1. Administering System Security
2. Administering User Security
3. Administering Message Security
4. Administering Security in Cluster Mode
5. Managing Administrative Security
Secure Administration Overview
How Secure Admin Works: The Big Picture
Functions Performed by Secure Admin
Which Administration Account is Used?
What Authentication Methods Are Used for Secure Administration?
Understanding How Certificate Authentication is Performed
Self-Signed Certificates and Trust
An Alternate Approach: Using Distinguished Names to Specify Certificates
Guarding Against Unwanted Connections
Considerations When Running GlassFish Server With Default Security
Prerequisites for Running Secure Admin
An Alternate Approach: Using A User Name and Password for Internal Authentication and Authorization
Example of Running enable-secure-admin
Upgrading an SSL-Enabled Secure GlassFish Installation to Secure Admin
6. Running in a Secure Environment
If you use xxx-local-instance commands to set up local instances, either leave secure admin disabled, or enable it before you create or start the instances and leave it that way.
However, if you use xxx-instance commands over SSH to manage remote instances, you can enable and disable secure admin, although this is not recommended because it can result in an inconsistent security model.