A Thought a Day ...: Kedar Mhaswade's Weblog

GlassFish v3 is nearing its FCS. Though primarily considered a development platform, it has several deployment features. One such feature is administrative security. Through my various interactions, it is clear that users are rather confused about the asadmin passwords, how asadmin communicates to the server, how server can be configured to use a (corporate) LDAP to authenticate (and authorize) administrative access to GlassFish domains (a GF domain or domain or a server mean the same thing) and so on.

Through a series of posts, I plan to undertake a rather mammoth task and i.e. unravel the secrets of how GlassFish admin security works. At times, I may digress into other details about how GlassFish v3 works, but only when that kind of detail is required. This series of blog-posts (titled: GlassFish v3: Elements of Administrative Security ...) will hopefully answer all your questions regarding admin security of GlassFish and will increase your confidence of deploying GlassFish in production.

I am not going to go through the terminology here because several good resources exist for that. For example, I assume the reader to be (somewhat) familiar with terms like authentication, authorization, SSL, Java EE security, LDAP etc. If not, please familiarize yourself with them first. The series has been designed to guide you from development to production, i.e. we start with downloading and unzipping a GlassFish v3 bundle (e.g. glassfish.zip), running some applications, getting comfortable with GlassFish as a development environment and then move over to production. We won't spend much time on being comfortable with development, however, since there are plenty of excellent resources available on blogs.sun.com and elsewhere for the same. It's the deployment that is of essence to this series.

Here are the topics that appear in this series (when a blog-post for a particular topic is available, it will be linked to from here):
1. Administrative clients of GlassFish v3 (How you can invoke into administration backend)
2. The common administration security gate (aka, the backend that handles all administrative accesses)
3. Passwords, passwords, passwords (a survey of various GlassFish passwords, with focus on administration)
4. Managing administrative users (creating/deleting/modifying admin users and changing their passwords)
5. Configuring (corporate) LDAP (using LDAP as the authentication and authorization backend)
6. Troubleshooting FAQ (your one-stop shop to troubleshoot problems)
8. GlassFish v3 Admin Best Practices

Finally, the Disclaimer: I don't know much of LDAP, so some deficiencies are going to be there. This is the brain-dump of the lead developer who has contributed to this aspect of GlassFish administration. Of course, several others have contributed to this directly or indirectly and I thank all of them in advance.