JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle GlassFish Server 3.1 Security Guide
search filter icon
search icon

Document Information


1.  Administering System Security

2.  Administering User Security

3.  Administering Message Security

4.  Administering Security in Cluster Mode

5.  Managing Administrative Security

Secure Administration Overview

How Secure Admin Works: The Big Picture

Functions Performed by Secure Admin

Which Administration Account is Used?

What Authentication Methods Are Used for Secure Administration?

Understanding How Certificate Authentication is Performed

What Certificates Are Used?

Self-Signed Certificates and Trust

Using Your Own Certificates

An Alternate Approach: Using Distinguished Names to Specify Certificates

Guarding Against Unwanted Connections

Considerations When Running GlassFish Server With Default Security

Running Secure Admin

Prerequisites for Running Secure Admin

An Alternate Approach: Using A User Name and Password for Internal Authentication and Authorization

Example of Running enable-secure-admin

Additional Considerations When Creating Local Instances

Secure Admin Use Case

Upgrading an SSL-Enabled Secure GlassFish Installation to Secure Admin

6.  Running in a Secure Environment

7.  Integrating Oracle Access Manager


Considerations When Running GlassFish Server With Default Security

In GlassFish Server, the default admin account is username "admin" with an empty password. Admin clients provide empty credentials or none at all, and all are authenticated and authorized as that default admin user. None of the participants (clients, DAS, or instances) encrypts network messages.

If this level of security is acceptable in your environment, no changes are needed and you do not need to enable secure administration. Imposing a heightened level of security is optional.

However, consider Table 5-2, which shows which operations are accepted and rejected when secure admin is disabled.

Note - When secure admin is disabled, GlassFish Server does allow remote monitoring (read-only) access via the REST interface.

Table 5-2 Accepted and Rejected Operations if Secure Admin is Disabled

Run From Same System as DAS
Run From Remote System
Functions as expected
Cannot sync with DAS. The instance starts but cannot communicate with the DAS. DAS will not see the instance.
Any other asadmin subcommand
Functions as expected
Rejected. A user sees the username/password prompt, but even correct entries are rejected.
Commands that use SSH. For example, create-instance.
Functions as expected; requires prior SSH configuration.
Functions as expected; requires prior SSH configuration.