Configuring Security for GlassFish REST Interface

GlassFish_REST_Interface_Security GlassFish REST Interface supports basic authentication over secure channel. GlassFish REST inerface is exposed through admin adapter. To enable authentication, you need to define admin-realm user.  You can define admin-realm user using any of the following.
Note: By default only anonymous is defined in admin-realm and anonymous user may not require password.

Add user using Admin Console

To add user using Admin Console follow these steps.
1. Start GlassFish and Admin Console. You can start the Admin Console by starting a web browser and specifying the URL http://localhost:4848/asadmin .
Note: We are assuming default admin port, 4848 through out this blog. If you changed the default admin, type the correct port number in place of 4848.
2. Go to Configuration-->Secuirty-->Realms node, then select the admin-realm realm.
3. Click the Manage Users button.
4. Click New to add a new user to the realm and provide the User ID and the New Password.
5. Click OK to add this user to the realm.

Add user using asadmin Client
1. Start GlassFish.
2. Execute the following command to create admin-realm user. You need to provide username and password for this new user.
<GlassFish_Install_Root>/glassfishv3/bin/asadmin create-file-user --groups asadmin --authrealmname admin-realm admin

Once you defined the admin-realm user, you need that user name and its password to access REST interface.  Browser will pop-up, Authentication Required, dialog on first REST interface request.



To enable SSL, you need to enable security for admin-listener. You can enable security for admin-listener using any of the following.

Enable S
ecurity using Admin Console
1. Start Admin Console.
2. Go to Configuration-->Network Config-->Protocols node, then select the admin-listener node.
3. Select Protocol tab in the right-hand-side window, if its not already selected.  Select Enabled value for Security by clicking the check-box.
4. Click Save to enable security for admin-listener.
5. Restart server.
    Go to Application Server node.
    Select General tab in the right-hand-side window, if its not already selected and click Restart button.   

Enable Security using asadmin client
1. Use following asadmin set command to enable security for admin-listener.
    asadmin set server-config.network-config.protocols.protocol.admin-listener.security-enabled=true 
2. Restart server.
    asadmin restart-domain

Enable S
ecurity using REST Interface
1. Start web browser and specify the following url          
http://localhost:4848/management/domain/configs/config/server-config/network-config/protocols/protocol/admin-listener

2. Select true for security-enabled field.
3. Click Update to enable security for admin-listener.
4. Restart server.
     Access the following resource url through browser and click the Restart button.
     http://localhost:4848/management/domain/restart
   
Once you enabled security for admin-listener, you should be able to use https for REST interface urls. Of course, you have to accept the certificate presented by browser.


To summarize, we can secure REST interface access through basic authentication over secure channel by defining new admin-realm user and enabling security for admin-listener.


Comments:

Configuring Security for GlassFish REST Interface is such an important thing to do...

Posted by רפידות גובה on August 21, 2009 at 02:32 PM PDT #

How much of that setup can you do using the RESTful interface?

Posted by Alexis MP on September 02, 2009 at 09:30 PM PDT #

Sorry,I had to use this blog to reach you.Contact me on my email id at the earliest.

Posted by D A CHITAMBAR on November 21, 2009 at 01:58 PM PST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

rajeshwar

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today