Skip to main content

LOTD #19: Securing GlassFish Installation

Posted by arungupta on April 7, 2009 at 10:16 AM PDT



Found great (old) blogs ( href="http://weblogs.java.net/blog/kalali/archive/2007/12/how_to_secure_g_1.html">part
1, href="http://weblogs.java.net/blog/kalali/archive/2008/02/how_to_secure_g.html">part
2) by Masoud Kalali that discusses the different ways to
secure a GlassFish
installation.



Changing master password and admin console passwords (both web-based
and CLI) are two fairly trivial operations:


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
/tmp/glassfish > style="font-weight: bold;">./bin/asadmin
change-master-password

Please enter the new master password>changeit2

Please enter the new master password again>changeit2

Master password changed for domain domain1



and


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
/tmp/glassfish > style="font-weight: bold;">./bin/asadmin
change-admin-password

Please enter the old admin password>adminadmin

Please enter the new admin password>adminadmin2

Please enter the new admin password again>adminadmin2

Updated .asadminpass file with new password.

Command change-admin-password executed successfully.



And then the blog discusses how to secure administration listener using
client-cert authentication or mutual authentication, reduce the
visibility of listeners (as appropriate), and other similar techniques.
Read  href="http://weblogs.java.net/blog/kalali/archive/2007/12/how_to_secure_g_1.html">Part
1 and href="http://weblogs.java.net/blog/kalali/archive/2008/02/how_to_secure_g.html">Part
2.



The href="http://docs.sun.com/app/docs/doc/820-4335/ablsw?a=browse">GlassFish
Administration Guide provide more details on how to manage
your GlassFish installation!



Technorati:
glassfish
administration
security

Related Topics >>