1. Administering System Security
2. Administering User Security
3. Administering Message Security
4. Administering Security in Cluster Mode
5. Managing Administrative Security
6. Running in a Secure Environment
Determining Your Security Needs
Hire Security Consultants or Use Diagnostic Software
Procedure To Remove an Installed Component
Remove Services You Are Not Using
Run on the Web Profile if Possible
Securing the GlassFish Server Host
This section describes recommendations for installing GlassFish Server in a secure environment. The following topic is described:
The secure administration feature allows an administrator to secure all administrative communication between the domain administration server (DAS), any remote instances, and administration clients such as the asadmin utility, the administration console, and REST clients. In addition, secure administration helps to prevent DAS-to-DAS and instance-to-instance traffic, and carefully restricts administration-client-to-instance traffic.
When you install GlassFish Server or create a new domain, secure admin is disabled by default. GlassFish Server does not encrypt administrative communication among the system components and does not accept administrative connections from remote hosts. Imposing a heightened level of security is optional.
See Chapter 5, Managing Administrative Security for information on enabling the secure administration feature.