By arungupta on Apr 06, 2009
Found great (old) blogs (part 1, part 2) by Masoud Kalali that discusses the different ways to secure a GlassFish installation.
Changing master password and admin console passwords (both web-based and CLI) are two fairly trivial operations:
Please enter the new master password>changeit2
Please enter the new master password again>changeit2
Master password changed for domain domain1
Please enter the old admin password>adminadmin
Please enter the new admin password>adminadmin2
Please enter the new admin password again>adminadmin2
Updated .asadminpass file with new password.
Command change-admin-password executed successfully.
And then the blog discusses how to secure administration listener using client-cert authentication or mutual authentication, reduce the visibility of listeners (as appropriate), and other similar techniques. Read Part 1 and Part 2.
The GlassFish Administration Guide provide more details on how to manage your GlassFish installation!
Technorati: glassfish administration security