Configuring Security for GlassFish REST Interface
By rajeshwar on Aug 21, 2009
Note: By default only anonymous is defined in admin-realm and anonymous user may not require password.
Add user using Admin Console
To add user using Admin Console follow these steps.
1. Start GlassFish and Admin Console. You can start the Admin Console by starting a web browser and specifying the URL http://localhost:4848/asadmin .
Note: We are assuming default admin port, 4848 through out this blog. If you changed the default admin, type the correct port number in place of 4848.
2. Go to Configuration-->Secuirty-->Realms node, then select the admin-realm realm.
3. Click the Manage Users button.
4. Click New to add a new user to the realm and provide the User ID and the New Password.
5. Click OK to add this user to the realm.
Add user using asadmin Client
1. Start GlassFish.
2. Execute the following command to create admin-realm user. You need to provide username and password for this new user.
<GlassFish_Install_Root>/glassfishv3/bin/asadmin create-file-user --groups asadmin --authrealmname admin-realm admin
Once you defined the admin-realm user, you need that user name and its password to access REST interface. Browser will pop-up, Authentication Required, dialog on first REST interface request.
To enable SSL, you need to enable security for admin-listener. You can enable security for admin-listener using any of the following.
Enable Security using Admin Console
1. Start Admin Console.
2. Go to Configuration-->Network Config-->Protocols node, then select the admin-listener node.
3. Select Protocol tab in the right-hand-side window, if its not already selected. Select Enabled value for Security by clicking the check-box.
4. Click Save to enable security for admin-listener.
5. Restart server.
Go to Application Server node.
Select General tab in the right-hand-side window, if its not already selected and click Restart button.
Enable Security using asadmin client
1. Use following asadmin set command to enable security for admin-listener.
asadmin set server-config.network-config.protocols.protocol.admin-listener.security-enabled=true
2. Restart server.
Enable Security using REST Interface
1. Start web browser and specify the following url
2. Select true for security-enabled field.
3. Click Update to enable security for admin-listener.
4. Restart server.
Access the following resource url through browser and click the Restart button.
Once you enabled security for admin-listener, you should be able to use https for REST interface urls. Of course, you have to accept the certificate presented by browser.
To summarize, we can secure REST interface access through basic authentication over secure channel by defining new admin-realm user and enabling security for admin-listener.