JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle GlassFish Server 3.1 Security Guide
search filter icon
search icon

Document Information


1.  Administering System Security

2.  Administering User Security

3.  Administering Message Security

4.  Administering Security in Cluster Mode

5.  Managing Administrative Security

Secure Administration Overview

How Secure Admin Works: The Big Picture

Functions Performed by Secure Admin

Which Administration Account is Used?

What Authentication Methods Are Used for Secure Administration?

Understanding How Certificate Authentication is Performed

What Certificates Are Used?

Self-Signed Certificates and Trust

Using Your Own Certificates

An Alternate Approach: Using Distinguished Names to Specify Certificates

Guarding Against Unwanted Connections

Considerations When Running GlassFish Server With Default Security

Running Secure Admin

Prerequisites for Running Secure Admin

An Alternate Approach: Using A User Name and Password for Internal Authentication and Authorization

Example of Running enable-secure-admin

Additional Considerations When Creating Local Instances

Secure Admin Use Case

Upgrading an SSL-Enabled Secure GlassFish Installation to Secure Admin

6.  Running in a Secure Environment

7.  Integrating Oracle Access Manager


Secure Admin Use Case

This section describes a simple secure admin use case.

In the asadmin --secure=false --user me --passwordfile myFile.txt cmd ... use case, the user submits a command with --secure set to false, and supplies password credentials.

The important concept to note is that asadmin uses HTTPS because of the DAS redirection, even though the command sets --secure to false. asadmin sends the HTTP Authorization header along with the redirected request.

In addition to the flow described here, certificate authentication is also performed as described in Table 5-3. Also, the credentials that the user supplies are assumed to be valid administrator credentials for the DAS.

Table 5-3 asadmin --secure=false, With Username and Password

Sends HTTP request, no authorization header (because the transport is not secure).
Returns 3xx status and redirects HTTP to HTTPS.
Follows redirection, this time adding the Authorization header (because transport is now HTTPS).
Authenticates admin user and password from HTTP Authorization header in the realm Executes command, and responds with success status.