Found great (old) blogs (part 1, part 2) by Masoud Kalali that discusses the different ways to secure a GlassFish installation.
Changing master password and admin console passwords (both web-based and CLI) are two fairly trivial operations:
| /tmp/glassfish >./bin/asadmin change-master-password Please enter the new master password>changeit2 Please enter the new master password again>changeit2 Master password changed for domain domain1 |
and
| /tmp/glassfish >./bin/asadmin change-admin-password Please enter the old admin password>adminadmin Please enter the new admin password>adminadmin2 Please enter the new admin password again>adminadmin2 Updated .asadminpass file with new password. Command change-admin-password executed successfully. |
And then the blog discusses how to secure administration listener using client-cert authentication or mutual authentication, reduce the visibility of listeners (as appropriate), and other similar techniques. Read Part 1 and Part 2.
The GlassFish Administration Guide provide more details on how to manage your GlassFish installation!
Technorati: glassfish administration security
- Glassfish Installation Report
- GlassFish asadmin CLI-driven Cluster Setup
- TOTD #104: Popular Ruby-on-Rails applications on GlassFish v3 – Redmine, Typo, Substruct
- LOTD #17: Sun GlassFish Enterprise Server Administration and Deployment Course – SAS 4455
- LOTD #1: Using Silverlight to access GlassFish Metro and JAX-WS Web service endpoints
thank you
Comment by neon — April 26, 2009 @ 2:11 pm
thank you
Comment by neon tabela — April 26, 2009 @ 2:12 pm
thanks you man
Comment by Seslichat — May 2, 2009 @ 8:58 am