish Server never transmits the master password or the master password file over the network.
Consider the following scenario:
Change the master password on the DAS and save it with -–savemasterpassword.
Create an instance on another host using the subcommand create-instance. GlassFish Server copies the keystore and truststore from the DAS to the instance, but it does not copy the master password file.
Try to start the instance using the start-instance subcommand. An error results.
The start-instance command is looking for the file master-password in the node directory on the instance machine, and it is not there by default. Therefore, the subcommand fails.
You can use the change-master-password subcommand to make sure the correct password is used in this password file, as described in Using start-instance and start-cluster With a Password File.
Note - The start-instance and start-cluster subcommands do not include any other way for you to provide the password. If you change the master password and are not using a master password file, the start-instance and start-cluster subcommands are not able to determine the master password. In this case, you must start the instances locally by using start-local-instance.
Assume that you have changed the master password on the DAS and you want to make the same change for all instances.
The start-instance and start-cluster subcommands automatically use the master password file if it exists in the instance filesystem. You can use the change-master-password subcommand to make sure the password file exists and that the correct password is used.
asadmin> create-domain --savemasterpassword true domain-name
asadmin> start-domain domain-name
asadmin> create-node-ssh --nodehost host-name --installdir /some-dir node-name
asadmin> create-instance --node node-name instance-name
asadmin> change-master-password --savemasterpassword true --nodedir /some-dir node-name
You are prompted to enter the current and new master password:
Enter the current master password>
Enter the new master password>
Enter the new master password again>
Command change-master-password executed successfully.
Remember that when you created the domain you specified a new master password. This master password was then used to encrypt the keystore and truststore for the DAS, and these stores were copied to the instance as a result of the create-instance subcommand.
Therefore, enter the master password you set when you created the domain as both the current master password and again as the new master password. You enter it as the new master password because you do not want to change the master password for the instance and make it out of sync with the DAS.
asadmin> start-instance instance-name
The master password file is associated with the node and not with an instance. After the master password file exists in the node directory on the instance machine, additional instances can be created, started and stopped from the DAS.
Use the change-admin-password subcommand in remote mode to change an administration password. The default administration password is admin. You are prompted for the old and new admin passwords, with confirmation. The passwords are not echoed to the display.
Note - If you accepted the default admin user with no password during zip installation, you can add a password to this user. If there is a single user called admin that does not have a password, you are not prompted for login information. Any other situation requires login.
Encrypting the admin password is strongly encouraged.
Before You Begin
If you want to change the admin password before creating an alias for the password (encrypting), you can use the set subcommand with syntax similar to the following:
asadmin set --user admin server.jms-service.jms-host.default_JMS_host.admin-password= new_pwd
Remote subcommands require a running server.
See To Restart a Domain in Oracle GlassFish Server 3.1 Administration Guide.
Example 1-3 Changing the Admin Password
This example changes the admin password for user anonymous from adminadmin to newadmin:
asadmin> change-admin-password --username anonymous
You are prompted to enter the old and the new admin passwords:
Enter admin password>adminadmin Enter new admin password>newadmin Enter new admin password again>newadmin
Information similar to the following is displayed:
Command change-admin-password executed successfully.
See Also
You can also view the full syntax and options of the subcommand by typing asadmin help change-admin-password at the command line.
Instead of typing the password at the command line, you can access the password for a command from a file such as passwords.txt. The --passwordfile option of the asadmin utility takes the name of the file that contains the passwords. The entry for a password in the file must have the AS_ADMIN_ prefix followed by the password name in uppercase letters.
The following other types of passwords can be specified:
AS_ADMIN_MASTERPASSWORD AS_ADMIN_USERPASSWORD AS_ADMIN_ALIASPASSWORD
For example, to specify the password for the domain administration server (DAS), add an entry similar to the following to the password file, where adminadmin is the administrator password:
AS_ADMIN_PASSWORD=adminadmin
You can now specify the password file in an asadmin subcommand. In this example, passwords.txt is the file that contains the password:
asadmin>delete-jdbc-resource --user admin --password passwords.txt jdbc/DerbyPool
Troubleshooting
If AS_ADMIN_PASSWORD has been exported to the global environment, specifying the --passwordfile option will produce a warning about using the --passwordfile option. To prevent this warning situation from happening, unset AS_ADMIN_PASSWORD.
A password alias is used to indirectly access a password so that the password itself does not appear in cleartext in the domain's domain.xml configuration file.
Storing passwords in cleartext format in system configuration files is common in many open source projects. In addition to GlassFish Server, Apache Tomcat, Maven, and Subversion, among others, store and pass passwords in cleartext format. However, storing and passing passwords in cleartext can be a security risk, and may violate some corporate security policies. In such cases, you can use password aliases.
The following topics are addressed here:
Use the create-password-alias subcommand in remote mode to create an alias for a password in the domain's keystore. The password corresponding to the alias name is stored in an encrypted form in the domain configuration file. The create-password-alias subcommand takes both a secure interactive form, in which users are prompted for all information, and a more script-friendly form, in which the password is propagated on the command line.
You can also use the set(1) subcommand to remove and replace the password in the configuration file. For example:
asadmin set --user admin server.jms-service.jms-host.default_JMS_host. admin-password='${ALIAS=jms-password}'
Remote subcommands require a running server.
By default, the configuration file is located in domain-dir/config.
For example, assume the use of a password file such as passwords.txt. Assume further that you want to add an alias for the AS_ADMIN_USERPASSWORD entry that is read by the create-file-user(1) subcommand. You would add the following line to the password file: AS_ADMIN_USERPASSWORD=${ALIAS=user-password-alias}, where user-password-alias is the new password alias.
You could use this method to create several users (user1, user2, and so forth), all with the same password.
asadmin> --passwordfile passwords.txt create-file-user user1
Example 1-4 Creating a Password Alias
This example creates the new jms-password alias for the admin user:
asadmin> create-password-alias --user admin jms-password
You are prompted to type the password for the alias:
Please enter the alias password>secret-password Please enter the alias password again>secret-password Command create-password-alias executed successfully.
See Also
You can also view the full syntax and options of the subcommand by typing asadmin help create-password-alias at the command line.
Use the list-password-aliases subcommand in remote mode to list existing the password aliases.
Remote subcommands require a running server.
Example 1-5 Listing Password Aliases
This example lists the existing password aliases:
asadmin> list-password aliases jmspassword-alias Command list-password-aliases executed successfully
See Also
You can also view the full syntax and options of the subcommand by typing asadmin help list-password-aliases at the command line.
Use the delete-password-alias subcommand in remote mode to delete an existing password alias.
Remote subcommands require a running server.
Example 1-6 Deleting a Password Alias
This example deletes the password alias jmspassword-alias:
asadmin> delete-password-alias jmspassword-alias Command list-password-aliases executed successfully
See Also
You can also view the full syntax and options of the subcommand by typing asadmin help delete-password-alias at the command line.
Use the update-password-alias subcommand in remote mode to change the password for an existing password alias. The update-password-alias subcommand takes both a secure interactive form, in which the user is prompted for all information, and a more script-friendly form, in which the password is propagated on the command line.
Remote subcommands require a running server.
Example 1-7 Updating a Password Alias
This example updates the password for the jmspassword-alias alias:
asadmin> update-password-alias jsmpassword-alias
You are prompted to type the new password for the alias:
Please enter the alias password>new-secret-password Please enter the alias password again>new-secret-password Command update-password-alias executed successfully
See Also
You can also view the full syntax and options of the subcommand by typing asadmin help update-password-alias at the command line.