1. Administering System Security
2. Administering User Security
3. Administering Message Security
4. Administering Security in Cluster Mode
5. Managing Administrative Security
Secure Administration Overview
How Secure Admin Works: The Big Picture
Functions Performed by Secure Admin
Which Administration Account is Used?
What Authentication Methods Are Used for Secure Administration?
Understanding How Certificate Authentication is Performed
Self-Signed Certificates and Trust
An Alternate Approach: Using Distinguished Names to Specify Certificates
Guarding Against Unwanted Connections
Prerequisites for Running Secure Admin
An Alternate Approach: Using A User Name and Password for Internal Authentication and Authorization
Example of Running enable-secure-admin
Additional Considerations When Creating Local Instances
Upgrading an SSL-Enabled Secure GlassFish Installation to Secure Admin
6. Running in a Secure Environment
In GlassFish Server, the default admin account is username "admin" with an empty password. Admin clients provide empty credentials or none at all, and all are authenticated and authorized as that default admin user. None of the participants (clients, DAS, or instances) encrypts network messages.
If this level of security is acceptable in your environment, no changes are needed and you do not need to enable secure administration. Imposing a heightened level of security is optional.
However, consider Table 5-2, which shows which operations are accepted and rejected when secure admin is disabled.
Note - When secure admin is disabled, GlassFish Server does allow remote monitoring (read-only) access via the REST interface.
Table 5-2 Accepted and Rejected Operations if Secure Admin is Disabled
|