1. Administering System Security
2. Administering User Security
3. Administering Message Security
4. Administering Security in Cluster Mode
Configuring Certificates in Cluster Mode
5. Managing Administrative Security
6. Running in a Secure Environment
Administrative commands that you execute on the domain administration server (DAS) must either be replicated on the affected server instances, or on all server instances that are part of the cluster. GlassFish Server replicates the commands by sending the same administration command request that was sent to the DAS to the server instances. As a result of replicating the commands on the DAS and the individual instances, the DAS and the instances make the same changes to their respective copies of the domain's configuration.
Note - Oracle recommends that you enable secure admin as described in Chapter 5, Managing Administrative Security so that GlassFish Server securely transfers these files on the network.
Dynamic reconfiguration refers to using the --target operand to CLI subcommands to make a change to a server instance (if the user-specified target is a server instance), or all server instances that are part of the cluster (if the user-specified target is a cluster). For example: asadmin create-jdbc-resource some-options --target some-target.
The --target operand allows the following values:
server – Performs the command on the default server instance. This is the default value.
configuration_name – Performs the command in the specified configuration.
cluster_name – Performs the command on all server instances in the specified cluster.
instance_name – Performs the command on a specified server instance.
If a command fails for a cluster, the status shows all server instances where dynamic reconfiguration failed, and suggests corrective next steps.
The command status also shows when a restart is required for each server instance.
The --target operand is supported for the following security-related CLI subcommands:
create-jacc-provider
delete-jacc-provider
list-jacc-providers
create-audit-module
create-auth-realm
create-file-user
delete-audit-module
delete-auth-realm
delete-file-user
update-file-user
create-message-security-provider
delete-message-security-provider
list-audit-modules
list-file-groups
list-file-users
login
Dynamic configuration is enabled by default and no additional action is required.
Use the following command to enable dynamic configuration from the command line:
asadmin --user user --passwordfile password-file set cluster-name-config.dynamic-reconfiguration-enabled=true.
To enable dynamic configuration from the Administration Console, perform the following steps:
Expand the Configurations node.
Click the name of the cluster's configuration.
On the Configuration System Properties page, check the Dynamic Reconfiguration Enabled box.
Click Save