GlassFish v3: Elements of Administrative Security ...

GlassFish v3 is nearing its FCS. Though primarily considered a development platform, it has several deployment features. One such feature is administrative security. Through my various interactions, it is clear that users are rather confused about the asadmin passwords, how asadmin communicates to the server, how server can be configured to use a (corporate) LDAP to authenticate (and authorize) administrative access to GlassFish domains (a GF domain or domain or a server mean the same thing) and so on.

Through a series of posts, I plan to undertake a rather mammoth task and i.e. unravel the secrets of how GlassFish admin security works. At times, I may digress into other details about how GlassFish v3 works, but only when that kind of detail is required. This series of blog-posts (titled: GlassFish v3: Elements of Administrative Security ...) will hopefully answer all your questions regarding admin security of GlassFish and will increase your confidence of deploying GlassFish in production.

I am not going to go through the terminology here because several good resources exist for that. For example, I assume the reader to be (somewhat) familiar with terms like authentication, authorization, SSL, Java EE security, LDAP etc. If not, please familiarize yourself with them first. The series has been designed to guide you from development to production, i.e. we start with downloading and unzipping a GlassFish v3 bundle (e.g. glassfish.zip), running some applications, getting comfortable with GlassFish as a development environment and then move over to production. We won't spend much time on being comfortable with development, however, since there are plenty of excellent resources available on blogs.sun.com and elsewhere for the same. It's the deployment that is of essence to this series.

    Here are the topics that appear in this series (when a blog-post for a particular topic is available, it will be linked to from here):
  1. Administrative clients of GlassFish v3 (How you can invoke into administration backend)
  2. The common administration security gate (aka, the backend that handles all administrative accesses)
  3. Passwords, passwords, passwords (a survey of various GlassFish passwords, with focus on administration)
  4. Managing administrative users (creating/deleting/modifying admin users and changing their passwords)
  5. Configuring (corporate) LDAP (using LDAP as the authentication and authorization backend)
  6. Troubleshooting FAQ (your one-stop shop to troubleshoot problems)
  7. GlassFish v3 Admin Best Practices
Finally, the Disclaimer: I don't know much of LDAP, so some deficiencies are going to be there. This is the brain-dump of the lead developer who has contributed to this aspect of GlassFish administration. Of course, several others have contributed to this directly or indirectly and I thank all of them in advance.
Comments:

We are having problems in setting up LDAPS between our GF v.2.1 and AD server. Can you direct us to a link where these issues are discussed.

Many thanks

Julian Curmi

Posted by Julian Curmi on August 10, 2010 at 09:17 PM PDT #

Hello,
Nice to see your blog. clean and very informational.
I am looking for deployment scripts for glassfish servers. i.e scripts to start/stop servers, deploy application, copy jar/war files to lib folders, delete files form a specific location, update properties files etc .
pls let me know your thoughts.. Appreciate your help.

Posted by Vinay on October 02, 2010 at 04:02 AM PDT #

Post a Comment:
Comments are closed for this entry.
About

Welcome to my blog where mostly my work related thoughts are expressed.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today